├── .gitignore ├── .rspec ├── .rubocop.yml ├── .travis.yml ├── Gemfile ├── Gemfile.lock ├── README.md ├── Rakefile ├── app ├── assets │ └── images │ │ └── .keep ├── controllers │ ├── application_controller.rb │ ├── concerns │ │ ├── .keep │ │ └── warden_helper.rb │ ├── customers_controller.rb │ ├── sessions_controller.rb │ └── unauthenticated_controller.rb ├── mailers │ └── .keep ├── models │ ├── .keep │ ├── authentication_token.rb │ ├── concerns │ │ └── .keep │ ├── customer.rb │ └── user.rb ├── serializers │ └── customer_serializer.rb └── services │ └── token_issuer.rb ├── bin ├── bundle ├── rails ├── rake ├── rspec ├── setup └── spring ├── config.ru ├── config ├── application.rb ├── boot.rb ├── database.yml ├── environment.rb ├── environments │ ├── development.rb │ ├── production.rb │ └── test.rb ├── initializers │ ├── filter_parameter_logging.rb │ ├── secret_token.rb │ ├── warden.rb │ └── wrap_parameters.rb ├── locales │ └── en.yml ├── routes.rb └── secrets.yml ├── db ├── migrate │ ├── 20150822170603_create_customers.rb │ ├── 20150822191406_create_authentication_tokens.rb │ └── 20150822192907_create_users.rb ├── schema.rb └── seeds.rb ├── lib ├── assets │ └── .keep ├── authentication_token_strategy.rb └── tasks │ └── .keep ├── log └── .keep ├── public ├── 404.html ├── 422.html ├── 500.html ├── favicon.ico └── robots.txt └── spec ├── controllers ├── customers_controller_spec.rb └── sessions_controller_spec.rb ├── lib └── authentication_token_strategy_spec.rb ├── models ├── authentication_token_spec.rb ├── customer_spec.rb └── user_spec.rb ├── rails_helper.rb ├── requests ├── cors_headers_spec.rb ├── customers_spec.rb └── sessions_spec.rb ├── routing ├── customers_routing_spec.rb └── sessions_routing_spec.rb ├── services └── token_issuer_spec.rb ├── spec_helper.rb └── support ├── api_controller.rb ├── authenticated_api_controller.rb └── warden.rb /.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile '~/.gitignore_global' 6 | 7 | # Ignore bundler config. 8 | /.bundle 9 | 10 | # Ignore the default SQLite database. 11 | /db/*.sqlite3 12 | /db/*.sqlite3-journal 13 | 14 | # Ignore all logfiles and tempfiles. 15 | /log/* 16 | !/log/.keep 17 | /tmp 18 | -------------------------------------------------------------------------------- /.rspec: -------------------------------------------------------------------------------- 1 | --color 2 | --require spec_helper 3 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | Encoding: 2 | Enabled: false 3 | Style/Documentation: 4 | Enabled: false 5 | Metrics/LineLength: 6 | Enabled: false 7 | AllCops: 8 | Exclude: 9 | - db/**/* 10 | - bin/rails 11 | - bin/rake 12 | - bin/rspec 13 | - bin/spring 14 | - spec/support/warden.rb 15 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | rvm: 3 | - 2.3.1 4 | before_install: gem install bundler 5 | cache: 6 | - bundler 7 | addons: 8 | code_climate: 9 | repo_token: 855db593bb34071ed1036e3a882ef223fef7c2fdc66496e13d5f4a1094a955b0 10 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'rails', '~> 4' 4 | gem 'rails-api' 5 | gem 'sqlite3' 6 | gem 'active_model_serializers' 7 | 8 | gem 'warden' 9 | gem 'bcrypt', '~> 3.1.7' 10 | gem 'has_secure_token' 11 | 12 | group :development do 13 | gem 'spring' 14 | gem 'spring-commands-rspec' 15 | end 16 | 17 | group :test do 18 | gem 'shoulda-matchers', require: false 19 | gem 'codeclimate-test-reporter', require: nil 20 | end 21 | 22 | group :development, :test do 23 | gem 'rspec-rails', '~> 3.0' 24 | end 25 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | actionmailer (4.2.7.1) 5 | actionpack (= 4.2.7.1) 6 | actionview (= 4.2.7.1) 7 | activejob (= 4.2.7.1) 8 | mail (~> 2.5, >= 2.5.4) 9 | rails-dom-testing (~> 1.0, >= 1.0.5) 10 | actionpack (4.2.7.1) 11 | actionview (= 4.2.7.1) 12 | activesupport (= 4.2.7.1) 13 | rack (~> 1.6) 14 | rack-test (~> 0.6.2) 15 | rails-dom-testing (~> 1.0, >= 1.0.5) 16 | rails-html-sanitizer (~> 1.0, >= 1.0.2) 17 | actionview (4.2.7.1) 18 | activesupport (= 4.2.7.1) 19 | builder (~> 3.1) 20 | erubis (~> 2.7.0) 21 | rails-dom-testing (~> 1.0, >= 1.0.5) 22 | rails-html-sanitizer (~> 1.0, >= 1.0.2) 23 | active_model_serializers (0.10.2) 24 | actionpack (>= 4.1, < 6) 25 | activemodel (>= 4.1, < 6) 26 | jsonapi (~> 0.1.1.beta2) 27 | railties (>= 4.1, < 6) 28 | activejob (4.2.7.1) 29 | activesupport (= 4.2.7.1) 30 | globalid (>= 0.3.0) 31 | activemodel (4.2.7.1) 32 | activesupport (= 4.2.7.1) 33 | builder (~> 3.1) 34 | activerecord (4.2.7.1) 35 | activemodel (= 4.2.7.1) 36 | activesupport (= 4.2.7.1) 37 | arel (~> 6.0) 38 | activesupport (4.2.7.1) 39 | i18n (~> 0.7) 40 | json (~> 1.7, >= 1.7.7) 41 | minitest (~> 5.1) 42 | thread_safe (~> 0.3, >= 0.3.4) 43 | tzinfo (~> 1.1) 44 | arel (6.0.3) 45 | bcrypt (3.1.11) 46 | builder (3.2.2) 47 | codeclimate-test-reporter (0.6.0) 48 | simplecov (>= 0.7.1, < 1.0.0) 49 | concurrent-ruby (1.0.2) 50 | diff-lcs (1.2.5) 51 | docile (1.1.5) 52 | erubis (2.7.0) 53 | globalid (0.3.7) 54 | activesupport (>= 4.1.0) 55 | has_secure_token (1.0.0) 56 | activerecord (>= 3.0) 57 | i18n (0.7.0) 58 | json (1.8.3) 59 | jsonapi (0.1.1.beta2) 60 | json (~> 1.8) 61 | loofah (2.0.3) 62 | nokogiri (>= 1.5.9) 63 | mail (2.6.4) 64 | mime-types (>= 1.16, < 4) 65 | mime-types (3.1) 66 | mime-types-data (~> 3.2015) 67 | mime-types-data (3.2016.0521) 68 | mini_portile2 (2.1.0) 69 | minitest (5.9.0) 70 | nokogiri (1.6.8) 71 | mini_portile2 (~> 2.1.0) 72 | pkg-config (~> 1.1.7) 73 | pkg-config (1.1.7) 74 | rack (1.6.4) 75 | rack-test (0.6.3) 76 | rack (>= 1.0) 77 | rails (4.2.7.1) 78 | actionmailer (= 4.2.7.1) 79 | actionpack (= 4.2.7.1) 80 | actionview (= 4.2.7.1) 81 | activejob (= 4.2.7.1) 82 | activemodel (= 4.2.7.1) 83 | activerecord (= 4.2.7.1) 84 | activesupport (= 4.2.7.1) 85 | bundler (>= 1.3.0, < 2.0) 86 | railties (= 4.2.7.1) 87 | sprockets-rails 88 | rails-api (0.4.0) 89 | actionpack (>= 3.2.11) 90 | railties (>= 3.2.11) 91 | rails-deprecated_sanitizer (1.0.3) 92 | activesupport (>= 4.2.0.alpha) 93 | rails-dom-testing (1.0.7) 94 | activesupport (>= 4.2.0.beta, < 5.0) 95 | nokogiri (~> 1.6.0) 96 | rails-deprecated_sanitizer (>= 1.0.1) 97 | rails-html-sanitizer (1.0.3) 98 | loofah (~> 2.0) 99 | railties (4.2.7.1) 100 | actionpack (= 4.2.7.1) 101 | activesupport (= 4.2.7.1) 102 | rake (>= 0.8.7) 103 | thor (>= 0.18.1, < 2.0) 104 | rake (11.2.2) 105 | rspec-core (3.5.2) 106 | rspec-support (~> 3.5.0) 107 | rspec-expectations (3.5.0) 108 | diff-lcs (>= 1.2.0, < 2.0) 109 | rspec-support (~> 3.5.0) 110 | rspec-mocks (3.5.0) 111 | diff-lcs (>= 1.2.0, < 2.0) 112 | rspec-support (~> 3.5.0) 113 | rspec-rails (3.5.1) 114 | actionpack (>= 3.0) 115 | activesupport (>= 3.0) 116 | railties (>= 3.0) 117 | rspec-core (~> 3.5.0) 118 | rspec-expectations (~> 3.5.0) 119 | rspec-mocks (~> 3.5.0) 120 | rspec-support (~> 3.5.0) 121 | rspec-support (3.5.0) 122 | shoulda-matchers (3.1.1) 123 | activesupport (>= 4.0.0) 124 | simplecov (0.12.0) 125 | docile (~> 1.1.0) 126 | json (>= 1.8, < 3) 127 | simplecov-html (~> 0.10.0) 128 | simplecov-html (0.10.0) 129 | spring (1.7.2) 130 | spring-commands-rspec (1.0.4) 131 | spring (>= 0.9.1) 132 | sprockets (3.7.0) 133 | concurrent-ruby (~> 1.0) 134 | rack (> 1, < 3) 135 | sprockets-rails (3.1.1) 136 | actionpack (>= 4.0) 137 | activesupport (>= 4.0) 138 | sprockets (>= 3.0.0) 139 | sqlite3 (1.3.11) 140 | thor (0.19.1) 141 | thread_safe (0.3.5) 142 | tzinfo (1.2.2) 143 | thread_safe (~> 0.1) 144 | warden (1.2.6) 145 | rack (>= 1.0) 146 | 147 | PLATFORMS 148 | ruby 149 | 150 | DEPENDENCIES 151 | active_model_serializers 152 | bcrypt (~> 3.1.7) 153 | codeclimate-test-reporter 154 | has_secure_token 155 | rails (~> 4) 156 | rails-api 157 | rspec-rails (~> 3.0) 158 | shoulda-matchers 159 | spring 160 | spring-commands-rspec 161 | sqlite3 162 | warden 163 | 164 | BUNDLED WITH 165 | 1.12.5 166 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | [![Code Climate](https://codeclimate.com/github/lucatironi/example_rails_api/badges/gpa.svg)](https://codeclimate.com/github/lucatironi/example_rails_api) [![Test Coverage](https://codeclimate.com/github/lucatironi/example_rails_api/badges/coverage.svg)](https://codeclimate.com/github/lucatironi/example_rails_api/coverage) [![Build Status](https://travis-ci.org/lucatironi/example_rails_api.svg?branch=master)](https://travis-ci.org/lucatironi/example_rails_api) 4 | 5 | A simple experiment to create an API with rails-api, authentication strategy with Warden, RSpec tests and CORS headers. 