Merge branch 'api' into production

Michel Felipe
2 parents fa6ea4bd 0ee6f0f6
Showing 4 changed files with 108 additions and 3 deletions Show diff stats
lib/noosfero/api/helpers.rb
lib/noosfero/api/session.rb
test/unit/api/helpers_test.rb
test/unit/api/session_test.rb
@@ -350,6 +350,7 @@
         begin
           body = https.request(request).body
         rescue Exception => e
+          logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
           logger.error e
           return _("Google recaptcha error: #{e.message}")
         end
@@ -375,6 +376,7 @@
         begin
           body = https.request(request).body
         rescue Exception => e
+          logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
           logger.error e
           return _("Google recaptcha error: #{e.message}")
         end
@@ -393,6 +395,7 @@
         begin
           body = http.request(request).body
         rescue Exception => e
+          logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
           logger.error e
           return _("Serpro captcha error: #{e.message}")
         end
@@ -40,8 +40,9 @@ module Noosfero
         attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
         remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
  
-        unless test_captcha(remote_ip, params, environment) == true
-          render_api_error!(_('Please solve the test in order to register.'), 401)
+        result = test_captcha(remote_ip, params, environment)
+        unless result == true
+          render_api_error!(result, 401)
           return
         end
  
@@ -54,6 +55,42 @@ module Noosfero
           render_api_error!(message, 400)
         end
       end
+
+      params do
+        requires :activation_code, type: String, desc: _("Activation token")
+      end
+
+      # Activate a user.
+      #
+      # Parameter:
+      #   activation_code (required)                  - Activation token
+      # Example Request:
+      #   PATCH /activate?activation_code=28259abd12cc6a64ef9399cf3286cb998b96aeaf
+      patch "/activate" do
+        user = User.find_by_activation_code(params[:activation_code])
+        if user
+          unless user.environment.enabled?('admin_must_approve_new_users')
+            if user.activate
+                user.generate_private_token!
+                present user, :with => Entities::UserLogin
+            end
+          else
+            if user.create_moderate_task
+              user.activation_code = nil
+              user.save!
+
+              # Waiting for admin moderate user registration
+              status 202
+              body({
+                :message => 'Waiting for admin moderate user registration'
+              })
+            end
+          end
+        else
+          # Token not found in database
+          render_api_error!(_('Token is invalid'), 412)
+        end
+      end
     end
   end
 end
@@ -236,7 +236,7 @@ class APIHelpersTest &lt; ActiveSupport::TestCase
  
   end
  
-  should 'captcha serpro say Name or service not known' do
+  should 'captcha serpro say name or service not known' do
     environment = Environment.new
     environment.api_captcha_settings = {
         enabled: true,
@@ -40,4 +40,69 @@ class SessionTest &lt; ActiveSupport::TestCase
     json = JSON.parse(last_response.body)
   end
  
