cadenero 0.0.2.b8 → 0.0.2.b10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/README.md +22 -7
- data/app/controllers/cadenero/application_controller.rb +1 -0
- data/app/controllers/cadenero/v1/account/users_controller.rb +9 -2
- data/app/controllers/cadenero/v1/accounts_controller.rb +9 -2
- data/app/extenders/controllers/application_controller_decorator.rb +1 -1
- data/app/models/cadenero/member.rb +0 -3
- data/app/models/cadenero/user.rb +0 -1
- data/app/models/cadenero/v1/account.rb +0 -1
- data/app/serializers/cadenero/account_serializer.rb +1 -1
- data/config/initializers/apartment.rb +2 -2
- data/config/initializers/strong_parameters.rb +1 -0
- data/lib/cadenero/testing_support/authentication_helpers.rb +1 -1
- data/lib/cadenero/testing_support/database_cleaning.rb +3 -3
- data/lib/cadenero/version.rb +1 -1
- data/spec/dummy/config/application.rb +1 -1
- data/spec/dummy/config/environments/development.rb +1 -1
- data/spec/dummy/config/environments/production.rb +1 -1
- data/spec/dummy/config/environments/test.rb +1 -1
- data/spec/dummy/log/test.log +11313 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
MWI1NGU5NDk3MjQwNWM2YTQ2ZDY5ZDFhODllNGI1ZGY4YTZhOTFhZg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
OTA4OTBmMGE1MmZlMDU4ZmUzMjZjODZjMmU5NWJiNDZhNjMzNzk2Zg==
|
7
7
|
!binary "U0hBNTEy":
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
ODAyNTk5ZGY4Njk3MmU2NjY1NDhlZjNjNDUzYzg0NDI1MDlkYjVmZmFjNTlh
|
10
|
+
YWMxMTM4M2Q4NWU0OWExMzJiMjkzMDhlZDQzZmFlMTYxODc5ZjRjOGMwMDBk
|
11
|
+
ZjFiZDlhYTlkYzIwYTJlZmE5ZTEwODcwZDBjZWU3M2JkYTM5ZTM=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ODZjYzFjOTc1OWJlN2M2MjZlMDcxY2MwMzRkZWNiODE4YzFlZmQ2NjlkZGU0
|
14
|
+
ZDNkMzA3NGQzNTBjNjRiNmE0Y2Y2MjZkNGY0NDBmZjllOWFhMzVmODY1ZDMx
|
15
|
+
NmE0NmJkZjk0Zjc3YmZmOTdjZDhkMzk0OWJhMGIwMTlmNDliNWY=
|
data/README.md
CHANGED
@@ -15,7 +15,9 @@ Authentication Engine for Rails.API multitenant RESTful APIs based on Warden. It
|
|
15
15
|
* Is RESTful API
|
16
16
|
* Allows you to have multiple roles (or models/scopes) signed in at the same time
|
17
17
|
|
18
|
-
|
18
|
+
# Information
|
19
|
+
|
20
|
+
## About Cadenero
|
19
21
|
|
20
22
|
### Why Cadenero?
|
21
23
|
**"Cadenero"** is the spanish word for ["Bouncer (doorman)"](http://en.wikipedia.org/wiki/Bouncer_(doorman\)). The main function of **Cadenero** is to be a resource for authenticating consumers of the services that the API provides. As the real bouncers, **Cadenero** aims to provide security, check authorized access, to refuse entry for intoxication, aggressive behavior or non-compliance with statutory or establishment rules.
|
@@ -26,8 +28,8 @@ You can use [Warden](https://github.com/hassox/warden) or [Devise](https://githu
|
|
26
28
|
|
27
29
|
#### Preconditions
|
28
30
|
|
29
|
-
#####
|
30
|
-
You should have a
|
31
|
+
##### PostgreSQL
|
32
|
+
You should have a PostgreSQL server (for downloading see: http://www.postgresql.org/download/). If you are using OSX, you can install using [Homebrew](http://mxcl.github.io/homebrew/) for that you can follow the following this [instructions](http://www.moncefbelyamani.com/how-to-install-postgresql-on-a-mac-with-homebrew-and-lunchy/)
|
31
33
|
|
32
34
|
##### Ruby 1.9.x or 2.x
|
33
35
|
For that we recommend that you use [rbenv](https://github.com/sstephenson/rbenv) with [ruby-build](https://github.com/sstephenson/ruby-build) or [rvm](https://rvm.io/)
|
@@ -49,7 +51,8 @@ Generate first your Rails app as usual using:
|
|
49
51
|
|
50
52
|
In the `Gemfile` add the following lines:
|
51
53
|
```ruby
|
52
|
-
gem 'cadenero', '~> 0.0.2.