6 | 7 | A tutorial to explain how to build this example application can be found on [my website](http://lucatironi.github.io/tutorial/2015/08/23/rails_api_authentication_warden/). 8 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /app/assets/images/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/app/assets/images/.keep -------------------------------------------------------------------------------- /app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::API 2 | include WardenHelper 3 | 4 | rescue_from ActiveRecord::RecordNotFound, with: :not_found 5 | rescue_from ActionController::ParameterMissing, with: :missing_param_error 6 | 7 | def not_found 8 | render status: :not_found, json: '' 9 | end 10 | 11 | def missing_param_error(exception) 12 | render status: :unprocessable_entity, json: { error: exception.message } 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /app/controllers/concerns/warden_helper.rb: -------------------------------------------------------------------------------- 1 | module WardenHelper 2 | extend ActiveSupport::Concern 3 | 4 | included do 5 | helper_method :warden, :current_user 6 | 7 | prepend_before_action :authenticate! 8 | end 9 | 10 | def current_user 11 | warden.user 12 | end 13 | 14 | def warden 15 | request.env['warden'] 16 | end 17 | 18 | def authenticate! 19 | warden.authenticate! 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /app/controllers/customers_controller.rb: -------------------------------------------------------------------------------- 1 | class CustomersController < ApplicationController 2 | before_action :set_customer, only: [:show, :update, :destroy] 3 | 4 | def index 5 | @customers = Customer.all 6 | 7 | render json: @customers 8 | end 9 | 10 | def show 11 | render json: @customer 12 | end 13 | 14 | def create 15 | @customer = Customer.new(customer_params) 16 | 17 | if @customer.save 18 | render json: @customer, status: :created, location: @customer 19 | else 20 | render json: @customer.errors, status: :unprocessable_entity 21 | end 22 | end 23 | 24 | def update 25 | if @customer.update(customer_params) 26 | head :no_content 27 | else 28 | render json: @customer.errors, status: :unprocessable_entity 29 | end 30 | end 31 | 32 | def destroy 33 | @customer.destroy 34 | 35 | head :no_content 36 | end 37 | 38 | private 39 | 40 | def set_customer 41 | @customer = Customer.find(params[:id]) 42 | end 43 | 44 | def customer_params 45 | params.require(:customer).permit(:full_name, :email, :phone) 46 | end 47 | end 48 | -------------------------------------------------------------------------------- /app/controllers/sessions_controller.rb: -------------------------------------------------------------------------------- 1 | class SessionsController < ApplicationController 2 | skip_before_action :authenticate!, only: [:create] 3 | 4 | def create 5 | user = User.find_by(email: session_params[:email]) 6 | if user && user.authenticate(session_params[:password]) 7 | token = TokenIssuer.create_and_return_token(user, request) 8 | render status: :ok, json: { user_email: user.email, auth_token: token } 9 | else 10 | render status: :unauthorized, json: '' 11 | end 12 | end 13 | 14 | def destroy 15 | TokenIssuer.expire_token(current_user, request) if current_user 16 | render status: :ok, json: '' 17 | end 18 | 19 | private 20 | 21 | def session_params 22 | params.require(:user).permit(:email, :password) 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /app/controllers/unauthenticated_controller.rb: -------------------------------------------------------------------------------- 1 | class UnauthenticatedController < ActionController::Metal 2 | def self.call(env) 3 | @respond ||= action(:respond) 4 | @respond.call(env) 5 | end 6 | 7 | def respond 8 | self.status = :unauthorized 9 | self.content_type = 'application/json' 10 | self.response_body = { errors: ['Unauthorized Request'] }.to_json 11 | headers['Access-Control-Allow-Origin'] = CORS_ALLOW_ORIGIN 12 | headers['Access-Control-Allow-Methods'] = CORS_ALLOW_METHODS 13 | headers['Access-Control-Allow-Headers'] = CORS_ALLOW_HEADERS 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /app/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/app/mailers/.keep -------------------------------------------------------------------------------- /app/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/app/models/.keep -------------------------------------------------------------------------------- /app/models/authentication_token.rb: -------------------------------------------------------------------------------- 1 | class AuthenticationToken < ActiveRecord::Base 2 | belongs_to :user 3 | has_secure_token :body 4 | end 5 | -------------------------------------------------------------------------------- /app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/app/models/concerns/.keep -------------------------------------------------------------------------------- /app/models/customer.rb: -------------------------------------------------------------------------------- 1 | class Customer < ActiveRecord::Base 2 | validates_presence_of :full_name 3 | end 4 | -------------------------------------------------------------------------------- /app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User < ActiveRecord::Base 2 | has_many :authentication_tokens 3 | has_secure_password 4 | validates :password, length: { minimum: 8 } 5 | end 6 | -------------------------------------------------------------------------------- /app/serializers/customer_serializer.rb: -------------------------------------------------------------------------------- 1 | class CustomerSerializer < ActiveModel::Serializer 2 | attributes :id, :full_name, :email, :phone 3 | end 4 | -------------------------------------------------------------------------------- /app/services/token_issuer.rb: -------------------------------------------------------------------------------- 1 | class TokenIssuer 2 | MAXIMUM_TOKENS_PER_USER = 20 3 | 4 | def self.build 5 | new(MAXIMUM_TOKENS_PER_USER) 6 | end 7 | 8 | def self.create_and_return_token(resource, request) 9 | build.create_and_return_token(resource, request) 10 | end 11 | 12 | def self.expire_token(resource, request) 13 | build.expire_token(resource, request) 14 | end 15 | 16 | def self.purge_old_tokens(resource) 17 | build.purge_old_tokens(resource) 18 | end 19 | 20 | def initialize(maximum_tokens_per_user) 21 | self.maximum_tokens_per_user = maximum_tokens_per_user 22 | end 23 | 24 | def create_and_return_token(resource, request) 25 | token = resource.authentication_tokens.create!( 26 | last_used_at: DateTime.current, 27 | ip_address: request.remote_ip, 28 | user_agent: request.user_agent) 29 | 30 | token.body 31 | end 32 | 33 | def expire_token(resource, request) 34 | find_token(resource, request.headers['X-Auth-Token']).try(:destroy) 35 | end 36 | 37 | def find_token(resource, token_from_headers) 38 | resource.authentication_tokens.detect do |token| 39 | token.body == token_from_headers 40 | end 41 | end 42 | 43 | def purge_old_tokens(resource) 44 | resource.authentication_tokens 45 | .order(last_used_at: :desc) 46 | .offset(maximum_tokens_per_user) 47 | .destroy_all 48 | end 49 | 50 | private 51 | 52 | attr_accessor :maximum_tokens_per_user 53 | end 54 | -------------------------------------------------------------------------------- /bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError 5 | end 6 | APP_PATH = File.expand_path('../../config/application', __FILE__) 7 | require_relative '../config/boot' 8 | require 'rails/commands' 9 | -------------------------------------------------------------------------------- /bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError 5 | end 6 | require_relative '../config/boot' 7 | require 'rake' 8 | Rake.application.run 9 | -------------------------------------------------------------------------------- /bin/rspec: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError 5 | end 6 | require 'bundler/setup' 7 | load Gem.bin_path('rspec-core', 'rspec') 8 | -------------------------------------------------------------------------------- /bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | 4 | # path to your application root. 5 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 6 | 7 | Dir.chdir APP_ROOT do 8 | # This script is a starting point to setup your application. 