cadenero 0.0.2.b2 → 0.0.2.b3

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZDJiOTJiYTg5YTM1MjRmMWVkOGYyMmVmYmI3NmVhY2JjMjhkZjczNw==
+    NThlODkyY2YyMmNlYTBhYjc0ZjVmNTE1YmI0Mzg3NjQxMTI3ZDE3Ng==
   data.tar.gz: !binary |-
-    N2MwN2FmZGI0Yjc2MTBiMGJmZWMxNzc2ODUxOTFhZjUyNTFkNGE4Zg==
+    M2UzOWZjMDA5M2U3MGRjNTdjZWZiNzIwMjQ2NTEzOGI1ZDc4NGNiZg==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    OTE3NmUxOWZmNjhlMTcwODg0MTZlN2ZlYTM2M2RhNWMyY2Q2NTgxNjBiMGY5
-    NDc3NTZiMGZmNzgzMTZmMGY2MGFhMmI0NjI2Mjg0NTAzZjg5ZWJiZDczMjJj
-    YzY2ZmQzMGU3NTg3YzljODQ5MTA1YWYyMWY0ODlkN2JmZjFmNWY=
+    ODYwNTExMGVkOTU5MzI2YWZmODI5YjgyY2E0OTQ3ODgzM2ViOTY5ZjVhNGMw
+    YWI0MGVjY2MzOGM3OGUxOTE2ODRmMDk0Yjg4ZjM4NWYzMWFiYTU0MmNiMDYz
+    ZDQ3Mjg1ZDkxZDNlMWZmOWU4YTNlMmEzYTA4MWE3ZjMxYTY4MTg=
   data.tar.gz: !binary |-
-    YjYwMzg2NzM0YWNiNmM2MTY2MDU3YWVhNzllNGUwMTgxNTM3Y2VhMDNiYTM0
-    N2FlYTA5YjFlNDk0ZDJlOWMwM2YzNDBiMDUyODg0ZTAyZDU5N2JhMzI4Njc3
-    NTVhZTIxYWE0NzA2MmRiMDA5M2Y4NzUzODc1ZTgxMTk3ZGQxMTg=
+    ZGY1MWUyODM2NWU2OTA3MmZkYmY2YmEzZjU1MmYzODE0YWJjMWQzMmFkYTA3
+    YTU4Y2QyZGMyOTcxMWM5NjAyY2Q2MjZmOWM2Zjk4NzAzOWEwNjc4NzE2ZmU3
+    NDZkZjkwNmFhYTlhZTk2MmI0Y2E0OTIwMjkwNDE1YmNiNDZkNjI=

data/README.md

@@ -19,6 +19,7 @@ Authentication Engine for Rails.API multitenant RESTful APIs based on Warden. It
 **"Cadenero"** is the spanish word for ["Bouncer (doorman)"](http://en.wikipedia.org/wiki/Bouncer_(doorman\)). The main function of **Cadenero** is to be a resource for authenticating consumers of the services that the API provides. As the real bouncers, **Cadenero** aims to provide security, check authorized access, to refuse entry for intoxication, aggressive behavior or non-compliance with statutory or establishment rules. 
 
 ### Installing **Cadenero**
+
 Generate first your Rails.API app as usual using:
 
 ```
@@ -27,7 +28,7 @@ Generate first your Rails.API app as usual using:
 
 In the `Gemfile` add the following lines:
 ```ruby
-    gem 'cadenero', '~> 0.0.2.b2'
+    gem 'cadenero', github: 'AgilTec/cadenero', branch: 'rails4'
     gem 'pg'
 ```
 

data/app/controllers/cadenero/v1/account/sessions_controller.rb

@@ -7,7 +7,7 @@ module Cadenero::V1
     def create
       if env['warden'].authenticate(:password, :scope => :user)
         #return the user JSON on success
-        render json: current_user, status: :created
+        render json: current_user, serializer: Cadenero::UserSerializer, status: :created
       else
         #return error mesage in a JSON on error
         render json: {errors: {user:["Invalid email or password"]}}, status: :unprocessable_entity

data/app/controllers/cadenero/v1/account/users_controller.rb

