Commit 5fc16fc4c426e417d85c17835c0333ad04d137a2
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Merge branch 'api' of gitlab.com:participa/noosfero into serpro_api
Showing
5 changed files
with
80 additions
and
29 deletions
Show diff stats
lib/noosfero/api/api.rb
| ... | ... | @@ -11,9 +11,9 @@ module Noosfero |
| 11 | 11 | logger.formatter = GrapeLogging::Formatters::Default.new |
| 12 | 12 | use GrapeLogging::Middleware::RequestLogger, { logger: logger } |
| 13 | 13 | |
| 14 | - rescue_from :all do |e| | |
| 15 | - logger.error e | |
| 16 | - end | |
| 14 | + #rescue_from :all do |e| | |
| 15 | + # logger.error e | |
| 16 | + #end | |
| 17 | 17 | |
| 18 | 18 | @@NOOSFERO_CONF = nil |
| 19 | 19 | def self.NOOSFERO_CONF |
| ... | ... | @@ -25,6 +25,7 @@ module Noosfero |
| 25 | 25 | end |
| 26 | 26 | end |
| 27 | 27 | |
| 28 | + before { set_locale } | |
| 28 | 29 | before { setup_multitenancy } |
| 29 | 30 | before { detect_stuff_by_domain } |
| 30 | 31 | before { filter_disabled_plugins_endpoints } | ... | ... |
lib/noosfero/api/helpers.rb
| ... | ... | @@ -7,6 +7,10 @@ |
| 7 | 7 | |
| 8 | 8 | include SanitizeParams |
| 9 | 9 | |
| 10 | + def set_locale | |
| 11 | + I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en') | |
| 12 | + end | |
| 13 | + | |
| 10 | 14 | def current_user |
| 11 | 15 | private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s |
| 12 | 16 | @current_user ||= User.find_by_private_token(private_token) |
| ... | ... | @@ -343,7 +347,13 @@ |
| 343 | 347 | https.use_ssl = true |
| 344 | 348 | request = Net::HTTP::Post.new(uri.path) |
| 345 | 349 | request.set_form_data(verify_hash) |
| 346 | - body = https.request(request).body | |
| 350 | + begin | |
| 351 | + body = https.request(request).body | |
| 352 | + rescue Exception => e | |
| 353 | + logger.error e | |
| 354 | + return _("Google recaptcha error: #{e.message}") | |
| 355 | + end | |
| 356 | + body = JSON.parse(body) | |
| 347 | 357 | body == "true\nsuccess" ? true : body |
| 348 | 358 | end |
| 349 | 359 | |
| ... | ... | @@ -362,20 +372,32 @@ |
| 362 | 372 | https.use_ssl = true |
| 363 | 373 | request = Net::HTTP::Post.new(uri.path) |
| 364 | 374 | request.set_form_data(verify_hash) |
| 365 | - captcha_result = JSON.parse(https.request(request).body) | |
| 375 | + begin | |
| 376 | + body = https.request(request).body | |
| 377 | + rescue Exception => e | |
| 378 | + logger.error e | |
| 379 | + return _("Google recaptcha error: #{e.message}") | |
| 380 | + end | |
| 381 | + captcha_result = JSON.parse(body) | |
| 366 | 382 | captcha_result["success"] ? true : captcha_result |
| 367 | 383 | end |
| 368 | 384 | |
| 369 | 385 | def verify_serpro_captcha(client_id, token, captcha_text, verify_uri) |
| 370 | - if token == nil || captcha_text == nil | |
| 371 | - return _('Missing captcha data') | |
| 372 | - end | |
| 386 | + return _('Missing Serpro Captcha token') if token == nil | |
| 387 | + return _('Captcha text has not been filled') if captcha_text == nil | |
| 373 | 388 | uri = URI(verify_uri) |
| 374 | 389 | http = Net::HTTP.new(uri.host, uri.port) |
| 375 | 390 | request = Net::HTTP::Post.new(uri.path) |
| 376 | 391 | verify_string = "#{client_id}&#{token}&#{captcha_text}" |
| 377 | 392 | request.body = verify_string |
| 378 | - body = http.request(request).body | |
| 393 | + begin | |
| 394 | + body = http.request(request).body | |
| 395 | + rescue Exception => e | |
| 396 | + logger.error e | |
| 397 | + return _("Serpro captcha error: #{e.message}") | |
| 398 | + end | |
| 399 | + return _("Wrong captcha text, please try again") if body == 0 | |
| 400 | + return _("Token not found") if body == 2 | |
| 379 | 401 | body == '1' ? true : body |
| 380 | 402 | end |
| 381 | 403 | ... | ... |
test/unit/api/helpers_test.rb
| ... | ... | @@ -209,7 +209,9 @@ class APIHelpersTest < ActiveSupport::TestCase |
| 209 | 209 | serpro_client_id: '0000000000000000', |
| 210 | 210 | verify_uri: 'http://localhost/api/verify', |
| 211 | 211 | } |
| 212 | - assert_equal test_captcha("127.0.0.1", {}, environment), "Missing captcha data" | |
| 212 | + params = {} | |
| 213 | + params[:txtToken_captcha_serpro_gov_br] = '4324343' | |
| 214 | + assert_equal test_captcha("127.0.0.1", params, environment), _('Captcha text has not been filled') | |
| 213 | 215 | end |
| 214 | 216 | |
| 215 | 217 | should 'render not_found if endpoint is unavailable' do |
| ... | ... | @@ -234,6 +236,23 @@ class APIHelpersTest < ActiveSupport::TestCase |
