From 3624f9df53f65d5f51ca67d082e3c08cb114c40d Mon Sep 17 00:00:00 2001 From: Marcos Ronaldo Date: Tue, 26 Apr 2016 16:57:46 -0300 Subject: [PATCH] Adds hotspot to allow custom API login method --- lib/noosfero/api/helpers.rb | 3 ++- lib/noosfero/plugin.rb | 4 ++++ plugins/remote_user/lib/remote_user_plugin.rb | 45 ++++++++++++++++++++++----------------------- plugins/remote_user/test/unit/remote_user_plugin_test.rb | 11 +++++++++++ test/unit/api/helpers_test.rb | 27 ++++++++++++++++++--------- 5 files changed, 57 insertions(+), 33 deletions(-) create mode 100644 plugins/remote_user/test/unit/remote_user_plugin_test.rb diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 952a84d..7ca9224 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -22,7 +22,8 @@ require_relative '../../find_by_contents' def current_user private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s - @current_user ||= User.find_by_private_token(private_token) + @current_user ||= User.find_by private_token: private_token + @current_user ||= plugins.dispatch("api_custom_login", request).first @current_user end diff --git a/lib/noosfero/plugin.rb b/lib/noosfero/plugin.rb index 20b5980..1ca8201 100644 --- a/lib/noosfero/plugin.rb +++ b/lib/noosfero/plugin.rb @@ -682,6 +682,10 @@ class Noosfero::Plugin {} end + def api_custom_login request + nil + end + def method_missing(method, *args, &block) # This is a generic hotspot for all controllers on Noosfero. # If any plugin wants to define filters to run on any controller, the name of diff --git a/plugins/remote_user/lib/remote_user_plugin.rb b/plugins/remote_user/lib/remote_user_plugin.rb index 6f8cfa5..ac1bd04 100644 --- a/plugins/remote_user/lib/remote_user_plugin.rb +++ b/plugins/remote_user/lib/remote_user_plugin.rb @@ -8,43 +8,42 @@ class RemoteUserPlugin < Noosfero::Plugin _("A plugin that add remote user support.") end + def api_custom_login request + RemoteUserPlugin::current_user request, environment + end + + def self.current_user request, environment + remote_user = request.env["HTTP_REMOTE_USER"] + user_data = request.env['HTTP_REMOTE_USER_DATA'] + + remote_user_email = user_data.blank? ? (remote_user + '@remote.user') : JSON.parse(user_data)['email'] + remote_user_name = user_data.blank? ? remote_user : JSON.parse(user_data)['name'] + + user = User.where(environment_id: environment, login: remote_user).first + unless user + user = User.create!(:environment => environment, :login => remote_user, :email => remote_user_email, :name => remote_user_name, :password => ('pw4'+remote_user), :password_confirmation => ('pw4'+remote_user)) + user.activate + user.save! + end + user + end + def application_controller_filters block = proc do begin remote_user = request.headers["HTTP_REMOTE_USER"] - user_data = request.env['HTTP_REMOTE_USER_DATA'] if remote_user.blank? self.current_user = nil else - if user_data.blank? - remote_user_email = remote_user + '@remote.user' - remote_user_name = remote_user - else - user_data = JSON.parse(user_data) - remote_user_email = user_data['email'] - remote_user_name = user_data['name'] - end - if !logged_in? - self.current_user = User.where(environment_id: environment, login: remote_user).first - unless self.current_user - self.current_user = User.create!(:environment => environment, :login => remote_user, :email => remote_user_email, :name => remote_user_name, :password => ('pw4'+remote_user), :password_confirmation => ('pw4'+remote_user)) - self.current_user.activate - end - self.current_user.save! + self.current_user = RemoteUserPlugin::current_user request, environment else if remote_user != self.current_user.login self.current_user.forget_me reset_session - - self.current_user = User.where(environment_id: environment, login: remote_user).first - unless self.current_user - self.current_user = User.create!(:environment => environment, :login => remote_user, :email => remote_user_email, :name => remote_user_name, :password => ('pw4'+remote_user), :password_confirmation => ('pw4'+remote_user)) - self.current_user.activate - end - self.current_user.save! + self.current_user = RemoteUserPlugin::current_user request, environment end end end diff --git a/plugins/remote_user/test/unit/remote_user_plugin_test.rb b/plugins/remote_user/test/unit/remote_user_plugin_test.rb new file mode 100644 index 0000000..dd22338 --- /dev/null +++ b/plugins/remote_user/test/unit/remote_user_plugin_test.rb @@ -0,0 +1,11 @@ +require 'test_helper' +require_relative '../../../../test/api/test_helper' + +class RemoteUserPluginTest < ActiveSupport::TestCase + should 'call remote user hotspot to authenticate in API' do + environment = Environment.default + environment.enable_plugin(RemoteUserPlugin) + RemoteUserPlugin.any_instance.expects(:api_custom_login).once + get "/api/v1/people/me" + end +end diff --git a/test/unit/api/helpers_test.rb b/test/unit/api/helpers_test.rb index 5c0e4d0..af2676c 100644 --- a/test/unit/api/helpers_test.rb +++ b/test/unit/api/helpers_test.rb @@ -41,15 +41,24 @@ class APIHelpersTest < ActiveSupport::TestCase assert_equal user.person, current_person end -# #FIXME see how to make this test. Get the current_user variable -# should 'set current_user to nil after logout' do -# user = create_user('someuser') -# user.stubs(:private_token_expired?).returns(false) -# User.stubs(:find_by_private_token).returns(user) -# assert_not_nil current_user -# assert false -# logout -# end + should 'get the current user from plugins' do + + class CoolPlugin < Noosfero::Plugin + def api_custom_login request + user = User.create!(:login => 'zombie', :password => 'zombie', :password_confirmation => 'zombie', :email => 'zombie@brains.org', :environment => environment) + user.activate + user + end + end + + Noosfero::Plugin.stubs(:all).returns([CoolPlugin.name]) + Environment.default.enable_plugin(CoolPlugin) + + get "/api/v1/people/me" + + json = JSON.parse(last_response.body) + assert_equal "zombie", json['person']['name'] + end should 'limit be defined as the params limit value' do local_limit = 30 -- libgit2 0.21.2