|
54
|
+
gem 'cadenero', '~> 0.0.2.b10'
|
55
|
+
gem "strong_parameters", "~> 0.2.1"
|
53
56
|
|
54
57
|
group :development, :test do
|
55
58
|
gem 'rspec-rails', '~> 2.14.0'
|
@@ -159,7 +162,7 @@ You can review the YARD docs in: http://rubydoc.info/github/AgilTec/cadenero/fra
|
|
159
162
|
- [ ] Examples of use and demo
|
160
163
|
|
161
164
|
### Versions
|
162
|
-
**Cadenero** aims to adhere to [Semantic Versioning 2.0.0](http://semver.org/) the current version is: 0.0.2-
|
165
|
+
**Cadenero** aims to adhere to [Semantic Versioning 2.0.0](http://semver.org/) the current version is: 0.0.2-b10 meaning MAJOR.MINOR.PATCH format. Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, that version should be immediately yanked and/or a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions. As a result of this policy, you can (and should) specify a dependency on this gem using the [Pessimistic Version Constraint](http://docs.rubygems.org/read/chapter/16#page74) with two digits of precision. For example:
|
163
166
|
|
164
167
|
```
|
165
168
|
spec.add_dependency 'cadenero', '~> 1.0'
|
@@ -171,6 +174,8 @@ If you discover a problem with **Cadenero**, we would like to know about it. How
|
|
171
174
|
|
172
175
|
https://github.com/AgilTec/cadenero/wiki/Bug-reports
|
173
176
|
|
177
|
+
To submit the bug or issue go to: https://github.com/AgilTec/cadenero/issues
|
178
|
+
|
174
179
|
If you found a security bug, do *NOT* use the GitHub issue tracker. Send an email to the maintainers listed at the bottom of the README please.
|
175
180
|
|
176
181
|
### Contributing
|
@@ -186,6 +191,11 @@ You will usually want to write tests for your changes using BDD tools as RSpec,
|
|
186
191
|
|
187
192
|
To run the test suite, go into **Cadenero**'s top-level directory and run `bundle install` and `rspec spec`. For the tests to pass, you will need to have a Postgresql server running on your system.
|
188
193
|
|
194
|
+
If you have not contribute before in a Github repo please review first:
|
195
|
+
|
196
|
+
* [Fork A Repo](https://help.github.com/articles/fork-a-repo)
|
197
|
+
* [Using Pull Requests](https://help.github.com/articles/using-pull-requests)
|
198
|
+
|
189
199
|
#### Running the Specs
|
190
200
|
**Cadenero** use [RSpec](https://github.com/rspec/rspec) and [Capybara](https://github.com/jnicklas/capybara). To run the specs you only need to do:
|
191
201
|
|
@@ -201,6 +211,8 @@ You can `binstub` the command bins to avoid writing `bundle exec`. You only need
|
|
201
211
|
$ bundle binstubs rake
|
202
212
|
```
|
203
213
|
|
214
|
+
## About Dependencies and Inspirations
|
215
|
+
|
204
216
|
### Warden
|
205
217
|
|
206
218
|
**Cadenero** is based on [Warden](https://github.com/hassox/warden), which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: https://github.com/hassox/warden/wiki
|
@@ -212,12 +224,15 @@ Some code and architectural decisions in **Cadenero** have been inspired for the
|
|
212
224
|
|
213
225
|
**Cadenero** is a Rails::API Engine, Rails::API is a subset of a normal Rails application, created for applications that don't require all functionality that a complete Rails application provides. It is a bit more lightweight, and consequently a bit faster than a normal Rails application. The main example for its usage is in API applications only, where you usually don't need the entire Rails middleware stack nor template generation. Rails::API was created by Santiago Pastorino. We encourage you to read more about Rails::API here: https://github.com/rails-api/rails-api
|
214
226
|
|
215
|
-
### Multitenancy
|
227
|
+
### Multitenancy
|
228
|
+
**Cadenero** use [Apartment](https://github.com/influitive/apartment) for Database multi-tenancy for Rack. **Cadenero** creates a new PostgreSQL Schema (like a NameSpace) for each account with subdomain, this means that each account has access only to its own information in that Schema. If you want to persist models that will have information that should be namespaced by the account Schemas rather than use the usual `rake db:migrate` for creating the tables you should use `rake apartment:migrate`. **Cadenero** creates for you the required `config.database_names` required for Apartment. We encourage you to review the [Apartment README](https://github.com/influitive/apartment/blob/development/README.md) to have more details
