cadenero 0.0.2.b2 → 0.0.2.b3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/README.md +2 -1
- data/app/controllers/cadenero/v1/account/sessions_controller.rb +1 -1
- data/app/controllers/cadenero/v1/account/users_controller.rb +11 -3
- data/app/controllers/cadenero/v1/accounts_controller.rb +9 -2
- data/app/extenders/controllers/application_controller_decorator.rb +1 -1
- data/app/extenders/middleware/robustness.rb +2 -0
- data/app/models/cadenero/user.rb +0 -1
- data/app/models/cadenero/v1/account.rb +0 -1
- data/config/initializers/strong_parameters.rb +1 -0
- data/config/routes.rb +1 -1
- data/lib/cadenero/version.rb +1 -1
- data/spec/dummy/config/application.rb +7 -8
- data/spec/dummy/config/boot.rb +3 -7
- data/spec/dummy/config/environments/development.rb +2 -9
- data/spec/dummy/config/environments/production.rb +2 -1
- data/spec/dummy/config/environments/test.rb +2 -7
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/inflections.rb +15 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +2 -13
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/log/test.log +7609 -26950
- data/spec/features/users/sign_in_spec.rb +4 -4
- data/spec/features/users/sign_up_spec.rb +2 -1
- data/spec/support/factories/user_factory.rb +1 -0
- metadata +39 -18
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -13
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
NThlODkyY2YyMmNlYTBhYjc0ZjVmNTE1YmI0Mzg3NjQxMTI3ZDE3Ng==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
M2UzOWZjMDA5M2U3MGRjNTdjZWZiNzIwMjQ2NTEzOGI1ZDc4NGNiZg==
|
7
7
|
!binary "U0hBNTEy":
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
ODYwNTExMGVkOTU5MzI2YWZmODI5YjgyY2E0OTQ3ODgzM2ViOTY5ZjVhNGMw
|
10
|
+
YWI0MGVjY2MzOGM3OGUxOTE2ODRmMDk0Yjg4ZjM4NWYzMWFiYTU0MmNiMDYz
|
11
|
+
ZDQ3Mjg1ZDkxZDNlMWZmOWU4YTNlMmEzYTA4MWE3ZjMxYTY4MTg=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ZGY1MWUyODM2NWU2OTA3MmZkYmY2YmEzZjU1MmYzODE0YWJjMWQzMmFkYTA3
|
14
|
+
YTU4Y2QyZGMyOTcxMWM5NjAyY2Q2MjZmOWM2Zjk4NzAzOWEwNjc4NzE2ZmU3
|
15
|
+
NDZkZjkwNmFhYTlhZTk2MmI0Y2E0OTIwMjkwNDE1YmNiNDZkNjI=
|
data/README.md
CHANGED
@@ -19,6 +19,7 @@ Authentication Engine for Rails.API multitenant RESTful APIs based on Warden. It
|
|
19
19
|
**"Cadenero"** is the spanish word for ["Bouncer (doorman)"](http://en.wikipedia.org/wiki/Bouncer_(doorman\)). The main function of **Cadenero** is to be a resource for authenticating consumers of the services that the API provides. As the real bouncers, **Cadenero** aims to provide security, check authorized access, to refuse entry for intoxication, aggressive behavior or non-compliance with statutory or establishment rules.
|
20
20
|
|
21
21
|
### Installing **Cadenero**
|
22
|
+
|
22
23
|
Generate first your Rails.API app as usual using:
|
23
24
|
|
24
25
|
```
|
@@ -27,7 +28,7 @@ Generate first your Rails.API app as usual using:
|
|
27
28
|
|
28
29
|
In the `Gemfile` add the following lines:
|
29
30
|
```ruby
|
30
|
-
gem 'cadenero', '
|
31
|
+
gem 'cadenero', github: 'AgilTec/cadenero', branch: 'rails4'
|
31
32
|
gem 'pg'
|
32
33
|
```
|
33
34
|
|
@@ -7,7 +7,7 @@ module Cadenero::V1
|
|
7
7
|
def create
|
8
8
|
if env['warden'].authenticate(:password, :scope => :user)
|
9
9
|
#return the user JSON on success
|
10
|
-
render json: current_user, status: :created
|
10
|
+
render json: current_user, serializer: Cadenero::UserSerializer, status: :created
|
11
11
|
else
|
12
12
|
#return error mesage in a JSON on error
|
13
13
|
render json: {errors: {user:["Invalid email or password"]}}, status: :unprocessable_entity
