ApiController: check token validity for a given admin

This commit is contained in:
simon lehericey 2018-09-26 15:39:45 +02:00
parent d576d426f4
commit 4a04f2e59f
3 changed files with 43 additions and 42 deletions

View file

@ -16,6 +16,10 @@ class APIController < ApplicationController
protected
def valid_token_for_administrateur?(administrateur)
administrateur.valid_api_token?(token)
end
def default_format_json
request.format = "json" if !request.params[:format]
end
@ -26,6 +30,10 @@ class APIController < ApplicationController
end
end
def token
params_token.presence || header_token
end
def header_token
received_token = nil
authenticate_with_http_token do |token, _options|
@ -33,4 +41,8 @@ class APIController < ApplicationController
end
received_token
end
def params_token
params[:token]
end
end

View file

@ -43,6 +43,12 @@ class Administrateur < ApplicationRecord
api_token
end
def valid_api_token?(api_token)
BCrypt::Password.new(encrypted_token) == api_token
rescue BCrypt::Errors::InvalidHash
false
end
def registration_state
if active?
'Actif'

View file

@ -1,55 +1,38 @@
require 'spec_helper'
describe APIController, type: :controller do
controller(APIController) do
def show
render json: {}, satus: 200
describe 'valid_token_for_administrateur?' do
let!(:admin) { create(:administrateur) }
subject { controller.send(:'valid_token_for_administrateur?', admin) }
context 'when the admin has not any token' do
context 'and the token is not given' do
it { is_expected.to be false }
end
end
def index
render json: {}, satus: 200
end
end
context 'when the admin has a token' do
let!(:token) { admin.renew_api_token }
describe 'GET index' do
let!(:administrateur) { create(:administrateur) }
let!(:administrateur_with_token) { create(:administrateur, :with_api_token) }
context 'and the token is given by params' do
before { controller.params[:token] = token }
context 'when token is missing' do
subject { get :index }
it { expect(subject.status).to eq(401) }
end
context 'when token is empty' do
subject { get :index, params: { token: nil } }
it { expect(subject.status).to eq(401) }
end
context 'when token does not exist' do
let(:token) { 'invalid_token' }
subject { get :index, params: { token: token } }
it { expect(subject.status).to eq(401) }
end
context 'when token exist in the params' do
subject { get :index, params: { token: administrateur_with_token.api_token } }
it { expect(subject.status).to eq(200) }
end
context 'when token exist in the header' do
before do
valid_headers = { 'Authorization' => "Bearer token=#{administrateur_with_token.api_token}" }
request.headers.merge!(valid_headers)
it { is_expected.to be true }
end
subject { get(:index) }
context 'and the token is given by header' do
before do
valid_headers = { 'Authorization' => "Bearer token=#{token}" }
request.headers.merge!(valid_headers)
end
it { expect(subject.status).to eq(200) }
it { is_expected.to be true }
end
context 'and the token is not given' do
it { is_expected.to be false }
end
end
end
end