Commit 5fc16fc4c426e417d85c17835c0333ad04d137a2
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Merge branch 'api' of gitlab.com:participa/noosfero into serpro_api
Showing
5 changed files
with
80 additions
and
29 deletions
Show diff stats
lib/noosfero/api/api.rb
| @@ -11,9 +11,9 @@ module Noosfero | @@ -11,9 +11,9 @@ module Noosfero | ||
| 11 | logger.formatter = GrapeLogging::Formatters::Default.new | 11 | logger.formatter = GrapeLogging::Formatters::Default.new |
| 12 | use GrapeLogging::Middleware::RequestLogger, { logger: logger } | 12 | use GrapeLogging::Middleware::RequestLogger, { logger: logger } |
| 13 | 13 | ||
| 14 | - rescue_from :all do |e| | ||
| 15 | - logger.error e | ||
| 16 | - end | 14 | + #rescue_from :all do |e| |
| 15 | + # logger.error e | ||
| 16 | + #end | ||
| 17 | 17 | ||
| 18 | @@NOOSFERO_CONF = nil | 18 | @@NOOSFERO_CONF = nil |
| 19 | def self.NOOSFERO_CONF | 19 | def self.NOOSFERO_CONF |
| @@ -25,6 +25,7 @@ module Noosfero | @@ -25,6 +25,7 @@ module Noosfero | ||
| 25 | end | 25 | end |
| 26 | end | 26 | end |
| 27 | 27 | ||
| 28 | + before { set_locale } | ||
| 28 | before { setup_multitenancy } | 29 | before { setup_multitenancy } |
| 29 | before { detect_stuff_by_domain } | 30 | before { detect_stuff_by_domain } |
| 30 | before { filter_disabled_plugins_endpoints } | 31 | before { filter_disabled_plugins_endpoints } |
lib/noosfero/api/helpers.rb
| @@ -7,6 +7,10 @@ | @@ -7,6 +7,10 @@ | ||
| 7 | 7 | ||
| 8 | include SanitizeParams | 8 | include SanitizeParams |
| 9 | 9 | ||
| 10 | + def set_locale | ||
| 11 | + I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en') | ||
| 12 | + end | ||
| 13 | + | ||
| 10 | def current_user | 14 | def current_user |
| 11 | private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s | 15 | private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s |
| 12 | @current_user ||= User.find_by_private_token(private_token) | 16 | @current_user ||= User.find_by_private_token(private_token) |
| @@ -343,7 +347,13 @@ | @@ -343,7 +347,13 @@ | ||
| 343 | https.use_ssl = true | 347 | https.use_ssl = true |
| 344 | request = Net::HTTP::Post.new(uri.path) | 348 | request = Net::HTTP::Post.new(uri.path) |
| 345 | request.set_form_data(verify_hash) | 349 | request.set_form_data(verify_hash) |
| 346 | - body = https.request(request).body | 350 | + begin |
| 351 | + body = https.request(request).body | ||
| 352 | + rescue Exception => e | ||
| 353 | + logger.error e | ||
| 354 | + return _("Google recaptcha error: #{e.message}") | ||
| 355 | + end | ||
| 356 | + body = JSON.parse(body) | ||
| 347 | body == "true\nsuccess" ? true : body | 357 | body == "true\nsuccess" ? true : body |
| 348 | end | 358 | end |
| 349 | 359 | ||
| @@ -362,20 +372,32 @@ | @@ -362,20 +372,32 @@ | ||
| 362 | https.use_ssl = true | 372 | https.use_ssl = true |
| 363 | request = Net::HTTP::Post.new(uri.path) | 373 | request = Net::HTTP::Post.new(uri.path) |
| 364 | request.set_form_data(verify_hash) | 374 | request.set_form_data(verify_hash) |
| 365 | - captcha_result = JSON.parse(https.request(request).body) | 375 | + begin |
| 376 | + body = https.request(request).body | ||
| 377 | + rescue Exception => e | ||
| 378 | + logger.error e | ||
| 379 | + return _("Google recaptcha error: #{e.message}") | ||
| 380 | + end | ||
| 381 | + captcha_result = JSON.parse(body) | ||
| 366 | captcha_result["success"] ? true : captcha_result | 382 | captcha_result["success"] ? true : captcha_result |
| 367 | end | 383 | end |
| 368 | 384 | ||
| 369 | def verify_serpro_captcha(client_id, token, captcha_text, verify_uri) | 385 | def verify_serpro_captcha(client_id, token, captcha_text, verify_uri) |
| 370 | - if token == nil || captcha_text == nil | ||
| 371 | - return _('Missing captcha data') | ||
| 372 | - end | 386 | + return _('Missing Serpro Captcha token') if token == nil |
