From 566f8dae059b2927621d2e47a72ed37fcf0694c5 Mon Sep 17 00:00:00 2001 From: Bilal Date: Mon, 3 Aug 2020 14:13:49 +0200 Subject: [PATCH 1/3] sign in user when token is fetched --- app/controllers/api/user_token_controller.rb | 15 ++++++++++++--- db/structure.sql | 17 +++-------------- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/app/controllers/api/user_token_controller.rb b/app/controllers/api/user_token_controller.rb index c9ab895..401127f 100644 --- a/app/controllers/api/user_token_controller.rb +++ b/app/controllers/api/user_token_controller.rb @@ -1,5 +1,8 @@ class Api::UserTokenController < Knock::AuthTokenController + include Oath::ControllerHelpers + skip_before_action :verify_authenticity_token + before_action :sign_in_user rescue_from Exception, :with => :return_error @@ -10,7 +13,7 @@ class Api::UserTokenController < Knock::AuthTokenController logger.error "==Handled=======" logger.error exception.message logger.error exception.backtrace.join("\n") - logger.error "==Handled=======" + logger.error "==Handled=======" case exception when ActiveRecord::RecordNotFound @status = 404 @@ -27,12 +30,18 @@ class Api::UserTokenController < Knock::AuthTokenController end # for some reason render json_errors is not working - # simulating JSON API support - render json: { + # simulating JSON API support + render json: { errors: [{ status: @status.to_s, title: @message }] } end + + private + + def sign_in_user + sign_in(entity) + end end diff --git a/db/structure.sql b/db/structure.sql index 7246f09..5e3e9ce 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -9,20 +9,6 @@ SET xmloption = content; SET client_min_messages = warning; SET row_security = off; --- --- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: - --- - -CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog; - - --- --- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: - --- - -COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language'; - - -- -- Name: fuzzystrmatch; Type: EXTENSION; Schema: -; Owner: - -- @@ -1475,6 +1461,7 @@ CREATE TABLE public.settings ( -- CREATE SEQUENCE public.settings_id_seq + AS integer START WITH 1 INCREMENT BY 1 NO MINVALUE @@ -1510,6 +1497,7 @@ CREATE TABLE public.taggings ( -- CREATE SEQUENCE public.taggings_id_seq + AS integer START WITH 1 INCREMENT BY 1 NO MINVALUE @@ -1540,6 +1528,7 @@ CREATE TABLE public.tags ( -- CREATE SEQUENCE public.tags_id_seq + AS integer START WITH 1 INCREMENT BY 1 NO MINVALUE -- 2.47.3 From 69d4ef0fb2bce1734b6a05293f0290e8e756829d Mon Sep 17 00:00:00 2001 From: Bilal Date: Mon, 3 Aug 2020 15:28:22 +0200 Subject: [PATCH 2/3] monkeypatch knock --- app/controllers/api/user_token_controller.rb | 4 ++++ lib/knock_monkeypatch.rb | 7 +++++++ 2 files changed, 11 insertions(+) create mode 100644 lib/knock_monkeypatch.rb diff --git a/app/controllers/api/user_token_controller.rb b/app/controllers/api/user_token_controller.rb index 401127f..cae81f9 100644 --- a/app/controllers/api/user_token_controller.rb +++ b/app/controllers/api/user_token_controller.rb @@ -1,3 +1,7 @@ +# frozen_string_literal: true + +require './lib/knock_monkeypatch' + class Api::UserTokenController < Knock::AuthTokenController include Oath::ControllerHelpers diff --git a/lib/knock_monkeypatch.rb b/lib/knock_monkeypatch.rb new file mode 100644 index 0000000..ade5f2c --- /dev/null +++ b/lib/knock_monkeypatch.rb @@ -0,0 +1,7 @@ +module Knock + class AuthTokenController < ApplicationController + skip_before_action :authenticate + alias authenticate_with_token authenticate + before_action :authenticate_with_token + end +end \ No newline at end of file -- 2.47.3 From 4ae8525ba832630178a11890dcf4e47d0213b8f5 Mon Sep 17 00:00:00 2001 From: Bilal Date: Mon, 3 Aug 2020 16:13:25 +0200 Subject: [PATCH 3/3] add specs --- .../api/user_token_controller_spec.rb | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 spec/controllers/api/user_token_controller_spec.rb diff --git a/spec/controllers/api/user_token_controller_spec.rb b/spec/controllers/api/user_token_controller_spec.rb new file mode 100644 index 0000000..cb01e35 --- /dev/null +++ b/spec/controllers/api/user_token_controller_spec.rb @@ -0,0 +1,63 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe Api::UserTokenController, type: :request do + let(:current_user) { create(:user) } + + describe '#create' do + it 'returns error if credentials are not corrent and does not set cookie' do + + post create_endpoint, params: wrong_auth_params + + expect(response).to be_successful + expect(response.body).to match record_not_found + expect(cookie_data).to eq nil + end + + it 'sends token and cookie if credentials are correct' do + post create_endpoint, params: correct_auth_params + + expect(response).to be_successful + expect(response.body).not_to match record_not_found + expect(response.body).to match token_response + expect(cookie_data).not_to eq nil + end + end + + private + + def wrong_auth_params + { + auth: { + email: 'wrong_email@api-test.com', + password: 'password' + } + } + end + + def correct_auth_params + { + auth: { + email: current_user.email, + password: 'password' + } + } + end + + def create_endpoint + '/api/v1/user_token' + end + + def record_not_found + /Record not found/ + end + + def token_response + /jwt/ + end + + def cookie_data + cookies[:_easy_release_session] + end +end -- 2.47.3