@@ -19,15 +19,23 @@ module Cadenero
       #   fulfilled and resulted in a new resource being created.
       def create
         account = Cadenero::V1::Account.where(subdomain: request.subdomain).first
-        @user = account.users.create(params[:user])
+        @user = account.users.create(user_params)
         force_authentication!(@user)
-        render json: @user, status: :created
+        render json: @user, serializer: UserSerializer, status: :created
       end
       # Send as JSON the user that match the params[:user]
       def show
-        @user = account.users.where(params[:user]).first
+        @user = account.users.where(user_params).first
         render json: @user, status: :ok
       end
+
+      private
+      
+      # Permited parameters using strong parameters format
+      def user_params
+        params.require(:user).permit(:email, :password, :password_confirmation)
+      end
+
     end
   end
 end

data/app/controllers/cadenero/v1/accounts_controller.rb

@@ -20,12 +20,12 @@ module Cadenero
       # @return render JSON of [Cadenero::V1::Account] created and the status 201 Created: The request has been 
       #   fulfilled and resulted in a new resource being created.
       def create
-        @account = Cadenero::V1::Account.create_with_owner(params[:account])
+        @account = Cadenero::V1::Account.create_with_owner(account_params)
         if @account.valid?
           @account.create_schema
           @account.ensure_authentication_token!
           force_authentication!(@account.owner)
-          render json: @account, status: :created
+          render json: @account, serializer: AccountSerializer, status: :created
         else
           @data = {
             errors: @account.errors
@@ -33,6 +33,13 @@ module Cadenero
           render json: @data, status: :unprocessable_entity
         end
       end
+
+      private
+      
+      # Permited parameters using strong parameters format
+      def account_params
+        params.require(:account).permit(:name, :subdomain, owner_attributes: [:email, :password, :password_confirmation])
+      end
     end
   end
 end

data/app/extenders/controllers/application_controller_decorator.rb

@@ -30,7 +30,7 @@
 
 # Check to see if there is an authenticated user  
   def user_signed_in?
-    env['warden'].authenticated?(:user)
+    env['warden'].authenticated?(:user) unless env['warden'].nil?
   end
 
 # it the user is not authenticated returns a 422 and an informative error with the link for sign

data/app/extenders/middleware/robustness.rb

@@ -10,6 +10,8 @@ class Robustness
     @app.call(env)
   rescue Apartment::SchemaNotFound => ex
     [422, { 'Content-Type' => 'application/json' }, [ {errors: {subdomain:["Invalid subdomain"]}}.to_json ] ]  # suppose the message can be safely used
+  rescue ArgumentError => ex
+    [422, { 'Content-Type' => 'application/json' }, [ {errors: {subdomain:["Invalid subdomain"]}}.to_json ] ]  # suppose the message can be safely used
   rescue SecurityError => ex
     [403, { 'Content-Type' => 'application/json' }, [ ex.message ] ]
   ensure

data/app/models/cadenero/user.rb

@@ -1,7 +1,6 @@
 module Cadenero
   # Defines a user of one or more accounts for the multitenant  Rails App
   class User < ActiveRecord::Base
-    attr_accessible :email, :password, :password_confirmation
     has_secure_password
     has_many :accounts, class_name: "Cadenero::V1::Account", foreign_key: "owner_id"
     has_many :members, class_name: "Cadenero::Member"

data/app/models/cadenero/v1/account.rb

@@ -6,7 +6,6 @@ module Cadenero::V1
     has_many :users, :through => :members,  :class_name => "Cadenero::User"
     
     accepts_nested_attributes_for :owner
-    attr_accessible :name, :subdomain, :owner_attributes, :owner
     validates :subdomain, :presence => true, :uniqueness => true
     validates :owner, :presence => true
 

data/config/initializers/strong_parameters.rb

@@ -0,0 +1 @@
+ActionController::API.send :include, ActionController::StrongParameters

data/config/routes.rb

@@ -8,7 +8,7 @@ Cadenero::Engine.routes.draw do
         post '/sessions', :to => "sessions#create", default: :json
         delete '/sessions', :to => "sessions#delete", default: :json
         post '/users', :to => "users#create", default: :json
-        get '/users', :to => "users#show", :as => :users, default: :json
+        get '/users', :to => "users#show", default: :json
       end
     end
     post '/accounts', :to => "accounts#create", :as => :accounts, default: :json

data/lib/cadenero/version.rb

@@ -1,3 +1,3 @@
 module Cadenero
-  VERSION = "0.0.2.b2" # Current VERSION of Cadenero
+  VERSION = "0.0.2.b3" # Current VERSION of Cadenero
 end

