From 76934cefb522e851a740bb83b148daf53f282b6b Mon Sep 17 00:00:00 2001 From: Bilal Date: Wed, 29 Jul 2020 18:39:21 +0200 Subject: [PATCH 1/4] allow adding users through API --- app/controllers/api/users_controller.rb | 28 +++++++ config/routes.rb | 1 + db/structure.sql | 17 +--- spec/controllers/api/users_controller_spec.rb | 78 +++++++++++++++++++ 4 files changed, 110 insertions(+), 14 deletions(-) create mode 100644 app/controllers/api/users_controller.rb create mode 100644 spec/controllers/api/users_controller_spec.rb diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb new file mode 100644 index 0000000..34be00a --- /dev/null +++ b/app/controllers/api/users_controller.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +class Api::UsersController < Api::ApiController + skip_before_action :authenticate_user + before_action :verify_custom_token, only: :create + + def create + if user_params[:email].nil? || user_params[:password].nil? + raise ActionController::ParameterMissing.new 'Missing email or password' + end + + user = Oath::Services::SignUp.new(user_params).perform + render json: user.slice(:email, :created_at, :first_name, :last_name) + end + + private + + def user_params + params.require(:user).permit(%i[email password]) + end + + def verify_custom_token + if token != ENV['CUSTOM_API_TOKEN'] + unauthorized_entity(:user) + end + end + +end diff --git a/config/routes.rb b/config/routes.rb index 4f0c3ff..eea68bc 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -158,6 +158,7 @@ Rails.application.routes.draw do scope 'v1' do get 'sync' => 'sync#index' post 'user_token' => 'user_token#create' + post 'users' => 'users#create' resource :profiles, only: [:show] resources :projects, only: [:index] do resources :broadcasts, only: [:index, :show, :update] diff --git a/db/structure.sql b/db/structure.sql index 7246f09..5e3e9ce 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -9,20 +9,6 @@ SET xmloption = content; SET client_min_messages = warning; SET row_security = off; --- --- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: - --- - -CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog; - - --- --- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: - --- - -COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language'; - - -- -- Name: fuzzystrmatch; Type: EXTENSION; Schema: -; Owner: - -- @@ -1475,6 +1461,7 @@ CREATE TABLE public.settings ( -- CREATE SEQUENCE public.settings_id_seq + AS integer START WITH 1 INCREMENT BY 1 NO MINVALUE @@ -1510,6 +1497,7 @@ CREATE TABLE public.taggings ( -- CREATE SEQUENCE public.taggings_id_seq + AS integer START WITH 1 INCREMENT BY 1 NO MINVALUE @@ -1540,6 +1528,7 @@ CREATE TABLE public.tags ( -- CREATE SEQUENCE public.tags_id_seq + AS integer START WITH 1 INCREMENT BY 1 NO MINVALUE diff --git a/spec/controllers/api/users_controller_spec.rb b/spec/controllers/api/users_controller_spec.rb new file mode 100644 index 0000000..e785c73 --- /dev/null +++ b/spec/controllers/api/users_controller_spec.rb @@ -0,0 +1,78 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe Api::UsersController, type: :controller do + before do + ENV['CUSTOM_API_TOKEN'] = "custom_token" + end + describe '#create' do + context 'Invalid token' do + it 'Returns 401 (Unauthorized) status if token is not valid' do + + post :create + + expect(response).not_to be_successful + expect(response).to have_http_status(401) + end + end + + context 'Valid token' do + before :each do + controller.request.env['HTTP_AUTHORIZATION'] = 'Bearer custom_token' + end + + it 'Returns Server error if user param is missing' do + user_count = User.all.count + + expect do + post :create + end.to raise_exception ActionController::ParameterMissing + + expect(User.all.count).to eq user_count + end + + it 'Returns Server