cadenero 0.0.2.b6 → 0.0.2.b7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. checksums.yaml +8 -8
  2. data/README.md +54 -9
  3. data/app/extenders/controllers/application_controller_decorator.rb +5 -1
  4. data/app/models/cadenero/auth_token.rb +35 -0
  5. data/app/models/cadenero/member.rb +1 -39
  6. data/app/models/cadenero/user.rb +1 -2
  7. data/app/models/cadenero/v1/account.rb +3 -46
  8. data/config/initializers/apartment.rb +3 -1
  9. data/config/initializers/warden/strategies/token_authentication.rb +35 -0
  10. data/config/initializers/warden.rb +1 -1
  11. data/db/migrate/20130612061604_create_cadenero_v1_accounts.rb +2 -2
  12. data/lib/cadenero/testing_support/authentication_helpers.rb +7 -7
  13. data/lib/cadenero/version.rb +1 -1
  14. data/spec/controllers/cadenero/v1/accounts_controller_spec.rb +1 -1
  15. data/spec/controllers/cadenero/v1/users_controller_spec.rb +1 -1
  16. data/spec/dummy/db/schema.rb +8 -8
  17. data/spec/dummy/db/seeds.rb +1 -1
  18. data/spec/dummy/log/development.log +37 -0
  19. data/spec/dummy/log/test.log +68034 -0
  20. data/spec/features/accounts/sign_up_spec.rb +2 -4
  21. data/spec/features/users/sign_in_spec.rb +106 -62
  22. data/spec/features/users/sign_up_spec.rb +3 -5
  23. data/spec/spec_helper.rb +2 -0
  24. metadata +4 -2
data/spec/features/accounts/sign_up_spec.rb CHANGED
@@ -1,16 +1,14 @@
1
1
  require 'spec_helper'
2
- require 'cadenero/testing_support/authentication_helpers'
3
2
 
4
3
  feature 'Accounts' do
5
- include Cadenero::TestingSupport::AuthenticationHelpers
6
4
 
7
5
  let(:errors_already_taken_subdomain) {{ errors: {subdomain:["has already been taken"]} }.to_json}
8
6
 
9
7
  scenario "creating an account" do
10
8
  sign_up_account
11
9
  expect(last_response.status).to eq 201
12
- expect(json_last_response_body).to have_content "authentication_token"
13
- expect(json_last_response_body["account"]["authentication_token"]).not_to eq nil
10
+ expect(json_last_response_body).to have_content "auth_token"
11
+ expect(json_last_response_body["account"]["auth_token"]).not_to eq nil
14
12
  end
15
13
 
16
14
  scenario "cannot create an account with an already used subdomain" do
data/spec/features/users/sign_in_spec.rb CHANGED
@@ -1,86 +1,130 @@
1
1
  require 'spec_helper'
2
2
  require 'cadenero/testing_support/subdomain_helpers'
3
- require 'cadenero/testing_support/authentication_helpers'
4
3
 
5
4
  feature 'User sign in' do
6
5
  extend Cadenero::TestingSupport::SubdomainHelpers
7
- include Cadenero::TestingSupport::AuthenticationHelpers
8
6
 
9
7
  let(:account) { FactoryGirl.create(:account_with_schema) }
10
- let(:errors_redirect_ro_sign_in) {{errors: %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} to /v1/sessions}, links: "/v1/sessions"}.to_json}
8
+ let(:errors_redirect_ro_sign_in) {{errors: %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} or {"user": {"auth_token": d8Ff8uvupXQfChangeMe}} to /v1/sessions}, links: "/v1/sessions"}.to_json}
11
9
  let(:errors_invalid_email_or_password) {{ errors: {user:["Invalid email or password"]} }.to_json}
12
10
  let(:errors_invalid_subdomain) {{ errors: {subdomain:["Invalid subdomain"]} }.to_json}
13
11
  let(:sessions_url) { "http://#{account.subdomain}.example.com/v1/sessions" }
14
12
  let(:error_url) { "http://error.example.com/v1/sessions" }
15
13
  let(:root_url) { "http://#{account.subdomain}.example.com/v1" }
16
14
 