|
229
|
+
|
230
|
+
#### Multitenancy with Rails And subscriptions too!
|
216
231
|
Parts of the code of **Cadenero** have been based on the excellent work of [Ryan Bigg](https://github.com/radar) in his book ["Multitenancy with Rails And subscriptions too!"](https://leanpub.com/multi-tenancy-rails) but modified to be use in a RESTful API
|
217
232
|
|
218
233
|
### Maintainers
|
219
234
|
|
220
|
-
* Manuel Vidaurre
|
235
|
+
* [Manuel Vidaurre](https://github.com/mvidaurre)
|
221
236
|
|
222
237
|
## License
|
223
238
|
|
@@ -20,9 +20,9 @@ module Cadenero
|
|
20
20
|
# fulfilled and resulted in a new resource being created.
|
21
21
|
def create
|
22
22
|
account = Cadenero::V1::Account.where(subdomain: request.subdomain).first
|
23
|
-
@user = account.users.create(
|
23
|
+
@user = account.users.create(user_params)
|
24
24
|
force_authentication!(@user)
|
25
|
-
render json: @user, status: :created
|
25
|
+
render json: @user, serializer: UserSerializer, status: :created
|
26
26
|
end
|
27
27
|
|
28
28
|
# Send as JSON the user that match the params[:user]
|
@@ -36,6 +36,13 @@ module Cadenero
|
|
36
36
|
@users = current_account.users
|
37
37
|
render json: @users, status: :ok
|
38
38
|
end
|
39
|
+
|
40
|
+
private
|
41
|
+
|
42
|
+
# Permited parameters using strong parameters format
|
43
|
+
def user_params
|
44
|
+
params.require(:user).permit(:email, :password, :password_confirmation)
|
45
|
+
end
|
39
46
|
end
|
40
47
|
end
|
41
48
|
end
|
@@ -20,10 +20,10 @@ module Cadenero
|
|
20
20
|
# @return render JSON of [Cadenero::V1::Account] created and the status 201 Created: The request has been
|
21
21
|
# fulfilled and resulted in a new resource being created.
|
22
22
|
def create
|
23
|
-
@account = Cadenero::V1::Account.create_with_owner(
|
23
|
+
@account = Cadenero::V1::Account.create_with_owner(account_params)
|
24
24
|
if @account.valid?
|
25
25
|
force_authentication!(@account.owner)
|
26
|
-
render json: @account, status: :created
|
26
|
+
render json: @account, serializer: AccountSerializer, status: :created
|
27
27
|
else
|
28
28
|
@data = {
|
29
29
|
errors: @account.errors
|
@@ -31,6 +31,13 @@ module Cadenero
|
|
31
31
|
render json: @data, status: :unprocessable_entity
|
32
32
|
end
|
33
33
|
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
# Permited parameters using strong parameters format
|
38
|
+
def account_params
|
39
|
+
params.require(:account).permit(:name, :subdomain, owner_attributes: [:email, :password, :password_confirmation])
|
40
|
+
end
|
34
41
|
end
|
35
42
|
end
|
36
43
|
end
|
@@ -30,7 +30,7 @@
|
|
30
30
|
|
31
31
|
# Check to see if there is an authenticated user
|
32
32
|
def user_signed_in?
|
33
|
-
unless env['action_dispatch.request.parameters']["auth_token"].nil?
|
33
|
+
unless env['action_dispatch.request.parameters'].nil? || env['action_dispatch.request.parameters']["auth_token"].nil?
|
34
34
|
env['warden'].logout(:user)
|
35
35
|
env['warden'].authenticate(:token_authentication, scope: :user)
|
36
36
|
end
|
@@ -2,11 +2,8 @@ module Cadenero
|
|
2
2
|
# Defines that a Cadenero::User is member of an Cadenero::V1::Account
|
3
3
|
class Member < ActiveRecord::Base
|
4
4
|
include Cadenero::AuthToken
|
5
|
-
attr_accessible :account_id, :user_id
|
6
5
|
belongs_to :account, :class_name => "Cadenero::V1::Account"
|
7
6
|
belongs_to :user, :class_name => "Cadenero::User"
|
8
7
|
after_create :ensure_auth_token!
|
9
|
-
|
10
8
|
end
|
11
|
-
|
12
9
|
end
|
data/app/models/cadenero/user.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
module Cadenero
|
2
2
|
# Defines a user of one or more accounts for the multitenant Rails App
|
3
3
|
class User < ActiveRecord::Base
|
4
|
-
attr_accessible :email, :password, :password_confirmation
|
5
4
|
has_secure_password
|
6
5
|
has_many :accounts, class_name: "Cadenero::V1::Account", foreign_key: "owner_id"
|
7
6
|
has_many :members, class_name: "Cadenero::Member"
|
@@ -7,7 +7,6 @@ module Cadenero::V1
|
|
7
7
|
has_many :users, :through => :members, :class_name => "Cadenero::User"
|
8
8
|
|
9
9
|
accepts_nested_attributes_for :owner
|
10
|
-
attr_accessible :name, :subdomain, :owner_attributes, :owner
|
11
10
|
validates :subdomain, :presence => true, :uniqueness => true
|
12
11
|
validates :owner, :presence => true
|
13
12
|
after_create :ensure_auth_token!
