stoa_plugin: improve webservice

* Creates a smart api to define categories of fields. * Inclusion of sensitive and heavy fields categorization * Possibility for creation of custom fields (ActionItem2832)

stoa_plugin: improve webservice
* Creates a smart api to define categories of fields. * Inclusion of sensitive and heavy fields categorization * Possibility for creation of custom fields (ActionItem2832)
Rodrigo Souto
1 parent 688b3512
Showing 5 changed files with 187 additions and 29 deletions Show diff stats
lib/noosfero/fields_decorator.rb
plugins/stoa/controllers/stoa_plugin_controller.rb
plugins/stoa/lib/stoa_plugin/person_api.rb
plugins/stoa/lib/stoa_plugin/person_fields.rb
plugins/stoa/test/functional/stoa_plugin_controller_test.rb
@@ -0,0 +1,16 @@
+class Noosfero::FieldsDecorator
+  attr_accessor :object, :context
+
+  def initialize(object, context = nil)
+    @object = object
+    @context = context
+  end
+
+  def method_missing(m, *args)
+    object.send(m, *args)
+  end
+
+  def fields(field_names = {})
+    field_names.inject({}) { |result, field| result.merge!(field => self.send(field))}
+  end
+end
+require 'stoa_plugin/person_fields'
+
 class StoaPluginController < PublicController
   append_view_path File.join(File.dirname(__FILE__) + '/../views')
+  include StoaPlugin::PersonFields
+
   def authenticate
     if request.ssl? && request.post?
       if params[:login].blank?
@@ -11,22 +15,14 @@ class StoaPluginController &lt; PublicController
       end
       user = User.authenticate(login, params[:password], environment)
       if user
-        result = {
-          :username => user.login,
-          :email => user.email,
-          :name => user.name,
-          :nusp => user.person.usp_id,
-          :first_name => user.name.split(' ').first,
-          :surname => user.name.split(' ',2).last,
-          :address => user.person.address,
-          :homepage => url_for(user.person.url),
-        }
+        result = StoaPlugin::PersonApi.new(user.person, self).fields(selected_fields(params[:fields], user))
+        result.merge!(:ok => true)
       else
-        result = { :error => _('Incorrect user/password pair.') }
+        result = { :error => _('Incorrect user/password pair.'), :ok => false }
       end
       render :text => result.to_json
     else
-      render :text => { :error => _('Conection requires SSL certificate and post method.') }.to_json
+      render :text => { :error => _('Conection requires SSL certificate and post method.'), :ok => false }.to_json
     end
   end
@@ -46,4 +42,16 @@ class StoaPluginController &lt; PublicController
     end
   end
+  private
+
+  def selected_fields(kind, user)
+    fields = FIELDS[kind] || FIELDS['essential']
+    return fields.reject { |field| !FIELDS['essential'].include?(field) } unless user.person.public_profile
+    fields.reject do |field|
+      !user.person.public_fields.include?(field) &&
+      SENSITIVE.include?(field) &&
+      !FIELDS['essential'].include?(field)
+    end
+  end
+
 end
@@ -0,0 +1,25 @@
+class StoaPlugin::PersonApi < Noosfero::FieldsDecorator
+  def username
+    user.login
+  end
+
+  def nusp
+    usp_id
+  end
+
+  def first_name
+    name.split(' ').first
+  end
+
+  def surname
+    name.split(' ',2).last
+  end
+
+  def homepage
+    context.url_for(url)
+  end
+
+  def image_base64
+    Base64.encode64(image.current_data) if image && image.current_data
+  end
+end
@@ -0,0 +1,18 @@
+module StoaPlugin::PersonFields
+  HEAVY = %w[image_base64]
+  SENSITIVE = %w[]
+  FILTER = %w[image]
+
+  ESSENTIAL = %w[username email nusp]
+  AVERAGE = ESSENTIAL + %w[name first_name surname address homepage]
+  FULL = (AVERAGE + Person.fields + HEAVY - FILTER).uniq
+  COMPLETE = FULL - HEAVY
+
+  FIELDS = {
+    'none' => {},
+    'essential' => ESSENTIAL,
+    'average' => AVERAGE,
+    'full' => FULL,
+    'complete' => COMPLETE
+  }
+end
@@ -54,6 +54,114 @@ class StoaPluginControllerTest &lt; ActionController::TestCase
     assert_equal user.login, json_response['username']
   end
+  should 'authenticate with usp_id' do
+    @request.stubs(:ssl?).returns(true)
+    post :authenticate, :usp_id => user.person.usp_id.to_s, :password => '123456'
+
+    assert_nil json_response['error']
+    assert_equal user.login, json_response['username']
+  end
+
+  should 'return no fields if fields requested was none' do
+    @request.stubs(:ssl?).returns(true)
+    post :authenticate, :login => user.login, :password => '123456', :fields => 'none'
+
+    expected_response = {'ok' => true}
+
+    assert_nil json_response['error']
+    assert_equal expected_response, json_response
+  end
+
+  should 'return only the essential fields if no fields requested' do
+    @request.stubs(:ssl?).returns(true)
+    post :authenticate, :login => user.login, :password => '123456'
+    response = json_response.clone
+
+    assert_nil response['error']
+    assert_equal true, response.delete('ok')
+    assert_equal user.login, response.delete('username')
+    assert_equal user.email, response.delete('email')
+    assert_equal user.person.usp_id.to_s, response.delete('nusp')
+    assert response.blank?