17
- within_account_subdomain do
18
- scenario "signs in as an account owner successfully" do
19
- check_error_for_not_signed_in_yet
20
- user_email = successful_sign_in_owner account
21
- get root_url
22
- expect(last_response.status).to eq 200
23
- expect(json_last_response_body["message"]).to have_content user_email
24
- end
15
+ context "with password strategy" do
16
+ within_account_subdomain do
17
+ scenario "signs in as an account owner successfully" do
18
+ check_error_for_not_signed_in_yet
19
+ user_email = successful_sign_in_owner_with_session account
20
+ get root_url
21
+ expect(last_response.status).to eq 200
22
+ expect(json_last_response_body["message"]).to have_content user_email
23
+ end
25
24
 
26
- scenario "signs in as a user successfully" do
27
- check_error_for_not_signed_in_yet
28
- second_user_email = successful_sign_up_user_in_existing_account account, "_second"
29
- second_user = Cadenero::User.where(email: second_user_email).first
30
- successful_sign_in_user(account, account_user_params_json(second_user))
31
- get root_url
32
- expect(last_response.status).to eq 200
33
- expect(json_last_response_body["message"]).to have_content second_user_email
34
- end
25
+ scenario "signs in as a user successfully" do
26
+ check_error_for_not_signed_in_yet
27
+ second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
28
+ second_user = Cadenero::User.where(email: second_user_email).first
29
+ successful_sign_in_user_with_session(account, account_user_params_json(second_user))
30
+ get root_url
31
+ expect(last_response.status).to eq 200
32
+ expect(json_last_response_body["message"]).to have_content second_user_email
33
+ end
35
34
 
36
- scenario "signout as an account owner successfully" do
37
- user_email = successful_sign_in_owner account
38
- delete sessions_url, id: account.owner.id
39
- expect(last_response.status).to eq 200
40
- expect(json_last_response_body["message"]).to have_content "Successful logout"
41
- check_error_for_not_signed_in_yet
42
- end
35
+ scenario "signout as an account owner successfully" do
36
+ user_email = successful_sign_in_owner_with_session account
37
+ delete sessions_url, id: account.owner.id
38
+ expect(last_response.status).to eq 200
39
+ expect(json_last_response_body["message"]).to have_content "Successful logout"
40
+ check_error_for_not_signed_in_yet
41
+ end
42
+
43
+ scenario "two users of the same account should have different auth_tokens" do
44
+ user_email = successful_sign_in_owner_with_session account
45
+ user_auth_token = json_last_response_body["user"]["auth_token"]
46
+ user = Cadenero::User.where(email: user_email).first
47
+ delete sessions_url, id: user.id
48
+ check_error_for_not_signed_in_yet
49
+ second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
50
+ second_user = Cadenero::User.where(email: second_user_email).first
51
+ successful_sign_in_user_with_session(account, account_user_params_json(second_user))
52
+ second_user_auth_token = json_last_response_body["user"]["auth_token"]
53
+ expect(second_user_auth_token).not_to eq([])
54
+ expect(user).not_to eq(second_user)
55
+ expect(user_auth_token).not_to eq(second_user_auth_token)
56
+ end
43
57
 
44
- scenario "two users of the same account should have different auth_tokens" do
45
- user_email = successful_sign_in_owner account
46
- user_auth_token = json_last_response_body["user"]["auth_token"]
47
- user = Cadenero::User.where(email: user_email).first
48
- delete sessions_url, id: user.id
49
- check_error_for_not_signed_in_yet
50
- second_user_email = successful_sign_up_user_in_existing_account account, "_second"
51
- second_user = Cadenero::User.where(email: second_user_email).first
52
- successful_sign_in_user(account, account_user_params_json(second_user))
53
- second_user_auth_token = json_last_response_body["user"]["auth_token"]
54
- expect(second_user_auth_token).not_to eq([])
55
- expect(user).not_to eq(second_user)
56
- expect(user_auth_token).not_to eq(second_user_auth_token)
57
58
  end
58
59
 
