cadenero 0.0.2.b4 → 0.0.2.b5

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    YWFkM2QwNGFkNGJjNGVlOGM0ZmVkNDIzZDI2NTdlM2IwYTgxZjMxMQ==
+    Y2FmOTI0YTdlNWExZjkzM2M0NTliNjk4M2VhNWZkYTI2YTE2ZTc2Mw==
   data.tar.gz: !binary |-
-    NzIyNDk3ZDdiMjE3ZWVmOTBmOWY0MTUxYTRhMDU1ZjEyYzE2MzViNg==
+    NzU4M2I5ZDgxZjI0NjFkMzk1MDQwYmY5ZTY5Mjk0ZTAyNGRjZjViMw==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    ODUwOGQ0OGFlNmYwZjc1MzE4YjAxZTMwZGZhZDJlZTVkZmY3NmIxZGYxMWFm
-    OGFjYzkwYzI2ZTYyMzlkZjdkM2JjOGI4Y2I1Njg2ZDVkY2NkMDgyNTVhNTY1
-    ZmZiYTcyMWU1MTE4NGQ0MWUzMWVhYTg5YTc0MzdiODVmYjlkODI=
+    MmZjMTBhYmVkY2E1ODgwM2EwNTQyMTFhY2ZhMzA5ZjlmZTJkM2E0ODFiYzgz
+    MDQ0ODg1MGViY2RhYjcwMDIyZTU0Mzg4M2Q1MGUyYWM0NmQ4MzJmNTcyYTZm
+    YmZiOGM5N2Y4MDVjN2FhYWRjMDk0NDdjYjk2OTAwZWYyZTEyYTQ=
   data.tar.gz: !binary |-
-    MjU0OWZjYTBhMWIxZjc5NmRjNDgwOTQ4MzU2M2ZjNWY3ZTM4NDk0Zjc4Yzlk
-    MWQ4MjllZWM0OTA3M2U3MmRlZDYwNDlkNTA2ZWY5NGJkNmQ3YmVjMzJkMjNl
-    YTRmNjI1MWRiNGYwZTM1NDRhMjdiNDBiYzA2NTI1NjhmZWUwMzg=
+    NmJiMTY3YmM3NmZhNzIwMDhmODFkMjc3MzlkMzFjN2RmOTYwNjg5N2NkNGNm
+    OTRmNzcyZTIxMjU4ZjgxMDdjNzFlNDYxNGNhOGE4ZDQ2MjVjYTM5NDZkMmQz
+    N2E3MGY0MWUwNDk2ZWM5MThjYjQ1YzUzNGMwZDNmMWUxMmRlMTM=

data/README.md

@@ -16,7 +16,8 @@ Authentication Engine for Rails.API multitenant RESTful APIs based on Warden. It
 ## Information
 
 ### Why Cadenero?
-**"Cadenero"** is the spanish word for ["Bouncer (doorman)"](http://en.wikipedia.org/wiki/Bouncer_(doorman\)). The main function of **Cadenero** is to be a resource for authenticating consumers of the services that the API provides. As the real bouncers, **Cadenero** aims to provide security, check authorized access, to refuse entry for intoxication, aggressive behavior or non-compliance with statutory or establishment rules. 
+**"Cadenero"** is the spanish word for ["Bouncer (doorman)"](http://en.wikipedia.org/wiki/Bouncer_(doorman\)). The main function of **Cadenero** is to be a resource for authenticating consumers of the services that the API provides. As the real bouncers, **Cadenero** aims to provide security, check authorized access, to refuse entry for intoxication, aggressive behavior or non-compliance with statutory or establishment rules.
+You can use [Warden](https://github.com/hassox/warden) or [Devise](https://github.com/plataformatec/devise) directly but for API apps the rewritting and monkey patching can be messy.
 
 ### Installing **Cadenero**
 
@@ -30,7 +31,7 @@ Generate first your Rails app as usual using:
 
 In the `Gemfile` add the following lines:
 ```ruby
-    gem 'cadenero', '~> 0.0.2.b4'
+    gem 'cadenero', '~> 0.0.2.b5'
     gem 'pg'
 ```
 
@@ -111,7 +112,7 @@ Have fun!
 You can check them running:
 
 ```
-    rake routes
+    $ rake routes
 ```
 ### Documentation
 You can review the YARD docs in: http://rubydoc.info/github/AgilTec/cadenero/frames
@@ -122,7 +123,7 @@ You can review the YARD docs in: http://rubydoc.info/github/AgilTec/cadenero/fra
 - [ ] Examples of use and demo
 
