fix MR comments

prevent nil token
2020-08-03 16:59:33 +02:00 · 2020-07-29 18:45:27 +02:00 · 2020-07-29 18:45:11 +02:00 · 2020-07-29 18:39:21 +02:00
7 changed files with 123 additions and 12 deletions
--- a/.env.sample
+++ b/.env.sample
@@ -27,3 +27,6 @@ MUX_TOKEN_ID=
 MUX_TOKEN_SECRET=
 MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app
 MUX_TEST_MODE_DISABLED=
+
+# Required for creating user through API
+CUSTOM_API_TOKEN=
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Api::UsersController < Api::ApiController
+  skip_before_action :authenticate_user
+  before_action :verify_custom_token, only: :create
+
+  def create
+    if user_params[:email].nil? || user_params[:password].nil?
+      raise ActionController::ParameterMissing.new 'Missing email or password'
+    end
+
+    user = Oath::Services::SignUp.new(user_params).perform
+    render json: user.slice(:email, :created_at, :first_name, :last_name)
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(%i[
+                                   email
+                                   password
+                                   first_name
+                                   last_name
+                                 ])
+  end
+
+  def verify_custom_token
+    if token.blank? || token != ENV['CUSTOM_API_TOKEN']
+      unauthorized_entity(:user)
+    end
+  end
+
+end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -511,8 +511,6 @@ en:
        person_last_name: Last name
        person_name: Name
        person_phone: Phone number
-      contract_template:
-        amendment_clause: Additional Contract Clause
      location_release:
        address_city: City
        address_country: Country
@@ -844,7 +842,7 @@ en:
      empty: Location Releases will appear here
      table_headers:
        address: Address
-        amendment_signed: Additional Clause
+        amendment_signed: Amendment
        approved: Approved
        name: Location Name
        notes: Notes
@@ -854,7 +852,7 @@ en:
      actions:
        manage: Manage
        review: Review
-        sign_amendment: Sign Additional Clause
+        sign_amendment: Sign Amendment
      messages:
        amendment_not_signed_tooltip: Amendment not yet signed
        amendment_signed_tooltip: Amendment Signed
@@ -1136,7 +1134,7 @@ en:
        amendment_signed_message: Release amendment signed successfully! Thank you
      new:
        amendment:
-          heading: Additional Clause
+          heading: Amendment
        copy_url: Copy sign amendment URL
        signature:
          heading: Signature
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -285,8 +285,6 @@ es:
        person_email: Dirección de correo electrónico
        person_name: Nómbre
        person_phone: Número de teléfono
-      contract_template:
-        amendment_clause: Additional Contract Clause (ES)
      material_release:
        guardian_2_address_city: Guardian 2 city (ES)
        guardian_2_address_country: Guardian 2 country (ES)
@@ -410,13 +408,13 @@ es:
    index:
      table_headers:
        address: Address (ES)
-        amendment_signed: Additional Clause (ES)
+        amendment_signed: Amendment (ES)
        notes: Notes (ES)
        signed_at: Date Signed (ES)
        tags: Tags (ES)
    location_release:
      actions:
-        sign_amendment: Sign Additional Clause (ES)
+        sign_amendment: Sign Amendment (ES)
      messages:
        amendment_not_signed_tooltip: Amendment not yet signed (ES)
        amendment_signed_tooltip: Amendment Signed (ES)
@@ -502,7 +500,7 @@ es:
        amendment_signed_message: Release amendment signed successfully! Thank you (ES)
      new:
        amendment:
-          heading: Additional Clause (ES)
+          heading: Amendment
        copy_url: Copy sign amendment URL (ES)
        signature:
          heading: Signature (ES)
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -158,6 +158,7 @@ Rails.application.routes.draw do
      scope 'v1' do
        get 'sync' => 'sync#index'
        post 'user_token' => 'user_token#create'
+        post 'users' => 'users#create'
        resource :profiles, only: [:show]
        resources :projects, only: [:index] do
          resources :broadcasts, only: [:index, :show, :update]
--- a/spec/controllers/api/users_controller_spec.rb
+++ b/spec/controllers/api/users_controller_spec.rb
@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::UsersController, type: :controller do
+  before do
+    ENV['CUSTOM_API_TOKEN'] = "custom_token"
+  end
+  describe '#create' do
+    context 'Invalid token' do
+      it 'Returns 401 (Unauthorized) status if token is not valid' do
+
+        post :create
+
+        expect(response).not_to be_successful
+        expect(response).to have_http_status(401)
+      end
+    end
+
+    context 'Valid token' do
+      before :each do
+        controller.request.env['HTTP_AUTHORIZATION'] = 'Bearer custom_token'
+      end
+
+      it 'Returns Server error if user param is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if email or password is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect do
+          post :create, params: { user: { password: "123" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if body contains not permitted params' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123", admin: true } }
+        end.to raise_exception ActionController::UnpermittedParameters
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Creates user if body contains correct params' do
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.to change(User, :count).by(1)
+
+        expect(response).to be_successful
+      end
+
+      it 'Nothing changes if existing email is used' do
+        create(:user, email: "a@b.com")
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.not_to change(User, :count)
+
+        expect(response).to be_successful
+      end
+    end
+  end
+end
--- a/spec/features/user_managing_location_releases_spec.rb
+++ b/spec/features/user_managing_location_releases_spec.rb
@@ -87,7 +87,7 @@ feature "User managing location releases" do

      visit new_account_project_contract_template_location_release_amendment_path(project.account, project, contract_template, release)

-      expect(page).to have_content amendments_heading.upcase
+      expect(page).to have_content amendments_heading

      fill_in amendment_signer_name_field, with: 'Big Signer'
      draw_signature file_fixture("signature.png"), amendment_signature_field
@@ -250,7 +250,7 @@ feature "User managing location releases" do

      new_window = window_opened_by { click_link sign_amendment_link }
      within_window new_window do
-        expect(page).to have_content amendments_heading.upcase
+        expect(page).to have_content amendments_heading

        fill_in amendment_signer_name_field, with: 'Big Signer'
        draw_signature file_fixture("signature.png"), amendment_signature_field
Author	SHA1	Message	Date
Bilal	d0ae5898d7	fix MR comments	2020-08-03 16:59:33 +02:00
Bilal	acfb3bed70	prevent nil token	2020-07-29 18:45:27 +02:00
Bilal	83aa0a7aab	prevent nil token	2020-07-29 18:45:11 +02:00
Bilal	76934cefb5	allow adding users through API	2020-07-29 18:39:21 +02:00