|
@@ -19,15 +19,23 @@ module Cadenero
|
|
19
19
|
# fulfilled and resulted in a new resource being created.
|
20
20
|
def create
|
21
21
|
account = Cadenero::V1::Account.where(subdomain: request.subdomain).first
|
22
|
-
@user = account.users.create(
|
22
|
+
@user = account.users.create(user_params)
|
23
23
|
force_authentication!(@user)
|
24
|
-
render json: @user, status: :created
|
24
|
+
render json: @user, serializer: UserSerializer, status: :created
|
25
25
|
end
|
26
26
|
# Send as JSON the user that match the params[:user]
|
27
27
|
def show
|
28
|
-
@user = account.users.where(
|
28
|
+
@user = account.users.where(user_params).first
|
29
29
|
render json: @user, status: :ok
|
30
30
|
end
|
31
|
+
|
32
|
+
private
|
33
|
+
|
34
|
+
# Permited parameters using strong parameters format
|
35
|
+
def user_params
|
36
|
+
params.require(:user).permit(:email, :password, :password_confirmation)
|
37
|
+
end
|
38
|
+
|
31
39
|
end
|
32
40
|
end
|
33
41
|
end
|
@@ -20,12 +20,12 @@ module Cadenero
|
|
20
20
|
# @return render JSON of [Cadenero::V1::Account] created and the status 201 Created: The request has been
|
21
21
|
# fulfilled and resulted in a new resource being created.
|
22
22
|
def create
|
23
|
-
@account = Cadenero::V1::Account.create_with_owner(
|
23
|
+
@account = Cadenero::V1::Account.create_with_owner(account_params)
|
24
24
|
if @account.valid?
|
25
25
|
@account.create_schema
|
26
26
|
@account.ensure_authentication_token!
|
27
27
|
force_authentication!(@account.owner)
|
28
|
-
render json: @account, status: :created
|
28
|
+
render json: @account, serializer: AccountSerializer, status: :created
|
29
29
|
else
|
30
30
|
@data = {
|
31
31
|
errors: @account.errors
|
@@ -33,6 +33,13 @@ module Cadenero
|
|
33
33
|
render json: @data, status: :unprocessable_entity
|
34
34
|
end
|
35
35
|
end
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
# Permited parameters using strong parameters format
|
40
|
+
def account_params
|
41
|
+
params.require(:account).permit(:name, :subdomain, owner_attributes: [:email, :password, :password_confirmation])
|
42
|
+
end
|
36
43
|
end
|
37
44
|
end
|
38
45
|
end
|
@@ -30,7 +30,7 @@
|
|
30
30
|
|
31
31
|
# Check to see if there is an authenticated user
|
32
32
|
def user_signed_in?
|
33
|
-
env['warden'].authenticated?(:user)
|
33
|
+
env['warden'].authenticated?(:user) unless env['warden'].nil?
|
34
34
|
end
|
35
35
|
|
36
36
|
# it the user is not authenticated returns a 422 and an informative error with the link for sign
|
@@ -10,6 +10,8 @@ class Robustness
|
|
10
10
|
@app.call(env)
|
11
11
|
rescue Apartment::SchemaNotFound => ex
|
12
12
|
[422, { 'Content-Type' => 'application/json' }, [ {errors: {subdomain:["Invalid subdomain"]}}.to_json ] ] # suppose the message can be safely used
|
13
|
+
rescue ArgumentError => ex
|
14
|
+
[422, { 'Content-Type' => 'application/json' }, [ {errors: {subdomain:["Invalid subdomain"]}}.to_json ] ] # suppose the message can be safely used
|
13
15
|
rescue SecurityError => ex
|
14
16
|
[403, { 'Content-Type' => 'application/json' }, [ ex.message ] ]
|
15
17
|
ensure
|
data/app/models/cadenero/user.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
module Cadenero
|
2
2
|
# Defines a user of one or more accounts for the multitenant Rails App
|
3
3
|
class User < ActiveRecord::Base
|
4
|
-
attr_accessible :email, :password, :password_confirmation
|
5
4
|
has_secure_password
|
6
5
|
has_many :accounts, class_name: "Cadenero::V1::Account", foreign_key: "owner_id"
|
7
6
|
has_many :members, class_name: "Cadenero::Member"
|
@@ -6,7 +6,6 @@ module Cadenero::V1
|
|
6
6
|
has_many :users, :through => :members, :class_name => "Cadenero::User"
|
7
7
|
|
8
8
|
accepts_nested_attributes_for :owner
|
9
|
-
attr_accessible :name, :subdomain, :owner_attributes, :owner
|
10
9
|
validates :subdomain, :presence => true, :uniqueness => true
