fix MR comments

prevent nil token
2020-08-03 16:59:33 +02:00 · 2020-07-29 18:45:27 +02:00 · 2020-07-29 18:45:11 +02:00 · 2020-07-29 18:39:21 +02:00
5 changed files with 118 additions and 14 deletions
--- a/.env.sample
+++ b/.env.sample
@@ -27,3 +27,6 @@ MUX_TOKEN_ID=
 MUX_TOKEN_SECRET=
 MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app
 MUX_TEST_MODE_DISABLED=
+
+# Required for creating user through API
+CUSTOM_API_TOKEN=
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Api::UsersController < Api::ApiController
+  skip_before_action :authenticate_user
+  before_action :verify_custom_token, only: :create
+
+  def create
+    if user_params[:email].nil? || user_params[:password].nil?
+      raise ActionController::ParameterMissing.new 'Missing email or password'
+    end
+
+    user = Oath::Services::SignUp.new(user_params).perform
+    render json: user.slice(:email, :created_at, :first_name, :last_name)
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(%i[
+                                   email
+                                   password
+                                   first_name
+                                   last_name
+                                 ])
+  end
+
+  def verify_custom_token
+    if token.blank? || token != ENV['CUSTOM_API_TOKEN']
+      unauthorized_entity(:user)
+    end
+  end
+
+end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -158,6 +158,7 @@ Rails.application.routes.draw do
      scope 'v1' do
        get 'sync' => 'sync#index'
        post 'user_token' => 'user_token#create'
+        post 'users' => 'users#create'
        resource :profiles, only: [:show]
        resources :projects, only: [:index] do
          resources :broadcasts, only: [:index, :show, :update]
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -9,20 +9,6 @@ SET xmloption = content;
 SET client_min_messages = warning;
 SET row_security = off;

--
-- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: -
--
-
-CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog;
-
-
--
-- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: -
--
-
-COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language';
-
-
 --
 -- Name: fuzzystrmatch; Type: EXTENSION; Schema: -; Owner: -
 --
@@ -1475,6 +1461,7 @@ CREATE TABLE public.settings (
 --

 CREATE SEQUENCE public.settings_id_seq
+    AS integer
    START WITH 1
    INCREMENT BY 1
    NO MINVALUE
@@ -1510,6 +1497,7 @@ CREATE TABLE public.taggings (
 --

 CREATE SEQUENCE public.taggings_id_seq
+    AS integer
    START WITH 1
    INCREMENT BY 1
    NO MINVALUE
@@ -1540,6 +1528,7 @@ CREATE TABLE public.tags (
 --

 CREATE SEQUENCE public.tags_id_seq
+    AS integer
    START WITH 1
    INCREMENT BY 1
    NO MINVALUE
--- a/spec/controllers/api/users_controller_spec.rb
+++ b/spec/controllers/api/users_controller_spec.rb
@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::UsersController, type: :controller do
+  before do
+    ENV['CUSTOM_API_TOKEN'] = "custom_token"
+  end
+  describe '#create' do
+    context 'Invalid token' do
+      it 'Returns 401 (Unauthorized) status if token is not valid' do
+
+        post :create
+
+        expect(response).not_to be_successful
+        expect(response).to have_http_status(401)
+      end
+    end
+
+    context 'Valid token' do
+      before :each do
+        controller.request.env['HTTP_AUTHORIZATION'] = 'Bearer custom_token'
+      end
+
+      it 'Returns Server error if user param is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if email or password is missing' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect do
+          post :create, params: { user: { password: "123" } }
+        end.to raise_exception ActionController::ParameterMissing
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Returns Server Error if body contains not permitted params' do
+        user_count = User.all.count
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123", admin: true } }
+        end.to raise_exception ActionController::UnpermittedParameters
+
+        expect(User.all.count).to eq user_count
+      end
+
+      it 'Creates user if body contains correct params' do
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.to change(User, :count).by(1)
+
+        expect(response).to be_successful
+      end
+
+      it 'Nothing changes if existing email is used' do
+        create(:user, email: "a@b.com")
+
+        expect do
+          post :create, params: { user: { email: "a@b.com", password: "123" } }
+        end.not_to change(User, :count)
+
+        expect(response).to be_successful
+      end
+    end
+  end
+end
Author	SHA1	Message	Date
Bilal	d0ae5898d7	fix MR comments	2020-08-03 16:59:33 +02:00
Bilal	acfb3bed70	prevent nil token	2020-07-29 18:45:27 +02:00
Bilal	83aa0a7aab	prevent nil token	2020-07-29 18:45:11 +02:00
Bilal	76934cefb5	allow adding users through API	2020-07-29 18:39:21 +02:00