DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Add token authentication to API

Browse source
This commit is contained in:
Paul Chavard 2018-03-08 17:41:54 +01:00 committed by Frederic Merizen
parent c48a60de90
commit 87d1948023
4 changed files with 39 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/v1/dossiers_controller.rb
View file

@ -1,7 +1,6 @@
class API::V1::DossiersController < APIController
api :GET, '/procedures/:procedure_id/dossiers/', 'Liste de tous les dossiers d\'une procédure'
param :procedure_id, Integer, desc: "L'identifiant de la procédure", required: true
param :token, String, desc: "Token administrateur", required: true
error code: 401, desc: "Non authorisé"
error code: 404, desc: "Procédure inconnue"
@ -17,7 +16,6 @@ class API::V1::DossiersController < APIController
api :GET, '/procedures/:procedure_id/dossiers/:id', 'Informations du dossier d\'une procédure'
param :procedure_id, Integer, desc: "L'identifiant de la procédure", required: true
param :dossier_id, Integer, desc: "L'identifiant du dossier", required: true
param :token, String, desc: "Token administrateur", required: true
error code: 401, desc: "Non authorisé"
error code: 404, desc: "Procédure ou dossier inconnu"

1
app/controllers/api/v1/procedures_controller.rb
View file

@ -1,7 +1,6 @@
class API::V1::ProceduresController < APIController
api :GET, '/procedures/:id', 'Informations concernant une procédure'
param :id, Integer, desc: "L'identifiant de la procédure", required: true
param :token, String, desc: "Token administrateur", required: true
error code: 401, desc: "Non authorisé"
error code: 404, desc: "Procédure inconnue"

26
app/controllers/api_controller.rb
View file

@ -2,8 +2,20 @@ class APIController < ApplicationController
before_action :authenticate_user
before_action :default_format_json
resource_description do
description <<-EOS
L'authentification de l'API se fait via un header HTTP :
```
Authorization: Bearer &lt;Token administrateur&gt;
```
EOS
end
def authenticate_user
render json: {}, status: 401 if !valid_token?
if !valid_token?
request_http_token_authentication
end
end
protected
@ -13,7 +25,17 @@ class APIController < ApplicationController
end
def current_administrateur
@administrateur ||= Administrateur.find_by(api_token: params[:token])
@administrateur ||= (authenticate_with_bearer_token || authenticate_with_param_token)
end
def authenticate_with_bearer_token
authenticate_with_http_token do |token, options|
Administrateur.find_by(api_token: token)
end
end
def authenticate_with_param_token
Administrateur.find_by(api_token: params[:token])
end
def default_format_json

15
spec/controllers/api/v1/dossiers_controller_spec.rb
View file

@ -7,6 +7,21 @@ describe API::V1::DossiersController do
it { expect(described_class).to be < APIController }
describe 'GET index (with bearer token)' do
let(:authorization_header) { ActionController::HttpAuthentication::Token.encode_credentials(admin.api_token) }
let(:retour) do
request.env['HTTP_AUTHORIZATION'] = authorization_header
get :index, params: { procedure_id: procedure_id }
end
subject { retour }
context 'when procedure is not found' do
let(:procedure_id) { 99_999_999 }
it { expect(subject.code).to eq('404') }
end
end
describe 'GET index' do
let(:retour) { get :index, params: { token: admin.api_token, procedure_id: procedure_id } }