+  end
+
+  should 'return only selected fields' do
+    @request.stubs(:ssl?).returns(true)
+    Person.any_instance.stubs(:f1).returns('field1')
+    Person.any_instance.stubs(:f2).returns('field2')
+    Person.any_instance.stubs(:f3).returns('field3')
+    @controller.stubs(:selected_fields).returns(%w[f1 f2 f3])
+
+    post :authenticate, :login => user.login, :password => '123456', :fields => 'special'
+    response = json_response.clone
+
+    assert_equal true, response.delete('ok')
+    assert_equal 'field1', response.delete('f1')
+    assert_equal 'field2', response.delete('f2')
+    assert_equal 'field3', response.delete('f3')
+    assert response.blank?
+  end
+
+  should 'not return sensitive fields that are private' do
+    @request.stubs(:ssl?).returns(true)
+    Person.any_instance.stubs(:f1).returns('field1')
+    Person.any_instance.stubs(:f2).returns('field2')
+    Person.any_instance.stubs(:f3).returns('field3')
+    StoaPluginController::FIELDS['special'] = %w[f1 f2 f3]
+    StoaPluginController::SENSITIVE = %w[f1 f2]
+    person = user.person
+    person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'}
+    person.save!
+
+    post :authenticate, :login => user.login, :password => '123456', :fields => 'special'
+
+    assert !json_response.keys.include?('f1')
+    assert json_response.keys.include?('f2')
+    assert json_response.keys.include?('f3')
+  end
+
+  should 'return essential fields even if they are sensitive and private' do
+    @request.stubs(:ssl?).returns(true)
+    StoaPluginController::SENSITIVE = %w[email]
+    person = user.person
+    person.fields_privacy = {:email => 'private'}
+    person.save!
+
+    post :authenticate, :login => user.login, :password => '123456'
+
+    assert json_response.keys.include?('email')
+  end
+
+  should 'return only essential fields when profile is private' do
+    @request.stubs(:ssl?).returns(true)
+    Person.any_instance.stubs(:f1).returns('field1')
+    Person.any_instance.stubs(:f2).returns('field2')
+    Person.any_instance.stubs(:f3).returns('field3')
+    StoaPluginController::FIELDS['special'] = %w[f1 f2 f3] + StoaPluginController::FIELDS['essential']
+    person = user.person
+    person.public_profile = false
+    person.save!
+
+    post :authenticate, :login => user.login, :password => '123456', :fields => 'special'
+    response = json_response.clone
+
+    assert_nil response['error']
+    assert_equal true, response.delete('ok')
+    assert_equal user.login, response.delete('username')
+    assert_equal user.email, response.delete('email')
+    assert_equal user.person.usp_id.to_s, response.delete('nusp')
+    assert response.blank?