|
11
10
|
validates :owner, :presence => true
|
12
11
|
|
@@ -0,0 +1 @@
|
|
1
|
+
ActionController::API.send :include, ActionController::StrongParameters
|
data/config/routes.rb
CHANGED
@@ -8,7 +8,7 @@ Cadenero::Engine.routes.draw do
|
|
8
8
|
post '/sessions', :to => "sessions#create", default: :json
|
9
9
|
delete '/sessions', :to => "sessions#delete", default: :json
|
10
10
|
post '/users', :to => "users#create", default: :json
|
11
|
-
get '/users', :to => "users#show",
|
11
|
+
get '/users', :to => "users#show", default: :json
|
12
12
|
end
|
13
13
|
end
|
14
14
|
post '/accounts', :to => "accounts#create", :as => :accounts, default: :json
|
data/lib/cadenero/version.rb
CHANGED
@@ -2,8 +2,12 @@ require File.expand_path('../boot', __FILE__)
|
|
2
2
|
|
3
3
|
require 'rails/all'
|
4
4
|
|
5
|
-
Bundler
|
6
|
-
|
5
|
+
if defined?(Bundler)
|
6
|
+
# If you precompile assets before deploying to production, use this line
|
7
|
+
Bundler.require(*Rails.groups(:assets => %w(development test)))
|
8
|
+
# If you want your assets lazily compiled in production, use this line
|
9
|
+
# Bundler.require(:default, :assets, Rails.env)
|
10
|
+
end
|
7
11
|
|
8
12
|
module Dummy
|
9
13
|
class Application < Rails::Application
|
@@ -47,17 +51,12 @@ module Dummy
|
|
47
51
|
# This will create an empty whitelist of attributes available for mass-assignment for all models
|
48
52
|
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
|
49
53
|
# parameters by using an attr_accessible or attr_protected declaration.
|
50
|
-
config.active_record.whitelist_attributes = true
|
54
|
+
#config.active_record.whitelist_attributes = true
|
51
55
|
|
52
56
|
# Enable the asset pipeline
|
53
57
|
config.assets.enabled = true
|
54
58
|
|
55
59
|
# Version of your assets, change this if you want to expire all your assets
|
56
60
|
config.assets.version = '1.0'
|
57
|
-
|
58
|
-
config.generators do |g|
|
59
|
-
g.test_framework :rspec
|
60
|
-
end
|
61
61
|
end
|
62
62
|
end
|
63
|
-
|
data/spec/dummy/config/boot.rb
CHANGED
@@ -1,10 +1,6 @@
|
|
1
1
|
require 'rubygems'
|
2
|
-
gemfile = File.expand_path('../../../../Gemfile', __FILE__)
|
3
2
|
|
4
|
-
|
5
|
-
|
6
|
-
require 'bundler'
|
7
|
-
Bundler.setup
|
8
|
-
end
|
3
|
+
# Set up gems listed in the Gemfile.
|
4
|
+
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
|
9
5
|
|
10
|
-
|
6
|
+
require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
|
@@ -4,13 +4,9 @@ Dummy::Application.configure do
|
|
4
4
|
# In the development environment your application's code is reloaded on
|
5
5
|
# every request. This slows down response time but is perfect for development
|
6
6
|
# since you don't have to restart the web server when you make code changes.
|
7
|
-
config.
|
8
|
-
|
9
|
-
config.ember.variant = :development
|
10
|
-
|
11
|
-
# Log error messages when you accidentally call methods on nil.
|
12
|
-
config.whiny_nils = true
|
7
|
+
#config.ember.variant = :development
|
13
8
|
|
9
|
+
config.eager_load = false
|
14
10
|
# Show full error reports and disable caching
|
15
11
|
config.consider_all_requests_local = true
|
16
12
|
config.action_controller.perform_caching = false
|
@@ -24,9 +20,6 @@ Dummy::Application.configure do
|
|
24
20
|
# Only use best-standards-support built into browsers
|
25
21
|
config.action_dispatch.best_standards_support = :builtin
|
26
22
|
|
27
|
-
# Raise exception on mass assignment protection for Active Record models
|
28
|
-
config.active_record.mass_assignment_sanitizer = :strict
|
29
|
-
|
30
23
|
# Log the query plan for queries taking more than this (works
|
31
24
|
# with SQLite, MySQL, and PostgreSQL)
|
32
25
|
config.active_record.auto_explain_threshold_in_seconds = 0.5
|
@@ -4,7 +4,8 @@ Dummy::Application.configure do
|
|
4
4
|
# Code is not reloaded between requests
|
5
5
|
config.cache_classes = true
|
6
6
|
|
7
|
-
config.