|
@@ -2,7 +2,7 @@ module Cadenero
|
|
2
2
|
# JSON Serializaer for the Cadenero::V1::Account Model
|
3
3
|
class AccountSerializer < ActiveModel::Serializer
|
4
4
|
embed :ids
|
5
|
-
attributes :id, :name, :subdomain, :
|
5
|
+
attributes :id, :name, :subdomain, :auth_token
|
6
6
|
has_one :owner
|
7
7
|
has_many :users
|
8
8
|
end
|
@@ -7,8 +7,8 @@ Apartment.configure do |config|
|
|
7
7
|
config.excluded_models = ["Cadenero::V1::Account",
|
8
8
|
"Cadenero::Member",
|
9
9
|
"Cadenero::User"]
|
10
|
-
# Dynamically get database names to migrate
|
11
|
-
# config.database_names = lambda{ Account.pluck(:database_name) }
|
12
10
|
end
|
13
11
|
|
12
|
+
# Dynamically get database names to migrate
|
13
|
+
# config.database_names = lambda{ Account.pluck(:database_name) }
|
14
14
|
Apartment.database_names = lambda{ Cadenero::V1::Account.pluck(:subdomain)}
|
@@ -0,0 +1 @@
|
|
1
|
+
ActionController::API.send :include, ActionController::StrongParameters
|
@@ -99,7 +99,7 @@ module Cadenero
|
|
99
99
|
# @param [Cadenero::V1::Account] account
|
100
100
|
# @return [String] email for the last response user
|
101
101
|
def successful_sign_up_user_in_existing_account_with_session(account, suffix=nil)
|
102
|
-
url = "http://#{account.subdomain}.example.com/"
|
102
|
+
url = "http://#{account.subdomain}.example.com/"
|
103
103
|
sign_up_user url, suffix
|
104
104
|
expect(last_request.url).to eq "#{url}v1/users"
|
105
105
|
get "#{url}v1/users/#{json_last_response_body['user']['id']}"
|
@@ -25,9 +25,9 @@ module Cadenero
|
|
25
25
|
connection = ActiveRecord::Base.connection.raw_connection
|
26
26
|
schemas = connection.query(%Q{
|
27
27
|
SELECT 'drop schema ' || nspname || ' cascade;'
|
28
|
-
from pg_namespace
|
29
|
-
where nspname != 'public'
|
30
|
-
AND nspname NOT LIKE 'pg_%'
|
28
|
+
from pg_namespace
|
29
|
+
where nspname != 'public'
|
30
|
+
AND nspname NOT LIKE 'pg_%'
|
31
31
|
AND nspname != 'information_schema';
|
32
32
|
})
|
33
33
|
schemas.each do |query|
|
data/lib/cadenero/version.rb
CHANGED
@@ -47,7 +47,7 @@ module Dummy
|
|
47
47
|
# This will create an empty whitelist of attributes available for mass-assignment for all models
|
48
48
|
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
|
49
49
|
# parameters by using an attr_accessible or attr_protected declaration.
|
50
|
-
config.active_record.whitelist_attributes =
|
50
|
+
config.active_record.whitelist_attributes = false
|
51
51
|
|
52
52
|
# Enable the asset pipeline
|
53
53
|
config.assets.enabled = true
|
@@ -6,7 +6,7 @@ Dummy::Application.configure do
|
|
6
6
|
# since you don't have to restart the web server when you make code changes.
|
7
7
|
config.cache_classes = false
|
8
8
|
|
9
|
-
config.ember.variant = :development
|
9
|
+
# config.ember.variant = :development
|
10
10
|
|
11
11
|
# Log error messages when you accidentally call methods on nil.
|
12
12
|
config.whiny_nils = true
|
@@ -4,7 +4,7 @@ Dummy::Application.configure do
|
|
4
4
|
# Code is not reloaded between requests
|
5
5
|
config.cache_classes = true
|
6
6
|
|
7
|
-
config.ember.variant = :production
|
7
|
+
# config.ember.variant = :production
|
8
8
|
|
9
9
|
# Full error reports are disabled and caching is turned on
|
10
10
|
config.consider_all_requests_local = false
|
@@ -7,7 +7,7 @@ Dummy::Application.configure do
|
|
7
7
|
# and recreated between test runs. Don't rely on the data there!
|
8
8
|
config.cache_classes = true
|
9
9
|
|
10
|
-
config.ember.variant = :development
|
10
|
+
# config.ember.variant = :development
|
11
11
|
|
12
12
|
# Configure static asset server for tests with Cache-Control for performance
|
13
13
|
config.serve_static_assets = true
|