9 | # Add necessary setup steps to this file: 10 | 11 | puts '== Installing dependencies ==' 12 | system 'gem install bundler --conservative' 13 | system 'bundle check || bundle install' 14 | 15 | # puts "\n== Copying sample files ==" 16 | # unless File.exist?("config/database.yml") 17 | # system "cp config/database.yml.sample config/database.yml" 18 | # end 19 | 20 | puts "\n== Preparing database ==" 21 | system 'bin/rake db:setup' 22 | 23 | puts "\n== Removing old logs and tempfiles ==" 24 | system 'rm -f log/*' 25 | system 'rm -rf tmp/cache' 26 | 27 | puts "\n== Restarting application server ==" 28 | system 'touch tmp/restart.txt' 29 | end 30 | -------------------------------------------------------------------------------- /bin/spring: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # This file loads spring without using Bundler, in order to be fast. 4 | # It gets overwritten when you run the `spring binstub` command. 5 | 6 | unless defined?(Spring) 7 | require 'rubygems' 8 | require 'bundler' 9 | 10 | if match = Bundler.default_lockfile.read.match(/^GEM$.*?^ (?: )*spring \((.*?)\)$.*?^$/m) 11 | Gem.paths = { 'GEM_PATH' => [Bundler.bundle_path.to_s, *Gem.path].uniq } 12 | gem 'spring', match[1] 13 | require 'spring/binstub' 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails.application 5 | -------------------------------------------------------------------------------- /config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require 'rails' 4 | # Pick the frameworks you want: 5 | require 'active_model/railtie' 6 | require 'active_job/railtie' 7 | require 'active_record/railtie' 8 | require 'action_controller/railtie' 9 | require 'action_mailer/railtie' 10 | require 'action_view/railtie' 11 | # require "sprockets/railtie" 12 | # require "rails/test_unit/railtie" 13 | 14 | # Require the gems listed in Gemfile, including any gems 15 | # you've limited to :test, :development, or :production. 16 | Bundler.require(*Rails.groups) 17 | 18 | CORS_ALLOW_ORIGIN = '*' 19 | CORS_ALLOW_METHODS = %w(GET POST PUT DELETE OPTIONS).join(',') 20 | CORS_ALLOW_HEADERS = %w(Content-Type Accept X-User-Email X-Auth-Token).join(',') 21 | 22 | module ExampleApi 23 | class Application < Rails::Application 24 | # Settings in config/environments/* take precedence over those specified here. 25 | # Application configuration should go into files in config/initializers 26 | # -- all .rb files in that directory are automatically loaded. 27 | config.autoload_paths += %W(#{config.root}/app/services/**/) 28 | 29 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 30 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 31 | # config.time_zone = 'Central Time (US & Canada)' 32 | 33 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 34 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 35 | # config.i18n.default_locale = :de 36 | 37 | # Do not swallow errors in after_commit/after_rollback callbacks. 38 | config.active_record.raise_in_transactional_callbacks = true 39 | 40 | config.action_dispatch.default_headers = { 41 | 'Access-Control-Allow-Origin' => CORS_ALLOW_ORIGIN, 42 | 'Access-Control-Allow-Methods' => CORS_ALLOW_METHODS, 43 | 'Access-Control-Allow-Headers' => CORS_ALLOW_HEADERS 44 | } 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | -------------------------------------------------------------------------------- /config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: sqlite3 9 | pool: 5 10 | timeout: 5000 11 | 12 | development: 13 | <<: *default 14 | database: db/development.sqlite3 15 | 16 | # Warning: The database defined as "test" will be erased and 17 | # re-generated from your development database when you run "rake". 18 | # Do not set this db to the same as development or production. 19 | test: 20 | <<: *default 21 | database: db/test.sqlite3 22 | 23 | production: 24 | <<: *default 25 | database: db/production.sqlite3 26 | -------------------------------------------------------------------------------- /config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports and disable caching. 13 | config.consider_all_requests_local = true 14 | config.action_controller.perform_caching = false 15 | 16 | # Don't care if the mailer can't send. 17 | config.action_mailer.raise_delivery_errors = false 18 | 19 | # Print deprecation notices to the Rails logger. 20 | config.active_support.deprecation = :log 21 | 22 | # Raise an error on page load if there are pending migrations. 23 | config.active_record.migration_error = :page_load 24 | 25 | # Raises error for missing translations 26 | # config.action_view.raise_on_missing_translations = true 27 | end 28 | -------------------------------------------------------------------------------- /config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = true 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Enable Rack::Cache to put a simple HTTP cache in front of your application 18 | # Add `rack-cache` to your Gemfile before enabling this. 19 | # For large-scale production use, consider using a caching reverse proxy like 20 | # NGINX, varnish or squid. 21 | # config.action_dispatch.rack_cache = true 22 | 23 | # Disable serving static files from the `/public` folder by default since 24 | # Apache or NGINX already handles this. 25 | config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present? 26 | 27 | # Specifies the header that your server uses for sending files. 28 | # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache 29 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX 30 | 31 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 32 | # config.force_ssl = true 33 | 34 | # Use the lowest log level to ensure availability of diagnostic information 35 | # when problems arise. 36 | config.log_level = :debug 37 | 38 | # Prepend all log lines with the following tags. 39 | # config.log_tags = [ :subdomain, :uuid ] 40 | 41 | # Use a different logger for distributed setups. 42 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) 43 | 44 | # Use a different cache store in production. 45 | # config.cache_store = :mem_cache_store 46 | 47 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 48 | # config.action_controller.asset_host = 'http://assets.example.com' 49 | 50 | # Ignore bad email addresses and do not raise email delivery errors. 51 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 52 | # config.action_mailer.raise_delivery_errors = false 53 | 54 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 55 | # the I18n.default_locale when a translation cannot be found). 56 | config.i18n.fallbacks = true 57 | 58 | # Send deprecation notices to registered listeners. 59 | config.active_support.deprecation = :notify 60 | 61 | # Use default logging formatter so that PID and timestamp are not suppressed. 62 | config.log_formatter = ::Logger::Formatter.new 63 | 64 | # Do not dump schema after migrations. 65 | config.active_record.dump_schema_after_migration = false 66 | end 67 | -------------------------------------------------------------------------------- /config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Do not eager load code on boot. This avoids loading your whole application 11 | # just for the purpose of running a single test. If you are using a tool that 12 | # preloads Rails for running tests, you may have to set it to true. 13 | config.eager_load = false 14 | 15 | # Configure static file server for tests with Cache-Control for performance. 16 | config.serve_static_files = true 17 | config.static_cache_control = 'public, max-age=3600' 18 | 19 | # Show full error reports and disable caching. 20 | config.consider_all_requests_local = true 21 | config.action_controller.perform_caching = false 22 | 23 | # Raise exceptions instead of rendering exception templates. 24 | config.action_dispatch.show_exceptions = false 25 | 26 | # Disable request forgery protection in test environment. 27 | config.action_controller.allow_forgery_protection = false 28 | 29 | # Tell Action Mailer not to deliver emails to the real world. 