I want be able to get token via api. Used for mobile applications

Dmitriy Zaporozhets
1 parent 37817cc3
Showing 6 changed files with 90 additions and 2 deletions Show diff stats
doc/api/README.md
doc/api/session.md
lib/api.rb
lib/api/entities.rb
lib/api/session.rb
spec/requests/api/session_spec.rb
@@ -30,6 +30,7 @@ When listing resources you can pass the following parameters:
 ## Contents
  
 + [Users](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/users.md)
++ [Session](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/session.md)
 + [Projects](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/projects.md)
 + [Snippets](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/snippets.md)
 + [Issues](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/issues.md)
@@ -0,0 +1,22 @@
+Login to get private token
+
+```
+POST /session
+```
+
+Parameters:
+
++ `email` (required) - The email of user
++ `password` (required) - Valid password
+
+
+```json
+{
+  "id": 1,
+  "email": "john@example.com",
+  "name": "John Smith",
+  "private_token": "dd34asd13as",
+  "created_at": "2012-05-23T08:00:58Z",
+  "blocked": true
+}
+```
@@ -18,5 +18,6 @@ module Gitlab
     mount Issues
     mount Milestones
     mount Keys
+    mount Session
   end
 end
@@ -9,6 +9,10 @@ module Gitlab
       expose :id, :email, :name, :blocked, :created_at
     end
  
+    class UserLogin < Grape::Entity
+      expose :id, :email, :name, :private_token, :blocked, :created_at
+    end
+
     class Hook < Grape::Entity
       expose :id, :url
     end
@@ -52,8 +56,8 @@ module Gitlab
     end
  
     class Key < Grape::Entity
-      expose  :id, 
-              :title, 
+      expose  :id,
+              :title,
               :key
     end
   end
@@ -0,0 +1,21 @@
+module Gitlab
+  # Users API
+  class Session < Grape::API
+    # Login to get token
+    #
+    # Example Request:
+    #  POST /session
+    post "/session" do
+      resource = User.find_for_database_authentication(email: params[:email])
+
+      return forbidden! unless resource
+
+      if resource.valid_password?(params[:password])
+        present resource, with: Entities::UserLogin
+      else
+        forbidden!
+      end
+    end
+  end
+end
+
@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe Gitlab::API do
+  include ApiHelpers
+
+  let(:user) { Factory :user }
+
+  describe "POST /session" do
+    context "when valid password" do
+      it "should return private token" do
+        post api("/session"), email: user.email, password: '123456'
+        response.status.should == 201
+
+        json_response['email'].should == user.email
+        json_response['private_token'].should == user.private_token
+      end
+    end
+
+    context "when invalid password" do
+      it "should return authentication error" do
+        post api("/session"), email: user.email, password: '123'
+        response.status.should == 403
+
+        json_response['email'].should be_nil
+        json_response['private_token'].should be_nil
+      end
+    end
+
+    context "when empty password" do
+      it "should return authentication error" do
+        post api("/session"), email: user.email
+        response.status.should == 403
+
+        json_response['email'].should be_nil
+        json_response['private_token'].should be_nil
+      end
+    end
+  end
+end
...	...	@@ -30,6 +30,7 @@ When listing resources you can pass the following parameters:
30	30	## Contents
31	31
32	32	+ [Users](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/users.md)
	33	++ [Session](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/session.md)
33	34	+ [Projects](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/projects.md)
34	35	+ [Snippets](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/snippets.md)
35	36	+ [Issues](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/issues.md)
...	...
...	...	@@ -0,0 +1,22 @@
	1	+Login to get private token
	2	+
	3	+```
	4	+POST /session
	5	+```
	6	+
	7	+Parameters:
	8	+
	9	++ `email` (required) - The email of user
	10	++ `password` (required) - Valid password
	11	+
	12	+
	13	+```json
	14	+{
	15	+ "id": 1,
	16	+ "email": "john@example.com",
	17	+ "name": "John Smith",
	18	+ "private_token": "dd34asd13as",
	19	+ "created_at": "2012-05-23T08:00:58Z",
	20	+ "blocked": true
	21	+}
	22	+```
...	...
...	...	@@ -18,5 +18,6 @@ module Gitlab
18	18	mount Issues
19	19	mount Milestones
20	20	mount Keys
	21	+ mount Session
21	22	end
22	23	end
...	...
...	...	@@ -9,6 +9,10 @@ module Gitlab
9	9	expose :id, :email, :name, :blocked, :created_at
10	10	end
11	11
	12	+ class UserLogin < Grape::Entity
	13	+ expose :id, :email, :name, :private_token, :blocked, :created_at
	14	+ end
	15	+
12	16	class Hook < Grape::Entity
13	17	expose :id, :url
14	18	end
...	...	@@ -52,8 +56,8 @@ module Gitlab
52	56	end
53	57
54	58	class Key < Grape::Entity
55		- expose :id,
56		- :title,
	59	+ expose :id,
	60	+ :title,
57	61	:key
58	62	end
59	63	end
...	...
...	...	@@ -0,0 +1,21 @@
	1	+module Gitlab
	2	+ # Users API
	3	+ class Session < Grape::API
	4	+ # Login to get token
	5	+ #
	6	+ # Example Request:
	7	+ # POST /session
	8	+ post "/session" do
	9	+ resource = User.find_for_database_authentication(email: params[:email])
	10	+
	11	+ return forbidden! unless resource
	12	+
	13	+ if resource.valid_password?(params[:password])
	14	+ present resource, with: Entities::UserLogin
	15	+ else
	16	+ forbidden!
	17	+ end
	18	+ end
	19	+ end
	20	+end
	21	+
...	...
...	...	@@ -0,0 +1,39 @@
	1	+require 'spec_helper'
	2	+
	3	+describe Gitlab::API do
	4	+ include ApiHelpers
	5	+
	6	+ let(:user) { Factory :user }
	7	+
	8	+ describe "POST /session" do
	9	+ context "when valid password" do
	10	+ it "should return private token" do
	11	+ post api("/session"), email: user.email, password: '123456'
	12	+ response.status.should == 201
	13	+
	14	+ json_response['email'].should == user.email
	15	+ json_response['private_token'].should == user.private_token
	16	+ end
	17	+ end
	18	+
	19	+ context "when invalid password" do
	20	+ it "should return authentication error" do
	21	+ post api("/session"), email: user.email, password: '123'
	22	+ response.status.should == 403
	23	+
	24	+ json_response['email'].should be_nil
	25	+ json_response['private_token'].should be_nil
	26	+ end
	27	+ end
	28	+
	29	+ context "when empty password" do
	30	+ it "should return authentication error" do
	31	+ post api("/session"), email: user.email
	32	+ response.status.should == 403
	33	+
	34	+ json_response['email'].should be_nil
	35	+ json_response['private_token'].should be_nil
	36	+ end
	37	+ end
	38	+ end
	39	+end
...	...