 ### Versions
-**Cadenero** use [Semantic Versioning 2.0.0](http://semver.org/) the current version is: 0.0.2-alpha meaning MAJOR.MINOR.PATCH format
+**Cadenero** use [Semantic Versioning 2.0.0](http://semver.org/) the current version is: 0.0.2-b5 meaning MAJOR.MINOR.PATCH format
 
 ### Bug reports
 
@@ -140,6 +141,20 @@ https://github.com/AgilTec/cadenero/Contributing
 
 You will usually want to write tests for your changes using BDD tools as RSpec, Rack::Test and Capybara.  To run the test suite, go into **Cadenero**'s top-level directory and run "bundle install" and "rspec".  For the tests to pass, you will need to have a Postgresql server running on your system.
 
+#### Running the Specs
+**Cadenero** use [RSpec](https://github.com/rspec/rspec) and [Capybara](https://github.com/jnicklas/capybara). If you want to extend **Cadenero** please fork and clone the repo. To run the specs you only need to do:
+```
+    $ RAILS_ENV=test bundle exec rake db:create
+    $ RAILS_ENV=test bundle exec rake db:migrate
+    $ bundle exec rspec spec
+```
+
+You can `binstub` the command bins to avoid writing `bundle exec`. You only need to write:
+```
+    $ bundle binstubs rspec-core
+    $ bundle binstubs rake
+```
+
 ### Warden
 
 **Cadenero** is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: https://github.com/hassox/warden

data/app/controllers/cadenero/v1/account/users_controller.rb

@@ -9,13 +9,14 @@ module Cadenero
   module V1
     # Controller for managing users for specific accounts
     class Account::UsersController < Cadenero::ApplicationController
+      before_filter :authenticate_user!, except: :create
       # Create a [Cadenero::User] based on the params sended by the client as a JSON with the user inrormation
       #
       # @example Posting the user data to be created in an account via the subdomain
-      #   post "http://#{account.subdomain}.example.com/v1/users", 
+      #   post "http://#{account.subdomain}.example.com/v1/users",
       #   user: { email: "user@example.com", password: "password", password_confirmation: "password" }
       #
-      # @return render JSON of [Cadenero::User] created and the status 201 Created: The request has been 
+      # @return render JSON of [Cadenero::User] created and the status 201 Created: The request has been
       #   fulfilled and resulted in a new resource being created.
       def create
         account = Cadenero::V1::Account.where(subdomain: request.subdomain).first
@@ -23,7 +24,7 @@ module Cadenero
         force_authentication!(@user)
         render json: @user, status: :created
       end
-      
+
       # Send as JSON the user that match the params[:user]
       def show
         @user = current_account.users.where(id: params[:id]).first

data/app/controllers/cadenero/v1/accounts_controller.rb

@@ -13,17 +13,15 @@ module Cadenero
       # Create a [Cadenero::V1::Account] based on the params sended by the client as a JSON with the account inrormation
       #
       # @example Posting the account data to be created in a subdomain
-      #   post "http://www.example.com/v1/accounts", 
-      #   account: { name: "Testy", subdomain: "test", 
+      #   post "http://www.example.com/v1/accounts",
+      #   account: { name: "Testy", subdomain: "test",
       #     owner_attributes: {email: "testy@example.com", password: "changeme", password_confirmation: "changeme"} }
       #
-      # @return render JSON of [Cadenero::V1::Account] created and the status 201 Created: The request has been 
+      # @return render JSON of [Cadenero::V1::Account] created and the status 201 Created: The request has been
       #   fulfilled and resulted in a new resource being created.
       def create
         @account = Cadenero::V1::Account.create_with_owner(params[:account])
         if @account.valid?
-          @account.create_schema
-          @account.ensure_authentication_token!
           force_authentication!(@account.owner)
           render json: @account, status: :created
         else

data/app/extenders/controllers/application_controller_decorator.rb

@@ -28,17 +28,16 @@
     end
   end
 
-# Check to see if there is an authenticated user  
+# Check to see if there is an authenticated user
   def user_signed_in?
-    env['warden'].authenticated?(:user)
+    env['warden'].authenticated?(:user) unless env['warden'].nil?
   end
 
