From 1bafef867058ffb54590687467041ede3e7832a5 Mon Sep 17 00:00:00 2001 From: Marcos Ronaldo Date: Tue, 26 Apr 2016 16:57:46 -0300 Subject: [PATCH] Adds hotspot to allow custom API login method --- lib/noosfero/api/helpers.rb | 1 + lib/noosfero/plugin.rb | 4 ++++ plugins/remote_user/lib/remote_user_plugin.rb | 45 ++++++++++++++++++++++----------------------- plugins/remote_user/test/unit/remote_user_plugin_test.rb | 11 +++++++++++ test/api/helpers_test.rb | 27 ++++++++++++++++++--------- 5 files changed, 56 insertions(+), 32 deletions(-) create mode 100644 plugins/remote_user/test/unit/remote_user_plugin_test.rb diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 3765ff2..fb618ca 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -23,6 +23,7 @@ require_relative '../../find_by_contents' def current_user private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s @current_user ||= User.find_by private_token: private_token + @current_user ||= plugins.dispatch("api_custom_login", request).first @current_user end diff --git a/lib/noosfero/plugin.rb b/lib/noosfero/plugin.rb index 6547732..613d627 100644 --- a/lib/noosfero/plugin.rb +++ b/lib/noosfero/plugin.rb @@ -682,6 +682,10 @@ class Noosfero::Plugin {} end + def api_custom_login request + nil + end + def method_missing(method, *args, &block) # This is a generic hotspot for all controllers on Noosfero. # If any plugin wants to define filters to run on any controller, the name of diff --git a/plugins/remote_user/lib/remote_user_plugin.rb b/plugins/remote_user/lib/remote_user_plugin.rb index 6f8cfa5..ac1bd04 100644 --- a/plugins/remote_user/lib/remote_user_plugin.rb +++ b/plugins/remote_user/lib/remote_user_plugin.rb @@ -8,43 +8,42 @@ class RemoteUserPlugin < Noosfero::Plugin _("A plugin that add remote user support.") end + def api_custom_login request + RemoteUserPlugin::current_user request, environment + end + + def self.current_user request, environment + remote_user = request.env["HTTP_REMOTE_USER"] + user_data = request.env['HTTP_REMOTE_USER_DATA'] + + remote_user_email = user_data.blank? ? (remote_user + '@remote.user') : JSON.parse(user_data)['email'] + remote_user_name = user_data.blank? ? remote_user : JSON.parse(user_data)['name'] + + user = User.where(environment_id: environment, login: remote_user).first + unless user + user = User.create!(:environment => environment, :login => remote_user, :email => remote_user_email, :name => remote_user_name, :password => ('pw4'+remote_user), :password_confirmation => ('pw4'+remote_user)) + user.activate + user.save! + end + user + end + def application_controller_filters block = proc do begin remote_user = request.headers["HTTP_REMOTE_USER"] - user_data = request.env['HTTP_REMOTE_USER_DATA'] if remote_user.blank? self.current_user = nil else - if user_data.blank? - remote_user_email = remote_user + '@remote.user' - remote_user_name = remote_user - else - user_data = JSON.parse(user_data) - remote_user_email = user_data['email'] - remote_user_name = user_data['name'] - end - if !logged_in? - self.current_user = User.where(environment_id: environment, login: remote_user).first - unless self.current_user - self.current_user = User.create!(:environment => environment, :login => remote_user, :email => remote_user_email, :name => remote_user_name, :password => ('pw4'+remote_user), :password_confirmation => ('pw4'+remote_user)) - self.current_user.activate - end - self.current_user.save! + self.current_user = RemoteUserPlugin::current_user request, environment else if remote_user != self.current_user.login self.current_user.forget_me reset_session - - self.current_user = User.where(environment_id: environment, login: remote_user).first - unless self.current_user - self.current_user = User.create!(:environment => environment, :login => remote_user, :email => remote_user_email, :name => remote_user_name, :password => ('pw4'+remote_user), :password_confirmation => ('pw4'+remote_user)) - self.current_user.activate - end - self.current_user.save! + self.current_user = RemoteUserPlugin::current_user request, environment end end end diff --git a/plugins/remote_user/test/unit/remote_user_plugin_test.rb b/plugins/remote_user/test/unit/remote_user_plugin_test.rb new file mode 100644 index 0000000..dd22338 --- /dev/null +++ b/plugins/remote_user/test/unit/remote_user_plugin_test.rb @@ -0,0 +1,11 @@ +require 'test_helper' +require_relative '../../../../test/api/test_helper' + +class RemoteUserPluginTest < ActiveSupport::TestCase + should 'call remote user hotspot to authenticate in API' do + environment = Environment.default + environment.enable_plugin(RemoteUserPlugin) + RemoteUserPlugin.any_instance.expects(:api_custom_login).once + get "/api/v1/people/me" + end +end diff --git a/test/api/helpers_test.rb b/test/api/helpers_test.rb index 9a877db..1a6db89 100644 --- a/test/api/helpers_test.rb +++ b/test/api/helpers_test.rb @@ -41,15 +41,24 @@ class APIHelpersTest < ActiveSupport::TestCase assert_equal user.person, current_person end -# #FIXME see how to make this test. Get the current_user variable -# should 'set current_user to nil after logout' do -# user = create_user('someuser') -# user.stubs(:private_token_expired?).returns(false) -# User.stubs(:find_by(private_token).returns: user) -# assert_not_nil current_user -# assert false -# logout -# end + should 'get the current user from plugins' do + + class CoolPlugin < Noosfero::Plugin + def api_custom_login request + user = User.create!(:login => 'zombie', :password => 'zombie', :password_confirmation => 'zombie', :email => 'zombie@brains.org', :environment => environment) + user.activate + user + end + end + + Noosfero::Plugin.stubs(:all).returns([CoolPlugin.name]) + Environment.default.enable_plugin(CoolPlugin) + + get "/api/v1/people/me" + + json = JSON.parse(last_response.body) + assert_equal "zombie", json['person']['name'] + end should 'limit be defined as the params limit value' do local_limit = 30 -- libgit2 0.21.2