| 387 | + return _('Captcha text has not been filled') if captcha_text == nil | ||
| 373 | uri = URI(verify_uri) | 388 | uri = URI(verify_uri) |
| 374 | http = Net::HTTP.new(uri.host, uri.port) | 389 | http = Net::HTTP.new(uri.host, uri.port) |
| 375 | request = Net::HTTP::Post.new(uri.path) | 390 | request = Net::HTTP::Post.new(uri.path) |
| 376 | verify_string = "#{client_id}&#{token}&#{captcha_text}" | 391 | verify_string = "#{client_id}&#{token}&#{captcha_text}" |
| 377 | request.body = verify_string | 392 | request.body = verify_string |
| 378 | - body = http.request(request).body | 393 | + begin |
| 394 | + body = http.request(request).body | ||
| 395 | + rescue Exception => e | ||
| 396 | + logger.error e | ||
| 397 | + return _("Serpro captcha error: #{e.message}") | ||
| 398 | + end | ||
| 399 | + return _("Wrong captcha text, please try again") if body == 0 | ||
| 400 | + return _("Token not found") if body == 2 | ||
| 379 | body == '1' ? true : body | 401 | body == '1' ? true : body |
| 380 | end | 402 | end |
| 381 | 403 |
test/unit/api/helpers_test.rb
| @@ -209,7 +209,9 @@ class APIHelpersTest < ActiveSupport::TestCase | @@ -209,7 +209,9 @@ class APIHelpersTest < ActiveSupport::TestCase | ||
| 209 | serpro_client_id: '0000000000000000', | 209 | serpro_client_id: '0000000000000000', |
| 210 | verify_uri: 'http://localhost/api/verify', | 210 | verify_uri: 'http://localhost/api/verify', |
| 211 | } | 211 | } |
| 212 | - assert_equal test_captcha("127.0.0.1", {}, environment), "Missing captcha data" | 212 | + params = {} |
| 213 | + params[:txtToken_captcha_serpro_gov_br] = '4324343' | ||
| 214 | + assert_equal test_captcha("127.0.0.1", params, environment), _('Captcha text has not been filled') | ||
| 213 | end | 215 | end |
| 214 | 216 | ||
| 215 | should 'render not_found if endpoint is unavailable' do | 217 | should 'render not_found if endpoint is unavailable' do |
| @@ -234,6 +236,23 @@ class APIHelpersTest < ActiveSupport::TestCase | @@ -234,6 +236,23 @@ class APIHelpersTest < ActiveSupport::TestCase | ||
| 234 | 236 | ||
| 235 | end | 237 | end |
| 236 | 238 | ||
| 239 | + should 'captcha serpro say Name or service not known' do | ||
| 240 | + environment = Environment.new | ||
| 241 | + environment.api_captcha_settings = { | ||
| 242 | + enabled: true, | ||
| 243 | + provider: 'serpro', | ||
| 244 | + serpro_client_id: '0000000000000000', | ||
| 245 | + verify_uri: 'http://someserverthatdoesnotexist.mycompanythatdoesnotexist.com/validate', | ||
| 246 | + } | ||
| 247 | + params = {} | ||
| 248 | + params[:txtToken_captcha_serpro_gov_br] = '4324343' | ||
| 249 | + params[:captcha_text] = '4324343' | ||
| 250 | + logger = Logger.new(File.join(Rails.root, 'log', 'test_api.log')) | ||
| 251 | + stubs(:logger).returns(logger) | ||
| 252 | + assert_equal test_captcha('127.0.0.1', params, environment), 'Serpro captcha error: getaddrinfo: Name or service not known' | ||
| 253 | + end | ||
| 254 | + | ||
| 255 | + | ||
| 237 | protected | 256 | protected |
| 238 | 257 | ||
| 239 | def error!(info, status) | 258 | def error!(info, status) |
test/unit/api/users_test.rb
| 1 | +# encoding: UTF-8 | ||
| 1 | require File.dirname(__FILE__) + '/test_helper' | 2 | require File.dirname(__FILE__) + '/test_helper' |
| 2 | 3 | ||
| 3 | class UsersTest < ActiveSupport::TestCase | 4 | class UsersTest < ActiveSupport::TestCase |
| @@ -19,6 +20,18 @@ class UsersTest < ActiveSupport::TestCase | @@ -19,6 +20,18 @@ class UsersTest < ActiveSupport::TestCase | ||
| 19 | assert_equal 'some', json['user']['login'] | 20 | assert_equal 'some', json['user']['login'] |
| 20 | end | 21 | end |
| 21 | 22 | ||
| 23 | + should 'not create duplicate user' do | ||
| 24 | + params[:lang] = :"pt-BR" | ||
| 25 | + params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | ||