 # it the user is not authenticated returns a 422 and an informative error with the link for sign
   def authenticate_user!
-    Rails.logger.info "env['warden'].authenticated?(:user): #{env['warden'].authenticated?(:user)}"
     unless user_signed_in?
-      errors = %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} to /v1/sessions}
-      render json: {errors: errors, links: "/v1/sessions"}, status: 422
+      @errors = %Q{Please sign in. posting the user json credentials as: {"user": {"email": "testy2@example.com", "password": "changeme"}} to /v1/sessions}
+      render json: {errors: @errors, links: "/v1/sessions"}, status: 422
     end
   end
 

data/app/models/cadenero/member.rb

@@ -1,8 +1,50 @@
 module Cadenero
   # Defines that a Cadenero::User is member of an Cadenero::V1::Account
   class Member < ActiveRecord::Base
+    attr_accessible :account_id, :user_id
     belongs_to :account,  :class_name => "Cadenero::V1::Account"
     belongs_to :user,  :class_name => "Cadenero::User"
-    # attr_accessible :title, :body
+    after_create :ensure_auth_token!
+
+    # Generate authentication token unless already exists.
+    def ensure_auth_token
+      reset_auth_token if auth_token.blank?
+    end
+
+    # Generate authentication token unless already exists and save the record.
+    def ensure_auth_token!
+      reset_auth_token! if auth_token.blank?
+    end
+
+    # Generate new authentication token (a.k.a. "single access token").
+    def reset_auth_token
+      self.auth_token = self.class.auth_token
+    end
+
+    # Generate new authentication token and save the record.
+    def reset_auth_token!
+      reset_auth_token
+      save(:validate => false)
+    end
+
+    class << self
+      # Generate a token checking if one does not already exist in the database.
+      def auth_token
+        generate_token(:auth_token)
+      end
+
+      protected
+      # Generate a token by looping and ensuring does not already exist.
+      # @param [String] column is the name of the column that has the authentication token
+      # @return {String]} a unique generated auth_token
+      def generate_token(column)
+        loop do
+          token = SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
+          break token unless Member.where({ column => token }).first
+        end
+      end
+    end
+
   end
+  
 end

data/app/models/cadenero/user.rb

@@ -1,5 +1,5 @@
 module Cadenero
-  # Defines a user of one or more accounts for the multitenant  Rails App
+  # Defines a user of one or more accounts for the multitenant Rails App
   class User < ActiveRecord::Base
     attr_accessible :email, :password, :password_confirmation
     has_secure_password
@@ -7,10 +7,10 @@ module Cadenero
     has_many :members, class_name: "Cadenero::Member"
     has_many :memberships, through: :members, source: :account
 
-    # Obtain the authentication_token from the account to be use for the User
-    def auth_token      
-      accounts.map{|acc| acc.authentication_token}
+    # Obtain the authentication_token from the members to be use for the User
+    def auth_token
+      members.map{|member| member.auth_token}
     end
-  
+
   end
 end

data/app/models/cadenero/v1/account.rb

@@ -4,7 +4,7 @@ module Cadenero::V1
     belongs_to :owner,  :class_name => "Cadenero::User"
     has_many :members, :class_name => "Cadenero::Member"
     has_many :users, :through => :members,  :class_name => "Cadenero::User"
-    
+
     accepts_nested_attributes_for :owner
     attr_accessible :name, :subdomain, :owner_attributes, :owner
     validates :subdomain, :presence => true, :uniqueness => true
@@ -12,26 +12,28 @@ module Cadenero::V1
     after_create :ensure_authentication_token!
 
     # Creates an account and assign the provided [Cadenero::User] as owner to the account
-    # @param [Hash] params list 
+    # @param [Hash] params list
     # @example
-    #    Example for the params JSON: {name: "Testy", subdomain: "test", 
-    #    owner_attributes: {email: "testy@example.com", password: "changeme", 
+    #    Example for the params JSON: {name: "Testy", subdomain: "test",
+    #    owner_attributes: {email: "testy@example.com", password: "changeme",
     #    password_confirmation: "changeme"} }
-    # @return the [Cadenero::V1::Account] created
+    # @return [Cadenero::V1::Account] created
     # @note because this model uses accepts_nested_attributes_for :owner the JSOB should have owner_attributes
     def self.create_with_owner(params={})
       account = new(params)
       if account.save
         account.users << account.owner
+        account.create_schema
+        account.ensure_authentication_token!
       end
       account
     end
 
-    # Gets the account for the specified subdomain and guards errors 
-    # @param [String] params subdomain 
+    # Gets the account for the specified subdomain and guards errors
+    # @param [String] subdomain
     # @example
     #    get_by_subdomain("www")
-    # @return the [Cadenero::V1::Account] for that subdomain  
+    # @return [Cadenero::V1::Account] for that subdomain
     def self.get_by_subdomain(subdomain)
       account = find_by_subdomain(subdomain)
       if account
@@ -46,6 +48,11 @@ module Cadenero::V1
       Apartment::Database.create(subdomain)
     end
 