30 | # The :test delivery method accumulates sent emails in the 31 | # ActionMailer::Base.deliveries array. 32 | config.action_mailer.delivery_method = :test 33 | 34 | # Randomize the order test cases are executed. 35 | config.active_support.test_order = :random 36 | 37 | # Print deprecation notices to the stderr. 38 | config.active_support.deprecation = :stderr 39 | 40 | # Raises error for missing translations 41 | # config.action_view.raise_on_missing_translations = true 42 | end 43 | -------------------------------------------------------------------------------- /config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /config/initializers/secret_token.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | 6 | # Make sure the secret is at least 30 characters and all random, 7 | # no regular words or you'll be exposed to dictionary attacks. 8 | # You can use `rake secret` to generate a secure secret key. 9 | 10 | # Make sure your secret_key_base is kept private 11 | # if you're sharing your code publicly. 12 | 13 | # Although this is not needed for an api-only application, rails4 14 | # requires secret_key_base or secret_token to be defined, otherwise an 15 | # error is raised. 16 | # Using secret_token for rails3 compatibility. Change to secret_key_base 17 | # to avoid deprecation warning. 18 | # Can be safely removed in a rails3 api-only application. 19 | ExampleApi::Application.config.secret_token = '5ef93413610548c92c32d1ef0999301d45ac9a08acf397cbb4aa6d4d19ee3befb76dd8012110d962a502fc7fc9f37a4f11fed02fbc34fb9f80c23dc4c01b2dd2' 20 | -------------------------------------------------------------------------------- /config/initializers/warden.rb: -------------------------------------------------------------------------------- 1 | require 'authentication_token_strategy' 2 | 3 | Warden::Strategies.add(:authentication_token, AuthenticationTokenStrategy) 4 | 5 | Rails.application.config.middleware.insert_after ActionDispatch::ParamsParser, Warden::Manager do |manager| 6 | manager.default_strategies :authentication_token 7 | manager.failure_app = UnauthenticatedController 8 | end 9 | -------------------------------------------------------------------------------- /config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | # 3 | # This file contains settings for ActionController::ParamsWrapper 4 | 5 | # Enable parameter wrapping for JSON. 6 | # ActiveSupport.on_load(:action_controller) do 7 | # wrap_parameters format: [:json] if respond_to?(:wrap_parameters) 8 | # end 9 | 10 | # To enable root element in JSON for ActiveRecord objects. 11 | # ActiveSupport.on_load(:active_record) do 12 | # self.include_root_in_json = true 13 | # end 14 | -------------------------------------------------------------------------------- /config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # To learn more, please read the Rails Internationalization guide 20 | # available at http://guides.rubyonrails.org/i18n.html. 21 | 22 | en: 23 | hello: "Hello world" 24 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | resource :sessions, only: [:create, :destroy] 3 | resources :customers, only: [:index, :show, :create, :update, :destroy] 4 | 5 | cors_head = proc do 6 | [ 7 | 204, 8 | { 9 | 'Content-Type' => 'text/plain', 10 | 'Access-Control-Allow-Origin' => CORS_ALLOW_ORIGIN, 11 | 'Access-Control-Allow-Methods' => CORS_ALLOW_METHODS, 12 | 'Access-Control-Allow-Headers' => CORS_ALLOW_HEADERS 13 | }, 14 | [] 15 | ] 16 | end 17 | match '/*path', to: cors_head, via: [:options, :head] 18 | end 19 | -------------------------------------------------------------------------------- /config/secrets.yml: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key is used for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | 6 | # Make sure the secret is at least 30 characters and all random, 7 | # no regular words or you'll be exposed to dictionary attacks. 8 | # You can use `rake secret` to generate a secure secret key. 9 | 10 | # Make sure the secrets in this file are kept private 11 | # if you're sharing your code publicly. 12 | 13 | development: 14 | secret_key_base: 68b0605c34b168686ad1ad708b7b29a231e1da6f6d0fe8c52b4c433682003aaad2a19f00799589d7d8d7b9d36182fc4da0599ae93fec42cfdaefa2ea8834399d 15 | 16 | test: 17 | secret_key_base: d58aa8a8eff27393584a197cf39958b9c4300425c8fe7db1f3ac6182bf566877083d6686639f57c38d6252461753bdd442f1d42c8a91052cd95135210e66cf71 18 | 19 | # Do not keep production secrets in the repository, 20 | # instead read values from the environment. 21 | production: 22 | secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> 23 | -------------------------------------------------------------------------------- /db/migrate/20150822170603_create_customers.rb: -------------------------------------------------------------------------------- 1 | class CreateCustomers < ActiveRecord::Migration 2 | def change 3 | create_table :customers do |t| 4 | t.string :full_name 5 | t.string :email 6 | t.string :phone 7 | 8 | t.timestamps null: false 9 | end 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /db/migrate/20150822191406_create_authentication_tokens.rb: -------------------------------------------------------------------------------- 1 | class CreateAuthenticationTokens < ActiveRecord::Migration 2 | def change 3 | create_table :authentication_tokens do |t| 4 | t.string :body 5 | t.references :user, index: true, foreign_key: true 6 | t.datetime :last_used_at 7 | t.string :ip_address 8 | t.string :user_agent 9 | 10 | t.timestamps null: false 11 | end 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /db/migrate/20150822192907_create_users.rb: -------------------------------------------------------------------------------- 1 | class CreateUsers < ActiveRecord::Migration 2 | def change 3 | create_table :users do |t| 4 | t.string :email, index: true 5 | t.string :password_digest 6 | 7 | t.timestamps null: false 8 | end 9 | end 10 | end 11 | -------------------------------------------------------------------------------- /db/schema.rb: -------------------------------------------------------------------------------- 1 | # encoding: UTF-8 2 | # This file is auto-generated from the current state of the database. Instead 3 | # of editing this file, please use the migrations feature of Active Record to 4 | # incrementally modify your database, and then regenerate this schema definition. 5 | # 6 | # Note that this schema.rb definition is the authoritative source for your 7 | # database schema. If you need to create the application database on another 8 | # system, you should be using db:schema:load, not running all the migrations 9 | # from scratch. The latter is a flawed and unsustainable approach (the more migrations 10 | # you'll amass, the slower it'll run and the greater likelihood for issues). 11 | # 12 | # It's strongly recommended that you check this file into your version control system. 13 | 14 | ActiveRecord::Schema.define(version: 20150822192907) do 15 | 16 | create_table "authentication_tokens", force: :cascade do |t| 17 | t.string "body" 18 | t.integer "user_id" 19 | t.datetime "last_used_at" 20 | t.string "ip_address" 21 | t.string "user_agent" 22 | t.datetime "created_at", null: false 23 | t.datetime "updated_at", null: false 24 | end 25 | 26 | add_index "authentication_tokens", ["user_id"], name: "index_authentication_tokens_on_user_id" 27 | 28 | create_table "customers", force: :cascade do |t| 29 | t.string "full_name" 30 | t.string "email" 31 | t.string "phone" 32 | t.datetime "created_at", null: false 33 | t.datetime "updated_at", null: false 34 | end 35 | 36 | create_table "users", force: :cascade do |t| 37 | t.string "email" 38 | t.string "password_digest" 39 | t.datetime "created_at", null: false 40 | t.datetime "updated_at", null: false 41 | end 42 | 43 | add_index "users", ["email"], name: "index_users_on_email" 44 | 45 | end 46 | -------------------------------------------------------------------------------- /db/seeds.rb: -------------------------------------------------------------------------------- 1 | User.create(email: "admin@example.com", password: "password") 2 | 3 | [ 4 | { full_name: "John Doe", email: "john.doe@example.com", phone: "033 1234 5678"}, 5 | { full_name: "Mark Smith", email: "mark.smith@example.com", phone: "034 6789 1234"}, 6 | { full_name: "Tom Clark", email: "tom.clark@example.com", phone: "033 4321 9876"}, 7 | { full_name: "Sue Palmer", email: "sue.palmer@example.com", phone: "034 9876 1234"}, 8 | { full_name: "Kate Lee", email: "kate.lee@example.com", phone: "033 6789 4321"} 9 | ].each do |customer_attributes| 10 | Customer.create(customer_attributes) 11 | end 12 | -------------------------------------------------------------------------------- /lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/lib/assets/.keep -------------------------------------------------------------------------------- /lib/authentication_token_strategy.rb: -------------------------------------------------------------------------------- 1 | class AuthenticationTokenStrategy < ::Warden::Strategies::Base 2 | def valid? 