59
- end
60
+ context "without sign in" do
61
+ scenario "attempts sign in with an invalid password and fails" do
62
+ check_error_for_not_signed_in_yet
63
+ sign_in_user sessions_url, { email: "user@example.com", password: "" }
64
+ expected_json_errors(errors_invalid_email_or_password)
65
+ end
60
66
 
61
- context "without sign in" do
62
- scenario "attempts sign in with an invalid password and fails" do
63
- check_error_for_not_signed_in_yet
64
- sign_in_user sessions_url, { email: "user@example.com", password: "" }
65
- expected_json_errors(errors_invalid_email_or_password)
66
- end
67
+ scenario "attempts sign in with an invalid email address and fails" do
68
+ check_error_for_not_signed_in_yet
69
+ sign_in_user sessions_url, { email: "foo@example.com", password: "password"}
70
+ expected_json_errors(errors_invalid_email_or_password)
71
+ end
67
72
 
68
- scenario "attempts sign in with an invalid email address and fails" do
69
- check_error_for_not_signed_in_yet
70
- sign_in_user sessions_url, { email: "foo@example.com", password: "password"}
71
- expected_json_errors(errors_invalid_email_or_password)
72
- end
73
+ scenario "cannot sign in if not a member of an existing subdomain" do
74
+ other_account = FactoryGirl.create(:account)
75
+ check_error_for_not_signed_in_yet
76
+ sign_in_user sessions_url, { email: other_account.owner.email, password: "password" }
77
+ expected_json_errors(errors_invalid_email_or_password)
78
+ end
73
79
 
74
- scenario "cannot sign in if not a member of an existing subdomain" do
75
- other_account = FactoryGirl.create(:account)
76
- check_error_for_not_signed_in_yet
77
- sign_in_user sessions_url, { email: other_account.owner.email, password: "password" }
78
- expected_json_errors(errors_invalid_email_or_password)
79
- end
80
+ scenario "cannot sign in if the subdomain does not exist" do
81
+ sign_in_user error_url, account_user_params_json(account.owner)
82
+ expected_json_errors(errors_invalid_subdomain)
83
+ end
84
+ end
85
+ end
80
86
 
81
- scenario "cannot sign in if the subdomain does not exist" do
82
- sign_in_user error_url, account_user_params_json(account.owner)
83
- expected_json_errors(errors_invalid_subdomain)
87
+ context "with token_authentication strategy" do
88
+ let(:account) { FactoryGirl.create(:account_with_schema) }
89
+ within_account_subdomain do
90
+ scenario "can access with the auth_token as signed in" do
91
+ user = account.owner
92
+ check_error_for_not_signed_in_yet
93
+ get root_url, {:auth_token => user.auth_token}
94
+ expect(last_response.status).to eq 200
95
+ expect(json_last_response_body["message"]).to have_content user.email
96
+ end
97
+ scenario "two users of the same account could access with their own auth_tokens" do
98
+ user = account.owner
99
+ check_error_for_not_signed_in_yet
100
+ second_user_email = successful_sign_up_user_in_existing_account_with_session account, "_second"
101
+ second_user = Cadenero::User.where(email: second_user_email).first
102
+ get root_url, {:auth_token => user.auth_token}
103
+ expect(last_response.status).to eq 200
104
+ expect(json_last_response_body["message"]).to have_content user.email
105
+ get root_url, {:auth_token => second_user.auth_token}
106
+ expect(last_response.status).to eq 200
107
+ expect(json_last_response_body["message"]).to have_content second_user.email
108
+ end
109
+ scenario "can not access with an auth_token from a user of other account" do
110
+ second_account = FactoryGirl.create(:account_with_schema)
111
+ user = second_account.owner
112
+ check_error_for_not_signed_in_yet
113
+ get root_url, {:auth_token => user.auth_token}
114
+ expected_json_errors(errors_redirect_ro_sign_in)
115
+ end
116
+ scenario "can access only with the auth_token as signed in and without cookies" do
117
+ user = account.owner
118
+ check_error_for_not_signed_in_yet
119
+ get root_url, {:auth_token => user.auth_token}
120
+ expect(last_response.status).to eq 200
121
+ expect(json_last_response_body["message"]).to have_content user.email
122
+ get "#{root_url}/users/#{user.id}", {}, 'HTTP_COOKIE' => '_session_id='
123
+ expected_json_errors(errors_redirect_ro_sign_in)
124
+ get "#{root_url}/users/#{user.id}", {:auth_token => user.auth_token}, 'HTTP_COOKIE' => '_session_id='
125
+ expect(last_response.status).to eq 200
126
+ expect(json_last_response_body["user"]["email"]).to eq(user.email)
127
+ end
84
128
  end
85
- end
129
+ end
86
130
  end
data/spec/features/users/sign_up_spec.rb CHANGED
@@ -1,21 +1,19 @@
1
1
  require 'spec_helper'
2
- require 'cadenero/testing_support/authentication_helpers'
3
2
 