|
7
|
+
config.eager_load = true
|
8
|
+
#config.ember.variant = :production
|
8
9
|
|
9
10
|
# Full error reports are disabled and caching is turned on
|
10
11
|
config.consider_all_requests_local = false
|
@@ -7,15 +7,13 @@ Dummy::Application.configure do
|
|
7
7
|
# and recreated between test runs. Don't rely on the data there!
|
8
8
|
config.cache_classes = true
|
9
9
|
|
10
|
-
config.
|
10
|
+
config.eager_load = false
|
11
|
+
#config.ember.variant = :development
|
11
12
|
|
12
13
|
# Configure static asset server for tests with Cache-Control for performance
|
13
14
|
config.serve_static_assets = true
|
14
15
|
config.static_cache_control = "public, max-age=3600"
|
15
16
|
|
16
|
-
# Log error messages when you accidentally call methods on nil
|
17
|
-
config.whiny_nils = true
|
18
|
-
|
19
17
|
# Show full error reports and disable caching
|
20
18
|
config.consider_all_requests_local = true
|
21
19
|
config.action_controller.perform_caching = false
|
@@ -31,9 +29,6 @@ Dummy::Application.configure do
|
|
31
29
|
# ActionMailer::Base.deliveries array.
|
32
30
|
# config.action_mailer.delivery_method = :test
|
33
31
|
|
34
|
-
# Raise exception on mass assignment protection for Active Record models
|
35
|
-
config.active_record.mass_assignment_sanitizer = :strict
|
36
|
-
|
37
32
|
# Print deprecation notices to the stderr
|
38
33
|
config.active_support.deprecation = :stderr
|
39
34
|
end
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
+
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
+
|
6
|
+
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
7
|
+
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Add new inflection rules using the following format
|
4
|
+
# (all these examples are active by default):
|
5
|
+
# ActiveSupport::Inflector.inflections do |inflect|
|
6
|
+
# inflect.plural /^(ox)$/i, '\1en'
|
7
|
+
# inflect.singular /^(ox)en/i, '\1'
|
8
|
+
# inflect.irregular 'person', 'people'
|
9
|
+
# inflect.uncountable %w( fish sheep )
|
10
|
+
# end
|
11
|
+
#
|
12
|
+
# These inflection rules are supported but not enabled by default:
|
13
|
+
# ActiveSupport::Inflector.inflections do |inflect|
|
14
|
+
# inflect.acronym 'RESTful'
|
15
|
+
# end
|
@@ -2,18 +2,7 @@
|
|
2
2
|
|
3
3
|
# Your secret key for verifying the integrity of signed cookies.
|
4
4
|
# If you change this key, all old signed cookies will become invalid!
|
5
|
-
|
6
5
|
# Make sure the secret is at least 30 characters and all random,
|
7
6
|
# no regular words or you'll be exposed to dictionary attacks.
|
8
|
-
|
9
|
-
|
10
|
-
# Make sure your secret_key_base is kept private
|
11
|
-
# if you're sharing your code publicly.
|
12
|
-
|
13
|
-
# Although this is not needed for an api-only application, rails4
|
14
|
-
# requires secret_key_base or secret_toke to be defined, otherwise an
|
15
|
-
# error is raised.
|
16
|
-
# Using secret_token for rails3 compatibility. Change to secret_key_base
|
17
|
-
# to avoid deprecation warning.
|
18
|
-
# Can be safely removed in a rails3 api-only application.
|
19
|
-
Dummy::Application.config.secret_token = 'df98291699a229624c0907ad6236b289bc51369d1d1f2729b2c66cdad46b60cb2cb64b93d47b0d2fd9aa4f833bc8d4c98eaaed223f9d4b9ed684677f655611e8'
|
7
|
+
Dummy::Application.config.secret_token = '2badc583f5ee641098da66a9330ca138b22302e4c6a8b0e67ca37ef180bd836406f056cf35bdf2c1214cd8835c55969e74fe8f589dde6b093bac703a32960807'
|
8
|
+
Dummy::Application.config.secret_key_base = 'df98291699a229624c0907ad6236b289bc51369d1d1f2729b2c66cdad46b60cb2cb64b93d47b0d2fd9aa4f833bc8d4c98eaaed223f9d4b9ed684677f655611e8'
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
|
4
|
+
|
5
|
+
# Use the database for sessions instead of the cookie-based default,
|
6
|
+
# which shouldn't be used to store highly confidential information
|
7
|
+
# (create the session table with "rails generate session_migration")
|
8
|
+
# Dummy::Application.config.session_store :active_record_store
|