3 | user_email_from_headers.present? && auth_token_from_headers.present? 4 | end 5 | 6 | def authenticate! 7 | failure_message = 'Authentication failed for user/token' 8 | 9 | user = User.find_by(email: user_email_from_headers) 10 | return fail!(failure_message) unless user 11 | 12 | token = TokenIssuer.build.find_token(user, auth_token_from_headers) 13 | if token 14 | touch_token(token) 15 | return success!(user) 16 | end 17 | 18 | fail!(failure_message) 19 | end 20 | 21 | def store? 22 | false 23 | end 24 | 25 | private 26 | 27 | def user_email_from_headers 28 | env['HTTP_X_USER_EMAIL'] 29 | end 30 | 31 | def auth_token_from_headers 32 | env['HTTP_X_AUTH_TOKEN'] 33 | end 34 | 35 | def touch_token(token) 36 | token.update_attribute(:last_used_at, DateTime.current) if token.last_used_at < 1.hour.ago 37 | end 38 | end 39 | -------------------------------------------------------------------------------- /lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/lib/tasks/.keep -------------------------------------------------------------------------------- /log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/log/.keep -------------------------------------------------------------------------------- /public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lucatironi/example_rails_api/c25b4665ce43f70bfaa010ab1e58cb36406c5074/public/favicon.ico -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /spec/controllers/customers_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe CustomersController, type: :controller do 4 | before do 5 | user = User.create(email: 'user@example.com', password: 'password') 6 | authentication_token = AuthenticationToken.create(user_id: user.id, 7 | body: 'token', 8 | last_used_at: DateTime.current) 9 | request.env['HTTP_X_USER_EMAIL'] = user.email 10 | request.env['HTTP_X_AUTH_TOKEN'] = authentication_token.body 11 | end 12 | 13 | it_behaves_like 'api_controller' 14 | it_behaves_like 'authenticated_api_controller' 15 | 16 | # This should return the minimal set of attributes required to create a valid 17 | # Customer. As you add validations to Customer, be sure to 18 | # adjust the attributes here as well. 19 | let(:valid_attributes) do 20 | { full_name: 'John Doe', email: 'john.doe@example.com', phone: '123456789' } 21 | end 22 | 23 | let(:invalid_attributes) do 24 | { full_name: nil, email: 'john.doe@example.com', phone: '123456789' } 25 | end 26 | 27 | let!(:customer) { Customer.create(valid_attributes) } 28 | 29 | describe 'GET #index' do 30 | it 'assigns all customers as @customers' do 31 | get :index, format: :json 32 | expect(assigns(:customers)).to eq([customer]) 33 | expect(response).to be_success 34 | end 35 | end 36 | 37 | describe 'GET #show' do 38 | it 'assigns the requested customer as @customer' do 39 | get :show, id: customer.id, format: :json 40 | expect(assigns(:customer)).to eq(customer) 41 | expect(response).to be_success 42 | end 43 | end 44 | 45 | describe 'POST #create' do 46 | context 'with valid params' do 47 | it 'creates a new Customer' do 48 | expect do 49 | post :create, customer: valid_attributes, format: :json 50 | end.to change(Customer, :count).by(1) 51 | end 52 | 53 | it 'assigns a newly created customer as @customer' do 54 | post :create, customer: valid_attributes, format: :json 55 | expect(assigns(:customer)).to be_a(Customer) 56 | expect(assigns(:customer)).to be_persisted 57 | expect(response).to be_success 58 | end 59 | 60 | it 'returns success status' do 61 | post :create, customer: valid_attributes, format: :json 62 | expect(response).to be_success 63 | end 64 | end 65 | 66 | context 'with invalid params' do 67 | it 'assigns a newly created but unsaved customer as @customer' do 68 | post :create, customer: invalid_attributes, format: :json 69 | expect(assigns(:customer)).to be_a_new(Customer) 70 | end 71 | 72 | it 'returns unprocessable_entity status' do 73 | post :create, customer: invalid_attributes, format: :json 74 | expect(response.status).to eq(422) 75 | end 76 | end 77 | end 78 | 79 | describe 'PUT #update' do 80 | context 'with valid params' do 81 | let(:new_attributes) do 82 | { full_name: 'John F. Doe', phone: '234567890' } 83 | end 84 | 85 | it 'updates the requested customer' do 86 | put :update, id: customer.id, customer: new_attributes, format: :json 87 | customer.reload 88 | expect(customer.full_name).to eq('John F. Doe') 89 | expect(customer.phone).to eq('234567890') 90 | end 91 | 92 | it 'assigns the requested customer as @customer' do 93 | put :update, id: customer.id, customer: new_attributes, format: :json 94 | expect(assigns(:customer)).to eq(customer) 95 | end 96 | 97 | it 'returns success status' do 98 | put :update, id: customer.id, customer: new_attributes, format: :json 99 | expect(response).to be_success 100 | end 101 | end 102 | 103 | context 'with invalid params' do 104 | it 'assigns the customer as @customer' do 105 | put :update, id: customer.id, customer: invalid_attributes, format: :json 106 | expect(assigns(:customer)).to eq(customer) 107 | end 108 | 109 | it 'returns unprocessable_entity status' do 110 | put :update, id: customer.id, customer: invalid_attributes, format: :json 111 | expect(response.status).to eq(422) 112 | end 113 | end 114 | end 115 | 116 | describe 'DELETE #destroy' do 117 | it 'destroys the requested customer' do 118 | expect do 119 | delete :destroy, id: customer.id, format: :json 120 | end.to change(Customer, :count).by(-1) 121 | end 122 | 123 | it 'redirects to the customers list' do 124 | delete :destroy, id: customer.id, format: :json 125 | expect(response.status).to eq(204) 126 | end 127 | end 128 | end 129 | -------------------------------------------------------------------------------- /spec/controllers/sessions_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe SessionsController, type: :controller do 4 | let!(:user) { User.create(email: 'user@example.com', password: 'password') } 5 | let!(:authentication_token) do 6 | AuthenticationToken.create(user_id: user.id, 7 | body: 'token', last_used_at: DateTime.current) 8 | end 9 | 10 | let(:valid_attributes) do 11 | { user: { email: user.email, password: 'password' } } 12 | end 13 | 14 | let(:invalid_attributes) do 15 | { user: { email: user.email, password: 'not-the-right-password' } } 16 | end 17 | 18 | let(:parsed_response) { JSON.parse(response.body) } 19 | 20 | def set_auth_headers 21 | request.env['HTTP_X_USER_EMAIL'] = user.email 22 | request.env['HTTP_X_AUTH_TOKEN'] = authentication_token.body 23 | end 24 | 25 | before do 26 | allow(TokenIssuer).to receive(:create_and_return_token).and_return(authentication_token.body) 27 | end 28 | 29 | describe 'POST #create' do 30 | context 'with valid credentials' do 31 | before { post :create, valid_attributes, format: :json } 32 | 33 | it { expect(response).to be_success } 34 | it { expect(parsed_response).to eq('user_email' => user.email, 'auth_token' => authentication_token.body) } 35 | end 36 | 37 | context 'with invalid credentials' do 38 | before { post :create, invalid_attributes, format: :json } 39 | 40 | it { expect(response.status).to eq(401) } 41 | end 42 | 43 | context 'with missing/invalid params' do 44 | before { post :create, foo: { bar: 'baz' }, format: :json } 45 | 46 | it { expect(response.status).to eq(422) } 47 | end 48 | end 49 | 50 | describe 'DELETE #destroy' do 51 | context 'with valid credentials' do 52 | before do 53 | set_auth_headers 54 | delete :destroy, format: :json 55 | end 56 | 57 | it { expect(response).to be_success } 58 | end 59 | 60 | context 'with invalid credentials' do 61 | before { delete :destroy, format: :json } 62 | 63 | it { expect(response.status).to eq(401) } 64 | end 65 | end 66 | end 67 | -------------------------------------------------------------------------------- /spec/lib/authentication_token_strategy_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe AuthenticationTokenStrategy, type: :model do 4 | let!