4
3
  feature "User signup" do
5
- include Cadenero::TestingSupport::AuthenticationHelpers
6
4
 
7
5
  let!(:account) { FactoryGirl.create(:account_with_schema) }
8
6
  let(:root_url) { "http://#{account.subdomain}.example.com/" }
9
7
  scenario "under an account" do
10
- user_email = successful_sign_up_user_in_existing_account account
8
+ user_email = successful_sign_up_user_in_existing_account_with_session account
11
9
  expect(user_email).to eq("user@example.com")
12
10
  end
13
11
 
14
12
  scenario "under two accounts" do
15
- account_user_email = successful_sign_up_user_in_existing_account account
13
+ account_user_email = successful_sign_up_user_in_existing_account_with_session account
16
14
  owner = Cadenero::User.where(email: account_user_email).first
17
15
  second_account = FactoryGirl.create(:account_with_schema, owner: owner)
18
- second_account_user_email = successful_sign_up_user_in_existing_account second_account
16
+ second_account_user_email = successful_sign_up_user_in_existing_account_with_session second_account
19
17
  get "#{root_url}v1/users/#{owner.id}"
20
18
  expect_subject_ids_to_have("user", "membership_ids", [second_account.id, account.id], 200)
21
19
  get "#{root_url}v1/users"
data/spec/spec_helper.rb CHANGED
@@ -8,6 +8,7 @@ require 'factory_girl'
8
8
  require 'database_cleaner'
9
9
  require 'coveralls'
10
10
  require 'cadenero/testing_support/database_cleaning'
11
+ require 'cadenero/testing_support/authentication_helpers'
11
12
 
12
13
  Coveralls.wear!
13
14
 
@@ -26,6 +27,7 @@ Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f}
26
27
  RSpec.configure do |config|
27
28
  include ApiHelper
28
29
  config.include Cadenero::TestingSupport::DatabaseCleaning
30
+ config.include Cadenero::TestingSupport::AuthenticationHelpers, type: :feature
29
31
  # ## Mock Framework
30
32
  #
31
33
  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cadenero
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2.b6
4
+ version: 0.0.2.b7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manuel Vidaurre
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-07-16 00:00:00.000000000 Z
11
+ date: 2013-07-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails-api
@@ -213,6 +213,7 @@ files:
213
213
  - app/controllers/cadenero/v1/accounts_controller.rb
214
214
  - app/extenders/controllers/application_controller_decorator.rb
215
215
  - app/extenders/middleware/robustness.rb
216
+ - app/models/cadenero/auth_token.rb
216
217
  - app/models/cadenero/member.rb
217
218
  - app/models/cadenero/user.rb
218
219
  - app/models/cadenero/v1/account.rb
@@ -220,6 +221,7 @@ files:
220
221
  - app/serializers/cadenero/user_serializer.rb
221
222
  - config/initializers/apartment.rb
222
223
  - config/initializers/warden/strategies/password.rb
224
+ - config/initializers/warden/strategies/token_authentication.rb
223
225
  - config/initializers/warden.rb
224
226
  - config/routes.rb
225
227
  - db/migrate/20130612061604_create_cadenero_v1_accounts.rb