| 26 | + post "/api/v1/users?#{params.to_query}" | ||
| 27 | + json = JSON.parse(last_response.body) | ||
| 28 | + assert_equal 'some', json['user']['login'] | ||
| 29 | + params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | ||
| 30 | + post "/api/v1/users?#{params.to_query}" | ||
| 31 | + json = JSON.parse(last_response.body) | ||
| 32 | + assert_equal 'Username / Email já está em uso,e-Mail já está em uso', json['message'] | ||
| 33 | + end | ||
| 34 | + | ||
| 22 | should 'return 400 status for invalid user creation' do | 35 | should 'return 400 status for invalid user creation' do |
| 23 | params[:user] = {:login => 'some'} | 36 | params[:user] = {:login => 'some'} |
| 24 | post "/api/v1/users?#{params.to_query}" | 37 | post "/api/v1/users?#{params.to_query}" |
test/unit/user_test.rb
| @@ -21,6 +21,14 @@ class UserTest < ActiveSupport::TestCase | @@ -21,6 +21,14 @@ class UserTest < ActiveSupport::TestCase | ||
| 21 | end | 21 | end |
| 22 | end | 22 | end |
| 23 | 23 | ||
| 24 | + def test_should_not_allow_duplicate_login | ||
| 25 | + user1 = create_user('new_user', :email => 'new_user1@example.com', :password => 'test', :password_confirmation => 'test') | ||
| 26 | + assert !user1.errors[:login].present? | ||
| 27 | + user1.save! | ||
| 28 | + user2 = new_user(:login => 'new_user') | ||
| 29 | + assert user2.errors[:login].present? | ||
| 30 | + end | ||
| 31 | + | ||
| 24 | def test_should_require_password | 32 | def test_should_require_password |
| 25 | assert_no_difference 'User.count' do | 33 | assert_no_difference 'User.count' do |
| 26 | u = new_user(:password => nil) | 34 | u = new_user(:password => nil) |
| @@ -42,6 +50,13 @@ class UserTest < ActiveSupport::TestCase | @@ -42,6 +50,13 @@ class UserTest < ActiveSupport::TestCase | ||
| 42 | end | 50 | end |
| 43 | end | 51 | end |
| 44 | 52 | ||
| 53 | + def test_email_format | ||
| 54 | + assert_no_difference 'User.count' do | ||
| 55 | + u = new_user(:email => 'test.email') | ||
| 56 | + assert u.errors[:email].present? | ||
| 57 | + end | ||
| 58 | + end | ||
| 59 | + | ||
| 45 | def test_should_reset_password | 60 | def test_should_reset_password |
| 46 | users(:johndoe).update_attributes(:password => 'new password', :password_confirmation => 'new password') | 61 | users(:johndoe).update_attributes(:password => 'new password', :password_confirmation => 'new password') |
| 47 | assert_equal users(:johndoe), User.authenticate('johndoe', 'new password') | 62 | assert_equal users(:johndoe), User.authenticate('johndoe', 'new password') |
| @@ -715,25 +730,6 @@ class UserTest < ActiveSupport::TestCase | @@ -715,25 +730,6 @@ class UserTest < ActiveSupport::TestCase | ||
| 715 | assert_equal 'quire', user.person.name | 730 | assert_equal 'quire', user.person.name |
| 716 | end | 731 | end |
| 717 | 732 | ||
| 718 | - should 'generate private token' do | ||
| 719 | - user = User.new | ||
| 720 | - SecureRandom.stubs(:hex).returns('token') | ||
| 721 | - user.generate_private_token! | ||
| 722 | - | ||
| 723 | - assert user.private_token, 'token' | ||
| 724 | - end | ||
| 725 | - | ||
| 726 | - should 'check for private token validity' do | ||
| 727 | - user = User.new | ||
| 728 | - assert user.private_token_expired? | ||
| 729 | - | ||
| 730 | - user.generate_private_token! | ||
| 731 | - assert !user.private_token_expired? | ||
| 732 | - | ||
| 733 | - user.private_token_generated_at = DateTime.now - (User::TOKEN_VALIDITY + 1.minute) | ||
| 734 | - assert user.private_token_expired? | ||
| 735 | - end | ||
| 736 | - | ||
| 737 | protected | 733 | protected |
| 738 | def new_user(options = {}) | 734 | def new_user(options = {}) |
| 739 | user = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' }.merge(options)) | 735 | user = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' }.merge(options)) |