(:user) do 5 | User.create(email: 'user@example.com', password: 'password') 6 | end 7 | let!(:authentication_token) do 8 | AuthenticationToken.create(user_id: user.id, body: 'token', last_used_at: DateTime.current) 9 | end 10 | 11 | let(:env) do 12 | { 'HTTP_X_USER_EMAIL' => user.email, 13 | 'HTTP_X_AUTH_TOKEN' => authentication_token.body } 14 | end 15 | 16 | let(:subject) { described_class.new(nil) } 17 | 18 | describe '#valid?' do 19 | context 'with valid credentials' do 20 | before { allow(subject).to receive(:env).and_return(env) } 21 | 22 | it { is_expected.to be_valid } 23 | end 24 | 25 | context 'with invalid credentials' do 26 | before { allow(subject).to receive(:env).and_return({}) } 27 | 28 | it { is_expected.not_to be_valid } 29 | end 30 | end 31 | 32 | describe '#authenticate!' do 33 | context 'with valid credentials' do 34 | before { allow(subject).to receive(:env).and_return(env) } 35 | 36 | it 'returns success' do 37 | expect(User).to receive(:find_by) 38 | .with(email: user.email) 39 | .and_return(user) 40 | expect(TokenIssuer).to receive_message_chain(:build, :find_token) 41 | .with(user, authentication_token.body) 42 | .and_return(authentication_token) 43 | expect(subject).to receive(:success!).with(user) 44 | subject.authenticate! 45 | end 46 | 47 | it 'touches the token' do 48 | expect(subject).to receive(:touch_token) 49 | .with(authentication_token) 50 | subject.authenticate! 51 | end 52 | end 53 | 54 | context 'with invalid user' do 55 | before do 56 | allow(subject).to receive(:env) 57 | .and_return('HTTP_X_USER_EMAIL' => 'invalid@email', 58 | 'HTTP_X_AUTH_TOKEN' => 'invalid-token') 59 | end 60 | 61 | it 'fails' do 62 | expect(User).to receive(:find_by) 63 | .with(email: 'invalid@email') 64 | .and_return(nil) 65 | expect(TokenIssuer).not_to receive(:build) 66 | expect(subject).not_to receive(:success!) 67 | expect(subject).to receive(:fail!) 68 | subject.authenticate! 69 | end 70 | end 71 | 72 | context 'with invalid token' do 73 | before do 74 | allow(subject).to receive(:env) 75 | .and_return('HTTP_X_USER_EMAIL' => user.email, 76 | 'HTTP_X_AUTH_TOKEN' => 'invalid-token') 77 | end 78 | 79 | it 'fails' do 80 | expect(User).to receive(:find_by) 81 | .with(email: user.email) 82 | .and_return(user) 83 | expect(TokenIssuer).to receive_message_chain(:build, :find_token) 84 | .with(user, 'invalid-token') 85 | .and_return(nil) 86 | expect(subject).not_to receive(:success!) 87 | expect(subject).to receive(:fail!) 88 | subject.authenticate! 89 | end 90 | end 91 | end 92 | end 93 | -------------------------------------------------------------------------------- /spec/models/authentication_token_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe AuthenticationToken, type: :model do 4 | describe 'db structure' do 5 | it { is_expected.to have_db_column(:user_id).of_type(:integer) } 6 | it { is_expected.to have_db_column(:body).of_type(:string) } 7 | it { is_expected.to have_db_column(:ip_address).of_type(:string) } 8 | it { is_expected.to have_db_column(:user_agent).of_type(:string) } 9 | it { is_expected.to have_db_column(:last_used_at).of_type(:datetime) } 10 | it { is_expected.to have_db_column(:created_at).of_type(:datetime) } 11 | it { is_expected.to have_db_column(:updated_at).of_type(:datetime) } 12 | 13 | it { is_expected.to have_db_index(:user_id) } 14 | end 15 | 16 | describe 'associations' do 17 | it { is_expected.to belong_to(:user) } 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /spec/models/customer_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe Customer, type: :model do 4 | describe 'db structure' do 5 | it { is_expected.to have_db_column(:full_name).of_type(:string) } 6 | it { is_expected.to have_db_column(:email).of_type(:string) } 7 | it { is_expected.to have_db_column(:phone).of_type(:string) } 8 | it { is_expected.to have_db_column(:created_at).of_type(:datetime) } 9 | it { is_expected.to have_db_column(:updated_at).of_type(:datetime) } 10 | end 11 | 12 | describe 'validations' do 13 | it { is_expected.to validate_presence_of(:full_name) } 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /spec/models/user_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe User, type: :model do 4 | describe 'db structure' do 5 | it { is_expected.to have_db_column(:email).of_type(:string) } 6 | it { is_expected.to have_db_column(:password_digest).of_type(:string) } 7 | it { is_expected.to have_db_column(:created_at).of_type(:datetime) } 8 | it { is_expected.to have_db_column(:updated_at).of_type(:datetime) } 9 | 10 | it { is_expected.to have_db_index(:email) } 11 | end 12 | 13 | describe 'associations' do 14 | it { is_expected.to have_many(:authentication_tokens) } 15 | end 16 | 17 | describe 'secure password' do 18 | it { is_expected.to have_secure_password } 19 | it { is_expected.to validate_length_of(:password) } 20 | 21 | it { expect(User.new(email: 'user@email.com', password: nil).save).to be_falsey } 22 | it { expect(User.new(email: 'user@email.com', password: 'foo').save).to be_falsey } 23 | it { expect(User.new(email: 'user@email.com', password: 'af3714ff0ffae').save).to be_truthy } 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /spec/rails_helper.rb: -------------------------------------------------------------------------------- 1 | # This file is copied to spec/ when you run 'rails generate rspec:install' 2 | ENV['RAILS_ENV'] ||= 'test' 3 | require File.expand_path('../../config/environment', __FILE__) 4 | # Prevent database truncation if the environment is production 5 | abort('The Rails environment is running in production mode!') if Rails.env.production? 6 | require 'spec_helper' 7 | require 'rspec/rails' 8 | # Add additional requires below this line. Rails is not loaded until this point! 9 | require 'shoulda/matchers' 10 | 11 | # Requires supporting ruby files with custom matchers and macros, etc, in 12 | # spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are 13 | # run as spec files by default. This means that files in spec/support that end 14 | # in _spec.rb will both be required and run as specs, causing the specs to be 15 | # run twice. It is recommended that you do not name files matching this glob to 16 | # end with _spec.rb. You can configure this pattern with the --pattern 17 | # option on the command line or in ~/.rspec, .rspec or `.rspec-local`. 18 | # 19 | # The following line is provided for convenience purposes. It has the downside 20 | # of increasing the boot-up time by auto-requiring all files in the support 21 | # directory. Alternatively, in the individual `*_spec.rb` files, manually 22 | # require only the support files necessary. 23 | # 24 | Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f } 25 | 26 | # Checks for pending migrations before tests are run. 27 | # If you are not using ActiveRecord, you can remove this line. 28 | ActiveRecord::Migration.maintain_test_schema! 29 | 30 | RSpec.configure do |config| 31 | # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures 32 | config.fixture_path = "#{::Rails.root}/spec/fixtures" 33 | 34 | # If you're not using ActiveRecord, or you'd prefer not to run each of your 35 | # examples within a transaction, remove the following line or assign false 36 | # instead of true. 37 | config.use_transactional_fixtures = true 38 | 39 | # RSpec Rails can automatically mix in different behaviours to your tests 40 | # based on their file location, for example enabling you to call `get` and 41 | # `post` in specs under `spec/controllers`. 42 | # 43 | # You can disable this behaviour by removing the line below, and instead 44 | # explicitly tag your specs with their type, e.g.: 45 | # 46 | # RSpec.describe UsersController, :type => :controller do 47 | # # ... 