+  end
+
+  should 'not crash if usp_id is invalid' do
+    @request.stubs(:ssl?).returns(true)
+    assert_nothing_raised do
+      post :authenticate, :usp_id => 12321123, :password => '123456'
+    end
+    assert_not_nil json_response['error']
+    assert_match /user/,json_response['error']
+  end
+
   should 'check valid usp id' do
     usp_id = '12345678'
     StoaPlugin::UspUser.stubs(:exists?).with(usp_id).returns(true)
@@ -91,23 +199,6 @@ class StoaPluginControllerTest &lt; ActionController::TestCase
     assert !json_response['exists']
   end
-  should 'authenticate with usp_id' do
-    @request.stubs(:ssl?).returns(true)
-    post :authenticate, :usp_id => user.person.usp_id.to_s, :password => '123456'
-
-    assert_nil json_response['error']
-    assert_equal user.login, json_response['username']
-  end
-
-  should 'not crash if usp_id is invalid' do
-    @request.stubs(:ssl?).returns(true)
-    assert_nothing_raised do
-      post :authenticate, :usp_id => 12321123, :password => '123456'
-    end
-    assert_not_nil json_response['error']
-    assert_match /user/,json_response['error']
-  end
-
   private
   def json_response
@@ -0,0 +1,16 @@		@@ -0,0 +1,16 @@
	1	+class Noosfero::FieldsDecorator
	2	+ attr_accessor :object, :context
	3	+
	4	+ def initialize(object, context = nil)
	5	+ @object = object
	6	+ @context = context
	7	+ end
	8	+
	9	+ def method_missing(m, *args)
	10	+ object.send(m, *args)
	11	+ end
	12	+
	13	+ def fields(field_names = {})
	14	+ field_names.inject({}) { \|result, field\| result.merge!(field => self.send(field))}
	15	+ end
	16	+end
@@ -0,0 +1,25 @@		@@ -0,0 +1,25 @@
	1	+class StoaPlugin::PersonApi < Noosfero::FieldsDecorator
	2	+ def username
	3	+ user.login
	4	+ end
	5	+
	6	+ def nusp
	7	+ usp_id
	8	+ end
	9	+
	10	+ def first_name
	11	+ name.split(' ').first
	12	+ end
	13	+
	14	+ def surname
	15	+ name.split(' ',2).last
	16	+ end
	17	+
	18	+ def homepage
	19	+ context.url_for(url)
	20	+ end
	21	+
	22	+ def image_base64
	23	+ Base64.encode64(image.current_data) if image && image.current_data
	24	+ end
	25	+end
@@ -0,0 +1,18 @@		@@ -0,0 +1,18 @@
	1	+module StoaPlugin::PersonFields
	2	+ HEAVY = %w[image_base64]
	3	+ SENSITIVE = %w[]
	4	+ FILTER = %w[image]
	5	+
	6	+ ESSENTIAL = %w[username email nusp]
	7	+ AVERAGE = ESSENTIAL + %w[name first_name surname address homepage]
	8	+ FULL = (AVERAGE + Person.fields + HEAVY - FILTER).uniq
	9	+ COMPLETE = FULL - HEAVY
	10	+
	11	+ FIELDS = {
	12	+ 'none' => {},
	13	+ 'essential' => ESSENTIAL,
	14	+ 'average' => AVERAGE,
	15	+ 'full' => FULL,
	16	+ 'complete' => COMPLETE
	17	+ }
	18	+end
	@@ -54,6 +54,114 @@ class StoaPluginControllerTest < ActionController::TestCase		@@ -54,6 +54,114 @@ class StoaPluginControllerTest < ActionController::TestCase
54	assert_equal user.login, json_response['username']	54	assert_equal user.login, json_response['username']
55	end	55	end
56		56
		57	+ should 'authenticate with usp_id' do
		58	+ @request.stubs(:ssl?).returns(true)
		59	+ post :authenticate, :usp_id => user.person.usp_id.to_s, :password => '123456'
		60	+
		61	+ assert_nil json_response['error']
		62	+ assert_equal user.login, json_response['username']
		63	+ end
		64	+
		65	+ should 'return no fields if fields requested was none' do
		66	+ @request.stubs(:ssl?).returns(true)
		67	+ post :authenticate, :login => user.login, :password => '123456', :fields => 'none'
		68	+
		69	+ expected_response = {'ok' => true}
		70	+
		71	+ assert_nil json_response['error']
		72	+ assert_equal expected_response, json_response
		73	+ end
		74	+
		75	+ should 'return only the essential fields if no fields requested' do
		76	+ @request.stubs(:ssl?).returns(true)
		77	+ post :authenticate, :login => user.login, :password => '123456'
		78	+ response = json_response.clone
		79	+
		80	+ assert_nil response['error']
		81	+ assert_equal true, response.delete('ok')
		82	+ assert_equal user.login, response.delete('username')
		83	+ assert_equal user.email, response.delete('email')
		84	+ assert_equal user.person.usp_id.to_s, response.delete('nusp')
		85	+ assert response.blank?
		86	+ end
		87	+
		88	+ should 'return only selected fields' do
		89	+ @request.stubs(:ssl?).returns(true)
		90	+ Person.any_instance.stubs(:f1).returns('field1')
		91	+ Person.any_instance.stubs(:f2).returns('field2')
		92	+ Person.any_instance.stubs(:f3).returns('field3')
		93	+ @controller.stubs(:selected_fields).returns(%w[f1 f2 f3])
		94	+
		95	+ post :authenticate, :login => user.login, :password => '123456', :fields => 'special'
		96	+ response = json_response.clone
		97	+
		98	+ assert_equal true, response.delete('ok')
		99	+ assert_equal 'field1', response.delete('f1')
		100	+ assert_equal 'field2', response.delete('f2')
		101	+ assert_equal 'field3', response.delete('f3')
		102	+ assert response.blank?