+    # Obtain the auth_token from the members to be use for the Account
+    def auth_token
+      members.map{|member| member.auth_token}
+    end
+
     # Generate authentication token unless already exists.
     def ensure_authentication_token
       reset_authentication_token if authentication_token.blank?
@@ -75,8 +82,8 @@ module Cadenero::V1
 
       protected
       # Generate a token by looping and ensuring does not already exist.
-      # @params [String] column is the name of the column that has the authentication token
-      # @return a unique generated authentication_token
+      # @param [String] column is the name of the column that has the authentication token
+      # @return {String]} a unique generated authentication_token
       def generate_token(column)
         loop do
           token = SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')

data/config/initializers/apartment.rb

@@ -3,7 +3,6 @@ require File.expand_path('../../../app/extenders/middleware/robustness', __FILE_
 Rails.application.config.middleware.use(Robustness)
 Rails.application.config.middleware.use(Apartment::Elevators::Subdomain)
 
-
 Apartment.configure do |config|
   config.excluded_models = ["Cadenero::V1::Account",
                              "Cadenero::Member",

data/config/initializers/warden/strategies/password.rb

@@ -15,7 +15,7 @@ Warden::Strategies.add(:password) do
   def valid?
     subdomain.present? && json_params["user"]
   end
-  
+
   def authenticate!
     account = Cadenero::V1::Account.get_by_subdomain(subdomain)
     if account

data/db/migrate/20130612061604_create_cadenero_v1_accounts.rb

@@ -3,7 +3,7 @@ class CreateCadeneroV1Accounts < ActiveRecord::Migration
     create_table :cadenero_accounts do |t|
       t.string :name
       t.string :subdomain
-      t.string :authentication_token    
+      t.string :authentication_token
       t.references :owner
 
       t.timestamps

data/db/migrate/20130715174857_add_auth_token_to_cadenero_members.rb

@@ -0,0 +1,6 @@
+class AddAuthTokenToCadeneroMembers < ActiveRecord::Migration
+  def change
+    add_column :cadenero_members, :auth_token, :string
+    add_index :cadenero_members, :auth_token
+  end
+end

data/db/seeds.rb

@@ -1,7 +1,7 @@
-@account = Cadenero::V1::Account.create!(name: Cadenero.default_account_name, 
-                              subdomain: Cadenero.default_account_subdomain, 
+@account = Cadenero::V1::Account.create!(name: Cadenero.default_account_name,
+                              subdomain: Cadenero.default_account_subdomain,
                               owner: Cadenero::User.create!(email: Cadenero.default_user_email,
-                                                            password: Cadenero.default_user_password, 
+                                                            password: Cadenero.default_user_password,
                                                             password_confirmation: Cadenero.default_user_password))
 
 @account.create_schema

data/lib/cadenero.rb

@@ -26,12 +26,12 @@ require 'warden'
 require 'apartment'
 
 module Cadenero
-  mattr_accessor  :base_path, 
-                  :user_class, 
-                  :default_account_name, 
-                  :default_account_subdomain, 
-                  :default_user_email, 
-                  :default_user_password 
+  mattr_accessor  :base_path,
+                  :user_class,
+                  :default_account_name,
+                  :default_account_subdomain,
+                  :default_user_email,
+                  :default_user_password
 
   class << self
     # @return the base path for the Cadenero named routes

data/lib/cadenero/engine.rb

@@ -7,7 +7,7 @@ module Cadenero
       manager.default_strategies :password
     end
 
-    config.generators do |g|                                                               
+    config.generators do |g|
       g.test_framework :rspec
       g.integration_tool :rspec
     end

data/lib/cadenero/testing_support/authentication_helpers.rb

@@ -5,21 +5,21 @@ module Cadenero
     module AuthenticationHelpers
       # creates a dummy user for testing
       # @return a dummy user JSON parameters for sign up
-      def create_account_user
-        @user ||= { email: "user@example.com", password: "password", password_confirmation: "password" }
+      def create_user_params_json(suffix = nil)
+        @user = { email: "user#{suffix}@example.com", password: "password", password_confirmation: "password" }
       end
       # @param user [Cadenero::User]
       # @return [JSON] a dummy user JSON parameters for sign in
-      def account_user(user)
+      def account_user_params_json(user)
         @user = { email: user.email, password: "password" }
       end
 