48 | # end 49 | # 50 | # The different available types are documented in the features, such as in 51 | # https://relishapp.com/rspec/rspec-rails/docs 52 | config.infer_spec_type_from_file_location! 53 | end 54 | 55 | Shoulda::Matchers.configure do |config| 56 | config.integrate do |with| 57 | with.test_framework :rspec 58 | with.library :rails 59 | end 60 | end 61 | -------------------------------------------------------------------------------- /spec/requests/cors_headers_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe 'CORS', type: :request do 4 | before { head '/something' } 5 | 6 | it 'respond with 204 and CORS headers' do 7 | expect(response.status).to eq(204) 8 | expect(response.body).to be_blank 9 | end 10 | 11 | it 'returns the Access-Control-Allow-Origin header to allow CORS from anywhere' do 12 | expect(response.headers['Access-Control-Allow-Origin']).to eq('*') 13 | end 14 | 15 | it 'returns general HTTP methods through CORS (GET/POST/PUT/DELETE)' do 16 | %w(GET POST PUT DELETE).each do |method| 17 | expect(response.headers['Access-Control-Allow-Methods']).to include(method) 18 | end 19 | end 20 | 21 | it 'returns the allowed headers' do 22 | %w(Content-Type Accept X-User-Email X-Auth-Token).each do |header| 23 | expect(response.headers['Access-Control-Allow-Headers']).to include(header) 24 | end 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /spec/requests/customers_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe 'Customers', type: :request do 4 | let!(:user) { User.create(email: 'user@example.com', password: 'password') } 5 | let!(:authentication_token) do 6 | AuthenticationToken.create(user_id: user.id, 7 | body: 'token', last_used_at: DateTime.current) 8 | end 9 | let!(:customer) { Customer.create(full_name: 'John Doe', email: 'john.doe@example.com') } 10 | 11 | let(:valid_session) do 12 | { 'HTTP_X_USER_EMAIL' => user.email, 13 | 'HTTP_X_AUTH_TOKEN' => authentication_token.body } 14 | end 15 | 16 | describe 'GET /customers' do 17 | it 'lists all the customers' do 18 | get customers_path, { format: :json }, valid_session 19 | expect(response).to have_http_status(200) 20 | end 21 | end 22 | 23 | describe 'GET /customers/:id' do 24 | it 'gets a single customer' do 25 | get customer_path(customer), { format: :json }, valid_session 26 | expect(response).to have_http_status(200) 27 | end 28 | end 29 | 30 | describe 'POST /customers' do 31 | it 'creates a new customer' do 32 | post customers_path, 33 | { customer: { full_name: 'John Doe', email: 'john.doe@example.com' }, 34 | format: :json }, valid_session 35 | expect(response).to have_http_status(201) 36 | end 37 | end 38 | 39 | describe 'PUT /customers/:id' do 40 | it 'updates a customer' do 41 | put customer_path(customer), 42 | { customer: { full_name: 'John F. Doe' }, format: :json }, 43 | valid_session 44 | expect(response).to have_http_status(204) 45 | end 46 | end 47 | 48 | describe 'DELETE /customers/:id' do 49 | it 'logs out the user' do 50 | delete customer_path(customer), { format: :json }, valid_session 51 | expect(response).to have_http_status(204) 52 | end 53 | end 54 | end 55 | -------------------------------------------------------------------------------- /spec/requests/sessions_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe 'Sessions', type: :request do 4 | let!(:user) { User.create(email: 'user@example.com', password: 'password') } 5 | let!(:authentication_token) do 6 | AuthenticationToken.create(user_id: user.id, 7 | body: 'token', last_used_at: DateTime.current) 8 | end 9 | 10 | let(:valid_session) do 11 | { 'HTTP_X_USER_EMAIL' => user.email, 12 | 'HTTP_X_AUTH_TOKEN' => authentication_token.body } 13 | end 14 | 15 | describe 'POST /sessions' do 16 | it 'logs in the user' do 17 | post sessions_path, user: { email: user.email, password: 'password' }, format: :json 18 | expect(response).to have_http_status(200) 19 | end 20 | end 21 | 22 | describe 'DELETE /sessions' do 23 | it 'logs out the user' do 24 | delete sessions_path, { format: :json }, valid_session 25 | expect(response).to have_http_status(200) 26 | end 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /spec/routing/customers_routing_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe CustomersController, type: :routing do 4 | it { expect(get: '/customers').to route_to('customers#index') } 5 | it { expect(get: '/customers/1').to route_to('customers#show', id: '1') } 6 | it { expect(post: '/customers').to route_to('customers#create') } 7 | it { expect(put: '/customers/1').to route_to('customers#update', id: '1') } 8 | it { expect(delete: '/customers/1').to route_to('customers#destroy', id: '1') } 9 | end 10 | -------------------------------------------------------------------------------- /spec/routing/sessions_routing_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe SessionsController, type: :routing do 4 | it { expect(post: '/sessions').to route_to('sessions#create') } 5 | it { expect(delete: '/sessions').to route_to('sessions#destroy') } 6 | end 7 | -------------------------------------------------------------------------------- /spec/services/token_issuer_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.describe TokenIssuer, type: :model do 4 | let(:resource) do 5 | double(:resource, id: 1, 6 | authentication_tokens: authentication_tokens) 7 | end 8 | let(:authentication_tokens) do 9 | double(:authentication_tokens, create!: authentication_token) 10 | end 11 | let(:authentication_token) do 12 | double(:authentication_token, body: 'token') 13 | end 14 | let(:request) do 15 | double(:request, remote_ip: '100.10.10.23', user_agent: 'Test Browser') 16 | end 17 | 18 | describe '.create_and_return_token' do 19 | it 'creates a new token for the user' do 20 | expect(resource.authentication_tokens).to receive(:create!) 21 | .with(last_used_at: DateTime.current, 22 | ip_address: request.remote_ip, 23 | user_agent: request.user_agent) 24 | .and_return(authentication_token) 25 | described_class.create_and_return_token(resource, request) 26 | end 27 | 28 | it 'returns the token body' do 29 | allow(resource.authentication_tokens).to receive(:create!) 30 | .and_return(authentication_token) 31 | expect(described_class.create_and_return_token(resource, request)).to eq('token') 32 | end 33 | end 34 | 35 | describe '.purge_old_tokens' do 36 | it "deletes all the user's tokens" do 37 | expect(resource.authentication_tokens).to receive_message_chain(:order, :offset, :destroy_all) 38 | described_class.purge_old_tokens(resource) 39 | end 40 | end 41 | end 42 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'codeclimate-test-reporter' 2 | CodeClimate::TestReporter.start 3 | 4 | # This file was generated by the `rails generate rspec:install` command. Conventionally, all 5 | # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. 6 | # The generated `.rspec` file contains `--require spec_helper` which will cause 7 | # this file to always be loaded, without a need to explicitly require it in any 8 | # files. 9 | # 10 | # Given that it is always loaded, you are encouraged to keep this file as 11 | # light-weight as possible. Requiring heavyweight dependencies from this file 12 | # will add to the boot time of your test suite on EVERY test run, even for an 13 | # individual file that may not need all of that loaded. Instead, consider making 14 | # a separate helper file that requires the additional dependencies and performs 15 | # the additional setup, and require it from the spec files that actually need 16 | # it. 17 | # 18 | # The `.rspec` file also contains a few flags that are not defaults but that 19 | # users commonly want. 20 | # 21 | # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration 22 | RSpec.configure do |config| 23 | # rspec-expectations config goes here. You can use an alternate 24 | # assertion/expectation library such as wrong or the stdlib/minitest 25 | # assertions if you prefer. 26 | config.expect_with :rspec do |expectations| 27 | # This option will default to `true` in RSpec 4. It makes the `description` 28 | # and `failure_message` of custom matchers include text for helper methods 29 | # defined using `chain`, e.g.: 30 | # be_bigger_than(2).and_smaller_than(4).description 31 | # # => "be bigger than 2 and smaller than 4" 32 | # ...rather than: 33 | # # => "be bigger than 2" 34 | expectations.include_chain_clauses_in_custom_matcher_descriptions = true 35 | end 36 | 37 | # rspec-mocks config goes here. You can use an alternate test double 38 | # library (such as bogus or mocha) by changing the `mock_with` option here. 39 | config.mock_with :rspec do |mocks| 40 | # Prevents you from mocking or stubbing a method that does not exist on 41 | # a real object. This is generally recommended, and will default to 42 | # `true` in RSpec 4. 