data/spec/dummy/config/application.rb

@@ -2,8 +2,12 @@ require File.expand_path('../boot', __FILE__)
 
 require 'rails/all'
 
-Bundler.require(*Rails.groups)
-require "cadenero"
+if defined?(Bundler)
+  # If you precompile assets before deploying to production, use this line
+  Bundler.require(*Rails.groups(:assets => %w(development test)))
+  # If you want your assets lazily compiled in production, use this line
+  # Bundler.require(:default, :assets, Rails.env)
+end
 
 module Dummy
   class Application < Rails::Application
@@ -47,17 +51,12 @@ module Dummy
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    #config.active_record.whitelist_attributes = true
 
     # Enable the asset pipeline
     config.assets.enabled = true
 
     # Version of your assets, change this if you want to expire all your assets
     config.assets.version = '1.0'
-
-    config.generators do |g|
-      g.test_framework :rspec
-    end
   end
 end
-

data/spec/dummy/config/boot.rb

@@ -1,10 +1,6 @@
 require 'rubygems'
-gemfile = File.expand_path('../../../../Gemfile', __FILE__)
 
-if File.exist?(gemfile)
-  ENV['BUNDLE_GEMFILE'] = gemfile
-  require 'bundler'
-  Bundler.setup
-end
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
 
-$:.unshift File.expand_path('../../../../lib', __FILE__)
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

data/spec/dummy/config/environments/development.rb

@@ -4,13 +4,9 @@ Dummy::Application.configure do
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.
-  config.cache_classes = false
-
-  config.ember.variant = :development
-
-  # Log error messages when you accidentally call methods on nil.
-  config.whiny_nils = true
+  #config.ember.variant = :development
 
+  config.eager_load = false
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
@@ -24,9 +20,6 @@ Dummy::Application.configure do
   # Only use best-standards-support built into browsers
   config.action_dispatch.best_standards_support = :builtin
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
   config.active_record.auto_explain_threshold_in_seconds = 0.5

data/spec/dummy/config/environments/production.rb

@@ -4,7 +4,8 @@ Dummy::Application.configure do
   # Code is not reloaded between requests
   config.cache_classes = true
 
-  config.ember.variant = :production
+  config.eager_load = true
+  #config.ember.variant = :production
 
   # Full error reports are disabled and caching is turned on
   config.consider_all_requests_local       = false

data/spec/dummy/config/environments/test.rb

@@ -7,15 +7,13 @@ Dummy::Application.configure do
   # and recreated between test runs. Don't rely on the data there!
   config.cache_classes = true
 
-  config.ember.variant = :development
+  config.eager_load = false
+  #config.ember.variant = :development
 
   # Configure static asset server for tests with Cache-Control for performance
   config.serve_static_assets = true
   config.static_cache_control = "public, max-age=3600"
 
-  # Log error messages when you accidentally call methods on nil
-  config.whiny_nils = true
-
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
@@ -31,9 +29,6 @@ Dummy::Application.configure do
   # ActionMailer::Base.deliveries array.
   # config.action_mailer.delivery_method = :test
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
 end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+#
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/dummy/config/initializers/secret_token.rb

@@ -2,18 +2,7 @@
 
 # Your secret key for verifying the integrity of signed cookies.
 # If you change this key, all old signed cookies will become invalid!
-
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-# You can use `rake secret` to generate a secure secret key.
-
-# Make sure your secret_key_base is kept private
-# if you're sharing your code publicly.
-
-# Although this is not needed for an api-only application, rails4 
-# requires secret_key_base or secret_toke to be defined, otherwise an 
-# error is raised.
-# Using secret_token for rails3 compatibility. Change to secret_key_base
-# to avoid deprecation warning.
-# Can be safely removed in a rails3 api-only application.
-Dummy::Application.config.secret_token = 'df98291699a229624c0907ad6236b289bc51369d1d1f2729b2c66cdad46b60cb2cb64b93d47b0d2fd9aa4f833bc8d4c98eaaed223f9d4b9ed684677f655611e8'
+Dummy::Application.config.secret_token = '2badc583f5ee641098da66a9330ca138b22302e4c6a8b0e67ca37ef180bd836406f056cf35bdf2c1214cd8835c55969e74fe8f589dde6b093bac703a32960807'
+Dummy::Application.config.secret_key_base = 'df98291699a229624c0907ad6236b289bc51369d1d1f2729b2c66cdad46b60cb2cb64b93d47b0d2fd9aa4f833bc8d4c98eaaed223f9d4b9ed684677f655611e8'

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store