       # find an account in the Database using the email of the owner
       # @return [Cadenero::V1::Account] the corresponding account that was founded
       def find_account_by_email
-        @account = Cadenero::V1::Account.where(name: create_account_user[:email]).first
+        @account = Cadenero::V1::Account.where(name: create_user_params_json[:email]).first
       end
-      
+
       # find an account in the Database using the name of the owner
       # @return [Cadenero::V1::Account] the corresponding account that was founded
       def find_account_by_name
@@ -39,7 +39,7 @@ module Cadenero
       # @param msg [JSON] the  errors: as JSON
       def expected_json_errors(msg)
         expect(last_response.body).to eql(msg)
-        expect(last_response.status).to eq 422    
+        expect(last_response.status).to eq 422
       end
 
       # Expect that the JSON response will be a default error message when the user has not signed in yet
@@ -52,26 +52,63 @@ module Cadenero
 
       # Sign up a dummy user for testing
       # @return [Cadenero::V1::Account] the corresponding account that was founded
-      def sign_up_user(url)
-        post "#{url}/v1/users", format: :json, user: create_account_user
+      def sign_up_user(url, suffix=nil)
+        post "#{url}/v1/users", format: :json, user: create_user_params_json(suffix)
         find_account_by_email
       end
 
-      # Expect that a owner sign in successfuly to an account
-      # @param account [Cadenero::V1::Account]
-      # @return email [String] for the last response user
-      def successful_sign_in_owner(account)
-        sign_in_user sessions_url, account_user(account.owner)
-        expect(last_response.status).to eq 201
-        expect(json_last_response_body["user"]["account_ids"]).to eq [account.id]
+      # Expect that the last_response JSON to have an auth_token and that should equal to the provided auth_token
+      # @param [String] subject
+      # @param [Array] auth_token
+      def expect_auth_token(subject, auth_token)
         expect(json_last_response_body).to have_content "auth_token"
-        expect(json_last_response_body["user"]["auth_token"]).to eq [account.authentication_token]
+        expect(json_last_response_body[subject]["auth_token"]).to eq auth_token
+      end
+
+      # Expect that the last_response JSON key subject for the ids_key to have the ids_values
+      # @param [String] subject The key to look in the JSON
+      # @param [String] ids_key THe key for the subject that identify the ids
+      # @param [Array] ids_values THe array of expected ids values
+      # @param [Integer] http_code Optional expected returned HTTP Code from last_response
+      def expect_subject_ids_to_have(subject, ids_key, ids_values, http_code=201)
+        expect(last_response.status).to eq http_code
+        expect(json_last_response_body[subject][ids_key]).to eq ids_values
+      end
+
+      # Expect that a owner sign in successfuly to one of his accounts
+      # @param  [Cadenero::V1::Account] account
+      # @return [String] email  for the last response user
+      def successful_sign_in_owner(account)
+        sign_in_user sessions_url, account_user_params_json(account.owner)
+        expect_subject_ids_to_have("user", "account_ids", [account.id])
+        expect_auth_token("user", account.auth_token)
+        return json_last_response_body["user"]["email"]
+      end
+
+      # Expect that a user sign in successfuly to an account
+      # @param  [Cadenero::V1::Account] account
+      # @return [String] email  for the last response user
+      def successful_sign_in_user(account, user)
+        sign_in_user sessions_url, user
+        expect_subject_ids_to_have("user", "membership_ids", [account.id])
+        return json_last_response_body["user"]["email"]
+      end
+
+      # Expect that a user sign in successfuly to an account
+      # @param  [Cadenero::V1::Account] account
+      # @return [String] email  for the last response user
+      def successful_sign_up_user_in_existing_account(account, suffix=nil)
+        url = "http://#{account.subdomain}.example.com/" 
+        sign_up_user url, suffix
+        expect(last_request.url).to eq "#{url}v1/users"
+        get "#{url}v1/users/#{json_last_response_body['user']['id']}"
+        expect_subject_ids_to_have("user", "membership_ids", [account.id], 200)
         return json_last_response_body["user"]["email"]
       end
 
       # creates a dummy account for testing
       # @return [JSON] a dummy account JSON parameters
-      def create_account
+      def create_account_params_json
         @visitor ||= { name: "Testy", subdomain: "test", owner_attributes:
           {email: "testy@example.com", password: "changeme", password_confirmation: "changeme"} }
       end
@@ -79,7 +116,7 @@ module Cadenero
       # Sign up a dummy account for testing
       # @return [Cadenero::V1::Account] the corresponding account that was founded
       def sign_up_account
-        post "/v1/accounts", format: :json, account: create_account
+        post "/v1/accounts", format: :json, account: create_account_params_json
         find_account_by_name
       end