43 | mocks.verify_partial_doubles = true 44 | end 45 | 46 | # The settings below are suggested to provide a good initial experience 47 | # with RSpec, but feel free to customize to your heart's content. 48 | 49 | # These two settings work together to allow you to limit a spec run 50 | # to individual examples or groups you care about by tagging them with 51 | # `:focus` metadata. When nothing is tagged with `:focus`, all examples 52 | # get run. 53 | # config.filter_run :focus 54 | # config.run_all_when_everything_filtered = true 55 | 56 | # Allows RSpec to persist some state between runs in order to support 57 | # the `--only-failures` and `--next-failure` CLI options. We recommend 58 | # you configure your source control system to ignore this file. 59 | # config.example_status_persistence_file_path = "spec/examples.txt" 60 | 61 | # Limits the available syntax to the non-monkey patched syntax that is 62 | # recommended. For more details, see: 63 | # - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax 64 | # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/ 65 | # - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching 66 | # config.disable_monkey_patching! 67 | 68 | # This setting enables warnings. It's recommended, but in some cases may 69 | # be too noisy due to issues in dependencies. 70 | # config.warnings = true 71 | 72 | # Many RSpec users commonly either run the entire suite or an individual 73 | # file, and it's useful to allow more verbose output when running an 74 | # individual spec file. 75 | # if config.files_to_run.one? 76 | # Use the documentation formatter for detailed output, 77 | # unless a formatter has already been configured 78 | # (e.g. via a command-line flag). 79 | # config.default_formatter = 'doc' 80 | # end 81 | 82 | # Print the 10 slowest examples and example groups at the 83 | # end of the spec run, to help surface which specs are running 84 | # particularly slow. 85 | config.profile_examples = 3 86 | 87 | # Run specs in random order to surface order dependencies. If you find an 88 | # order dependency and want to debug it, you can fix the order by providing 89 | # the seed, which is printed after each run. 90 | # --seed 1234 91 | config.order = :random 92 | 93 | # Seed global randomization in this process using the `--seed` CLI option. 94 | # Setting this allows you to use `--seed` to deterministically reproduce 95 | # test failures related to randomization by passing the same `--seed` value 96 | # as the one that triggered the failure. 97 | Kernel.srand config.seed 98 | end 99 | -------------------------------------------------------------------------------- /spec/support/api_controller.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.shared_examples 'api_controller' do 4 | describe 'rescues from ActiveRecord::RecordNotFound' do 5 | context 'on GET #show' do 6 | before { get :show, id: 'not-existing', format: :json } 7 | 8 | it { expect(response.status).to eq(404) } 9 | it { expect(response.body).to be_blank } 10 | end 11 | 12 | context 'on PUT #update' do 13 | before { put :update, id: 'not-existing', format: :json } 14 | 15 | it { expect(response.status).to eq(404) } 16 | it { expect(response.body).to be_blank } 17 | end 18 | 19 | context 'on DELETE #destroy' do 20 | before { delete :destroy, id: 'not-existing', format: :json } 21 | 22 | it { expect(response.status).to eq(404) } 23 | it { expect(response.body).to be_blank } 24 | end 25 | end 26 | 27 | describe 'rescues from ActionController::ParameterMissing' do 28 | context 'on POST #create' do 29 | before { post :create, wrong_params: { foo: :bar }, format: :json } 30 | 31 | it { expect(response.status).to eq(422) } 32 | it { expect(response.body).to match(/error/) } 33 | end 34 | end 35 | 36 | describe 'responds to OPTIONS requests to return CORS headers' do 37 | before { process :index, 'OPTIONS' } 38 | 39 | context 'CORS requests' do 40 | it 'returns the Access-Control-Allow-Origin header to allow CORS from anywhere' do 41 | expect(response.headers['Access-Control-Allow-Origin']).to eq('*') 42 | end 43 | 44 | it 'returns general HTTP methods through CORS (GET/POST/PUT/DELETE/OPTIONS)' do 45 | %w(GET POST PUT DELETE OPTIONS).each do |method| 46 | expect(response.headers['Access-Control-Allow-Methods']).to include(method) 47 | end 48 | end 49 | 50 | it 'returns the allowed headers' do 51 | %w(Content-Type Accept X-User-Email X-Auth-Token).each do |header| 52 | expect(response.headers['Access-Control-Allow-Headers']).to include(header) 53 | end 54 | end 55 | end 56 | end 57 | end 58 | -------------------------------------------------------------------------------- /spec/support/authenticated_api_controller.rb: -------------------------------------------------------------------------------- 1 | require 'rails_helper' 2 | 3 | RSpec.shared_examples 'authenticated_api_controller' do 4 | describe 'authentiation' do 5 | it 'returns unauthorized request without email and token' do 6 | request.env['HTTP_X_USER_EMAIL'] = nil 7 | request.env['HTTP_X_AUTH_TOKEN'] = nil 8 | get :index, format: :json 9 | 10 | expect(response.status).to eq(401) 11 | end 12 | 13 | it 'returns unauthorized request without token' do 14 | user = User.create(email: 'user@example.com', password: 'password') 15 | request.env['HTTP_X_USER_EMAIL'] = user.email 16 | request.env['HTTP_X_AUTH_TOKEN'] = nil 17 | get :index, format: :json 18 | 19 | expect(response.status).to eq(401) 20 | end 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /spec/support/warden.rb: -------------------------------------------------------------------------------- 1 | # Based on http://stackoverflow.com/questions/13420923/configuring-warden-for-use-in-rspec-controller-specs 2 | module Warden 3 | # Warden::Test::ControllerHelpers provides a facility to test controllers in isolation 4 | # Most of the code was extracted from Devise's Devise::TestHelpers. 5 | module Test 6 | module ControllerHelpers 7 | def self.included(base) 8 | base.class_eval do 9 | setup :setup_controller_for_warden, :warden if respond_to?(:setup) 10 | end 11 | end 12 | 13 | # Override process to consider warden. 14 | def process(*) 15 | # Make sure we always return @response, a la ActionController::TestCase::Behavior#process, even if warden interrupts 16 | _catch_warden {super} || @response 17 | end 18 | 19 | # We need to setup the environment variables and the response in the controller 20 | def setup_controller_for_warden 21 | @request.env['action_controller.instance'] = @controller 22 | end 23 | 24 | # Quick access to Warden::Proxy. 25 | def warden 26 | @warden ||= begin 27 | manager = Warden::Manager.new(nil, &Rails.application.config.middleware.detect{|m| m.name == 'Warden::Manager'}.block) 28 | @request.env['warden'] = Warden::Proxy.new(@request.env, manager) 29 | end 30 | end 31 | 32 | protected 33 | 34 | # Catch warden continuations and handle like the middleware would. 35 | # Returns nil when interrupted, otherwise the normal result of the block. 36 | def _catch_warden(&block) 37 | result = catch(:warden, &block) 38 | 39 | if result.is_a?(Hash) && !warden.custom_failure? && !@controller.send(:performed?) 40 | result[:action] ||= :unauthenticated 41 | 42 | env = @controller.request.env 43 | env['PATH_INFO'] = "/#{result[:action]}" 44 | env['warden.options'] = result 45 | Warden::Manager._run_callbacks(:before_failure, env, result) 46 | 47 | status, headers, body = warden.config[:failure_app].call(env).to_a 48 | @controller.send :render, status: status, text: body, 49 | content_type: headers['Content-Type'], location: headers['Location'] 50 | 51 | nil 52 | else 53 | result 54 | end 55 | end 56 | end 57 | end 58 | end 59 | 60 | RSpec.configure do |config| 61 | config.include Warden::Test::ControllerHelpers, type: :controller 62 | end 63 | --------------------------------------------------------------------------------