Error if email or password is missing' do + user_count = User.all.count + + expect do + post :create, params: { user: { email: "a@b.com" } } + end.to raise_exception ActionController::ParameterMissing + + expect do + post :create, params: { user: { password: "123" } } + end.to raise_exception ActionController::ParameterMissing + + expect(User.all.count).to eq user_count + end + + it 'Returns Server Error if body contains not permitted params' do + user_count = User.all.count + + expect do + post :create, params: { user: { email: "a@b.com", password: "123", admin: true } } + end.to raise_exception ActionController::UnpermittedParameters + + expect(User.all.count).to eq user_count + end + + it 'Creates user if body contains correct params' do + expect do + post :create, params: { user: { email: "a@b.com", password: "123" } } + end.to change(User, :count).by(1) + + expect(response).to be_successful + end + + it 'Nothing changes if existing email is used' do + create(:user, email: "a@b.com") + + expect do + post :create, params: { user: { email: "a@b.com", password: "123" } } + end.not_to change(User, :count) + + expect(response).to be_successful + end + end + end +end -- 2.47.3 From 83aa0a7aab4cbee48228ab54b0be32b8282dc8f4 Mon Sep 17 00:00:00 2001 From: Bilal Date: Wed, 29 Jul 2020 18:45:11 +0200 Subject: [PATCH 2/4] prevent nil token --- .env.sample | 3 +++ app/controllers/api/users_controller.rb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 92c84ee..c849ec4 100644 --- a/.env.sample +++ b/.env.sample @@ -27,3 +27,6 @@ MUX_TOKEN_ID= MUX_TOKEN_SECRET= MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app MUX_TEST_MODE_DISABLED= + +# Required for +CUSTOM_API_TOKEN= \ No newline at end of file diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index 34be00a..87dca55 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -20,7 +20,7 @@ class Api::UsersController < Api::ApiController end def verify_custom_token - if token != ENV['CUSTOM_API_TOKEN'] + if token.nil? || token.empty? || token != ENV['CUSTOM_API_TOKEN'] unauthorized_entity(:user) end end -- 2.47.3 From acfb3bed7081db12ecb6f151ffb0b4bc0c143871 Mon Sep 17 00:00:00 2001 From: Bilal Date: Wed, 29 Jul 2020 18:45:27 +0200 Subject: [PATCH 3/4] prevent nil token --- .env.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index c849ec4..4fd0cf0 100644 --- a/.env.sample +++ b/.env.sample @@ -28,5 +28,5 @@ MUX_TOKEN_SECRET= MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app MUX_TEST_MODE_DISABLED= -# Required for +# Required for creating user throug API CUSTOM_API_TOKEN= \ No newline at end of file -- 2.47.3 From d0ae5898d754c33b13e904a4426ec7eed621a2ed Mon Sep 17 00:00:00 2001 From: Bilal Date: Mon, 3 Aug 2020 16:59:33 +0200 Subject: [PATCH 4/4] fix MR comments --- .env.sample | 2 +- app/controllers/api/users_controller.rb | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.env.sample b/.env.sample index 4fd0cf0..ef9b8c6 100644 --- a/.env.sample +++ b/.env.sample @@ -28,5 +28,5 @@ MUX_TOKEN_SECRET= MUX_BROADCAST_SERVER_URL=rtmp://global-live.mux.com:5222/app MUX_TEST_MODE_DISABLED= -# Required for creating user throug API +# Required for creating user through API CUSTOM_API_TOKEN= \ No newline at end of file diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index 87dca55..1af1d76 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -16,11 +16,16 @@ class Api::UsersController < Api::ApiController private def user_params - params.require(:user).permit(%i[email password]) + params.require(:user).permit(%i[ + email + password + first_name + last_name + ]) end def verify_custom_token - if token.nil? || token.empty? || token != ENV['CUSTOM_API_TOKEN'] + if token.blank? || token != ENV['CUSTOM_API_TOKEN'] unauthorized_entity(:user) end end -- 2.47.3