DGNum/demarches-normaliennes
11
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

ApiController: check token validity for a given admin

Browse source
This commit is contained in:
simon lehericey 2018-09-26 15:39:45 +02:00
parent d576d426f4
commit 4a04f2e59f
3 changed files with 43 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/controllers/api_controller.rb
View file

@ -16,6 +16,10 @@ class APIController < ApplicationController
protected protected
def valid_token_for_administrateur?(administrateur)
administrateur.valid_api_token?(token)
end
def default_format_json def default_format_json
request.format = "json" if !request.params[:format] request.format = "json" if !request.params[:format]
end end
@ -26,6 +30,10 @@ class APIController < ApplicationController
end end
end end
def token
params_token.presence || header_token
end
def header_token def header_token
received_token = nil received_token = nil
authenticate_with_http_token do |token, _options| authenticate_with_http_token do |token, _options|
@ -33,4 +41,8 @@ class APIController < ApplicationController
end end
received_token received_token
end end
def params_token
params[:token]
end
end end

6
app/models/administrateur.rb
View file

@ -43,6 +43,12 @@ class Administrateur < ApplicationRecord
api_token api_token
end end
def valid_api_token?(api_token)
BCrypt::Password.new(encrypted_token) == api_token
rescue BCrypt::Errors::InvalidHash
false
end
def registration_state def registration_state
if active? if active?
'Actif' 'Actif'

67
spec/controllers/api_controller_spec.rb
View file

@ -1,55 +1,38 @@
require 'spec_helper' require 'spec_helper'
describe APIController, type: :controller do describe APIController, type: :controller do
controller(APIController) do describe 'valid_token_for_administrateur?' do
def show let!(:admin) { create(:administrateur) }
render json: {}, satus: 200
subject { controller.send(:'valid_token_for_administrateur?', admin) }
context 'when the admin has not any token' do
context 'and the token is not given' do
it { is_expected.to be false }
end
end end
def index context 'when the admin has a token' do
render json: {}, satus: 200 let!(:token) { admin.renew_api_token }
end
end
describe 'GET index' do context 'and the token is given by params' do
let!(:administrateur) { create(:administrateur) } before { controller.params[:token] = token }
let!(:administrateur_with_token) { create(:administrateur, :with_api_token) }
context 'when token is missing' do it { is_expected.to be true }
subject { get :index }
it { expect(subject.status).to eq(401) }
end
context 'when token is empty' do
subject { get :index, params: { token: nil } }
it { expect(subject.status).to eq(401) }
end
context 'when token does not exist' do
let(:token) { 'invalid_token' }
subject { get :index, params: { token: token } }
it { expect(subject.status).to eq(401) }
end
context 'when token exist in the params' do
subject { get :index, params: { token: administrateur_with_token.api_token } }
it { expect(subject.status).to eq(200) }
end
context 'when token exist in the header' do
before do
valid_headers = { 'Authorization' => "Bearer token=#{administrateur_with_token.api_token}" }
request.headers.merge!(valid_headers)
end end
subject { get(:index) } context 'and the token is given by header' do
before do
valid_headers = { 'Authorization' => "Bearer token=#{token}" }
request.headers.merge!(valid_headers)
end
it { expect(subject.status).to eq(200) } it { is_expected.to be true }
end
context 'and the token is not given' do
it { is_expected.to be false }
end
end end
end end
end end