+  should 'detected error, Name or service not known, for Serpro Captcha communication' do
+    environment = Environment.default
+    environment.api_captcha_settings = {
+        enabled: true,
+        provider: 'serpro',
+        serpro_client_id:  '0000000000000000',
+        verify_uri:  'http://someserverthatdoesnotexist.mycompanythatdoesnotexist.com/validate',
+    }
+    environment.save!
+    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com",
+              :txtToken_captcha_serpro_gov_br => '4324343', :captcha_text => '4030320'}
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal "Serpro captcha error: getaddrinfo: Name or service not known", JSON.parse(last_response.body)["message"]
+  end
+
+  # TODO: Add another test cases to check register situations
+  should 'activate a user' do
+    params = {
+      :login => "newuserapi",
+      :password => "newuserapi",
+      :password_confirmation => "newuserapi",
+      :email => "newuserapi@email.com"
+    }
+    user = User.new(params)
+    user.save!
+
+    params = { activation_code: user.activation_code}
+    patch "/api/v1/activate?#{params.to_query}"
+    assert_equal 200, last_response.status
+  end
+
+  should 'do not activate a user if admin must approve him' do
+    params = {
+      :login => "newuserapi",
+      :password => "newuserapi",
+      :password_confirmation => "newuserapi",
+      :email => "newuserapi@email.com",
+      :environment => Environment.default
+    }
+    user = User.new(params)
+    user.environment.enable('admin_must_approve_new_users')
+    user.save!
+
+    params = { activation_code: user.activation_code}
+    patch "/api/v1/activate?#{params.to_query}"
+    assert_equal 202, last_response.status
+    assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"]
+  end
+
+  should 'do not activate a user if the token is invalid' do
+    params = {
+      :login => "newuserapi",
+      :password => "newuserapi",
+      :password_confirmation => "newuserapi",
+      :email => "newuserapi@email.com",
+      :environment => Environment.default
+    }
+    user = User.new(params)
+    user.save!
+
+    params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'}
+    patch "/api/v1/activate?#{params.to_query}"
+    assert_equal 412, last_response.status
+  end
+
 end
...	...	@@ -350,6 +350,7 @@
350	350	begin
351	351	body = https.request(request).body
352	352	rescue Exception => e
	353	+ logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] \|\| 'production'}_api.log"))
353	354	logger.error e
354	355	return _("Google recaptcha error: #{e.message}")
355	356	end
...	...	@@ -375,6 +376,7 @@
375	376	begin
376	377	body = https.request(request).body
377	378	rescue Exception => e
	379	+ logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] \|\| 'production'}_api.log"))
378	380	logger.error e
379	381	return _("Google recaptcha error: #{e.message}")
380	382	end
...	...	@@ -393,6 +395,7 @@
393	395	begin
394	396	body = http.request(request).body
395	397	rescue Exception => e
	398	+ logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] \|\| 'production'}_api.log"))
396	399	logger.error e
397	400	return _("Serpro captcha error: #{e.message}")
398	401	end
...	...
...	...	@@ -40,8 +40,9 @@ module Noosfero
40	40	attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
41	41	remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) \|\| (env && env['REMOTE_ADDR'])
42	42
43		- unless test_captcha(remote_ip, params, environment) == true
44		- render_api_error!(_('Please solve the test in order to register.'), 401)
	43	+ result = test_captcha(remote_ip, params, environment)
	44	+ unless result == true
	45	+ render_api_error!(result, 401)
45	46	return
46	47	end
47	48
...	...	@@ -54,6 +55,42 @@ module Noosfero
54	55	render_api_error!(message, 400)
55	56	end
56	57	end
	58	+
	59	+ params do
	60	+ requires :activation_code, type: String, desc: _("Activation token")
	61	+ end
	62	+
	63	+ # Activate a user.
	64	+ #
	65	+ # Parameter:
	66	+ # activation_code (required) - Activation token
	67	+ # Example Request:
	68	+ # PATCH /activate?activation_code=28259abd12cc6a64ef9399cf3286cb998b96aeaf
	69	+ patch "/activate" do
	70	+ user = User.find_by_activation_code(params[:activation_code])
	71	+ if user
	72	+ unless user.environment.enabled?('admin_must_approve_new_users')
	73	+ if user.activate
	74	+ user.generate_private_token!
	75	+ present user, :with => Entities::UserLogin
	76	+ end
	77	+ else
	78	+ if user.create_moderate_task
	79	+ user.activation_code = nil
	80	+ user.save!
	81	+
	82	+ # Waiting for admin moderate user registration
	83	+ status 202
	84	+ body({
	85	+ :message => 'Waiting for admin moderate user registration'
	86	+ })
	87	+ end
	88	+ end
	89	+ else
	90	+ # Token not found in database
	91	+ render_api_error!(_('Token is invalid'), 412)
	92	+ end
	93	+ end
57	94	end
58	95	end
59	96	end
...	...
...	...	@@ -236,7 +236,7 @@ class APIHelpersTest < ActiveSupport::TestCase
236	236
237	237	end
238	238
239		- should 'captcha serpro say Name or service not known' do
	239	+ should 'captcha serpro say name or service not known' do
240	240	environment = Environment.new
241	241	environment.api_captcha_settings = {
242	242	enabled: true,
...	...
...	...	@@ -40,4 +40,69 @@ class SessionTest < ActiveSupport::TestCase
40	40	json = JSON.parse(last_response.body)
41	41	end
42	42
	43	+ should 'detected error, Name or service not known, for Serpro Captcha communication' do
	44	+ environment = Environment.default
	45	+ environment.api_captcha_settings = {
	46	+ enabled: true,
	47	+ provider: 'serpro',
	48	+ serpro_client_id: '0000000000000000',
	49	+ verify_uri: 'http://someserverthatdoesnotexist.mycompanythatdoesnotexist.com/validate',
	50	+ }
	51	+ environment.save!
	52	+ params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com",
	53	+ :txtToken_captcha_serpro_gov_br => '4324343', :captcha_text => '4030320'}
	54	+ post "/api/v1/register?#{params.to_query}"
	55	+ assert_equal "Serpro captcha error: getaddrinfo: Name or service not known", JSON.parse(last_response.body)["message"]
	56	+ end
	57	+
	58	+ # TODO: Add another test cases to check register situations
	59	+ should 'activate a user' do
	60	+ params = {
	61	+ :login => "newuserapi",
	62	+ :password => "newuserapi",
	63	+ :password_confirmation => "newuserapi",
	64	+ :email => "newuserapi@email.com"
	65	+ }
	66	+ user = User.new(params)
	67	+ user.save!
	68	+
	69	+ params = { activation_code: user.activation_code}
	70	+ patch "/api/v1/activate?#{params.to_query}"
	71	+ assert_equal 200, last_response.status
	72	+ end
	73	+
	74	+ should 'do not activate a user if admin must approve him' do
	75	+ params = {
	76	+ :login => "newuserapi",
	77	+ :password => "newuserapi",
	78	+ :password_confirmation => "newuserapi",
	79	+ :email => "newuserapi@email.com",
	80	+ :environment => Environment.default
	81	+ }
	82	+ user = User.new(params)
	83	+ user.environment.enable('admin_must_approve_new_users')
	84	+ user.save!
	85	+
	86	+ params = { activation_code: user.activation_code}
	87	+ patch "/api/v1/activate?#{params.to_query}"
	88	+ assert_equal 202, last_response.status
	89	+ assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"]
	90	+ end
	91	+
	92	+ should 'do not activate a user if the token is invalid' do
	93	+ params = {
	94	+ :login => "newuserapi",
	95	+ :password => "newuserapi",
	96	+ :password_confirmation => "newuserapi",
	97	+ :email => "newuserapi@email.com",
	98	+ :environment => Environment.default
	99	+ }
	100	+ user = User.new(params)
	101	+ user.save!
	102	+
	103	+ params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'}
	104	+ patch "/api/v1/activate?#{params.to_query}"
	105	+ assert_equal 412, last_response.status
	106	+ end
	107	+
43	108	end
...	...