		103	+ end
		104	+
		105	+ should 'not return sensitive fields that are private' do
		106	+ @request.stubs(:ssl?).returns(true)
		107	+ Person.any_instance.stubs(:f1).returns('field1')
		108	+ Person.any_instance.stubs(:f2).returns('field2')
		109	+ Person.any_instance.stubs(:f3).returns('field3')
		110	+ StoaPluginController::FIELDS['special'] = %w[f1 f2 f3]
		111	+ StoaPluginController::SENSITIVE = %w[f1 f2]
		112	+ person = user.person
		113	+ person.fields_privacy = {:f1 => 'private', :f2 => 'public', :f3 => 'public'}
		114	+ person.save!
		115	+
		116	+ post :authenticate, :login => user.login, :password => '123456', :fields => 'special'
		117	+
		118	+ assert !json_response.keys.include?('f1')
		119	+ assert json_response.keys.include?('f2')
		120	+ assert json_response.keys.include?('f3')
		121	+ end
		122	+
		123	+ should 'return essential fields even if they are sensitive and private' do
		124	+ @request.stubs(:ssl?).returns(true)
		125	+ StoaPluginController::SENSITIVE = %w[email]
		126	+ person = user.person
		127	+ person.fields_privacy = {:email => 'private'}
		128	+ person.save!
		129	+
		130	+ post :authenticate, :login => user.login, :password => '123456'
		131	+
		132	+ assert json_response.keys.include?('email')
		133	+ end
		134	+
		135	+ should 'return only essential fields when profile is private' do
		136	+ @request.stubs(:ssl?).returns(true)
		137	+ Person.any_instance.stubs(:f1).returns('field1')
		138	+ Person.any_instance.stubs(:f2).returns('field2')
		139	+ Person.any_instance.stubs(:f3).returns('field3')
		140	+ StoaPluginController::FIELDS['special'] = %w[f1 f2 f3] + StoaPluginController::FIELDS['essential']
		141	+ person = user.person
		142	+ person.public_profile = false
		143	+ person.save!
		144	+
		145	+ post :authenticate, :login => user.login, :password => '123456', :fields => 'special'
		146	+ response = json_response.clone
		147	+
		148	+ assert_nil response['error']
		149	+ assert_equal true, response.delete('ok')
		150	+ assert_equal user.login, response.delete('username')
		151	+ assert_equal user.email, response.delete('email')
		152	+ assert_equal user.person.usp_id.to_s, response.delete('nusp')
		153	+ assert response.blank?
		154	+ end
		155	+
		156	+ should 'not crash if usp_id is invalid' do
		157	+ @request.stubs(:ssl?).returns(true)
		158	+ assert_nothing_raised do
		159	+ post :authenticate, :usp_id => 12321123, :password => '123456'
		160	+ end
		161	+ assert_not_nil json_response['error']
		162	+ assert_match /user/,json_response['error']
		163	+ end
		164	+
57	should 'check valid usp id' do	165	should 'check valid usp id' do
58	usp_id = '12345678'	166	usp_id = '12345678'
59	StoaPlugin::UspUser.stubs(:exists?).with(usp_id).returns(true)	167	StoaPlugin::UspUser.stubs(:exists?).with(usp_id).returns(true)
	@@ -91,23 +199,6 @@ class StoaPluginControllerTest < ActionController::TestCase		@@ -91,23 +199,6 @@ class StoaPluginControllerTest < ActionController::TestCase
91	assert !json_response['exists']	199	assert !json_response['exists']
92	end	200	end
93		201
94	- should 'authenticate with usp_id' do
95	- @request.stubs(:ssl?).returns(true)
96	- post :authenticate, :usp_id => user.person.usp_id.to_s, :password => '123456'
97	-
98	- assert_nil json_response['error']
99	- assert_equal user.login, json_response['username']
100	- end
101	-
102	- should 'not crash if usp_id is invalid' do
103	- @request.stubs(:ssl?).returns(true)
104	- assert_nothing_raised do
105	- post :authenticate, :usp_id => 12321123, :password => '123456'
106	- end
107	- assert_not_nil json_response['error']
108	- assert_match /user/,json_response['error']
109	- end
110	-
111	private	202	private
112		203
113	def json_response	204	def json_response