| 234 | 236 | |
| 235 | 237 | end |
| 236 | 238 | |
| 239 | + should 'captcha serpro say Name or service not known' do | |
| 240 | + environment = Environment.new | |
| 241 | + environment.api_captcha_settings = { | |
| 242 | + enabled: true, | |
| 243 | + provider: 'serpro', | |
| 244 | + serpro_client_id: '0000000000000000', | |
| 245 | + verify_uri: 'http://someserverthatdoesnotexist.mycompanythatdoesnotexist.com/validate', | |
| 246 | + } | |
| 247 | + params = {} | |
| 248 | + params[:txtToken_captcha_serpro_gov_br] = '4324343' | |
| 249 | + params[:captcha_text] = '4324343' | |
| 250 | + logger = Logger.new(File.join(Rails.root, 'log', 'test_api.log')) | |
| 251 | + stubs(:logger).returns(logger) | |
| 252 | + assert_equal test_captcha('127.0.0.1', params, environment), 'Serpro captcha error: getaddrinfo: Name or service not known' | |
| 253 | + end | |
| 254 | + | |
| 255 | + | |
| 237 | 256 | protected |
| 238 | 257 | |
| 239 | 258 | def error!(info, status) | ... | ... |
test/unit/api/users_test.rb
| 1 | +# encoding: UTF-8 | |
| 1 | 2 | require File.dirname(__FILE__) + '/test_helper' |
| 2 | 3 | |
| 3 | 4 | class UsersTest < ActiveSupport::TestCase |
| ... | ... | @@ -19,6 +20,18 @@ class UsersTest < ActiveSupport::TestCase |
| 19 | 20 | assert_equal 'some', json['user']['login'] |
| 20 | 21 | end |
| 21 | 22 | |
| 23 | + should 'not create duplicate user' do | |
| 24 | + params[:lang] = :"pt-BR" | |
| 25 | + params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
| 26 | + post "/api/v1/users?#{params.to_query}" | |
| 27 | + json = JSON.parse(last_response.body) | |
| 28 | + assert_equal 'some', json['user']['login'] | |
| 29 | + params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
| 30 | + post "/api/v1/users?#{params.to_query}" | |
| 31 | + json = JSON.parse(last_response.body) | |
| 32 | + assert_equal 'Username / Email já está em uso,e-Mail já está em uso', json['message'] | |
| 33 | + end | |
| 34 | + | |
| 22 | 35 | should 'return 400 status for invalid user creation' do |
| 23 | 36 | params[:user] = {:login => 'some'} |
| 24 | 37 | post "/api/v1/users?#{params.to_query}" | ... | ... |
test/unit/user_test.rb
| ... | ... | @@ -21,6 +21,14 @@ class UserTest < ActiveSupport::TestCase |
| 21 | 21 | end |
| 22 | 22 | end |
| 23 | 23 | |
| 24 | + def test_should_not_allow_duplicate_login | |
| 25 | + user1 = create_user('new_user', :email => 'new_user1@example.com', :password => 'test', :password_confirmation => 'test') | |
| 26 | + assert !user1.errors[:login].present? | |
| 27 | + user1.save! | |
| 28 | + user2 = new_user(:login => 'new_user') | |
| 29 | + assert user2.errors[:login].present? | |
| 30 | + end | |
| 31 | + | |
| 24 | 32 | def test_should_require_password |
| 25 | 33 | assert_no_difference 'User.count' do |
| 26 | 34 | u = new_user(:password => nil) |
| ... | ... | @@ -42,6 +50,13 @@ class UserTest < ActiveSupport::TestCase |
| 42 | 50 | end |
| 43 | 51 | end |
| 44 | 52 | |
| 53 | + def test_email_format | |
| 54 | + assert_no_difference 'User.count' do | |
| 55 | + u = new_user(:email => 'test.email') | |
| 56 | + assert u.errors[:email].present? | |
| 57 | + end | |
| 58 | + end | |
| 59 | + | |
| 45 | 60 | def test_should_reset_password |
| 46 | 61 | users(:johndoe).update_attributes(:password => 'new password', :password_confirmation => 'new password') |
| 47 | 62 | assert_equal users(:johndoe), User.authenticate('johndoe', 'new password') |
| ... | ... | @@ -715,25 +730,6 @@ class UserTest < ActiveSupport::TestCase |
| 715 | 730 | assert_equal 'quire', user.person.name |
| 716 | 731 | end |
| 717 | 732 | |
| 718 | - should 'generate private token' do | |
| 719 | - user = User.new | |
| 720 | - SecureRandom.stubs(:hex).returns('token') | |
| 721 | - user.generate_private_token! | |
| 722 | - | |
| 723 | - assert user.private_token, 'token' | |
| 724 | - end | |
| 725 | - | |
| 726 | - should 'check for private token validity' do | |
| 727 | - user = User.new | |
| 728 | - assert user.private_token_expired? | |
| 729 | - | |
| 730 | - user.generate_private_token! | |
| 731 | - assert !user.private_token_expired? | |
| 732 | - | |
| 733 | - user.private_token_generated_at = DateTime.now - (User::TOKEN_VALIDITY + 1.minute) | |
| 734 | - assert user.private_token_expired? | |
| 735 | - end | |
| 736 | - | |
| 737 | 733 | protected |
| 738 | 734 | def new_user(options = {}) |
| 739 | 735 | user = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' }.merge(options)) | ... | ... |