api: accept private_token in header

Victor Costa · Rodrigo Souto
1 parent f19bda31
Showing 2 changed files with 15 additions and 1 deletions Show diff stats
lib/noosfero/api/helpers.rb
test/unit/api/helpers_test.rb
@@ -9,7 +9,7 @@ module Noosfero
       end
  
       def current_user
-        private_token = params[PRIVATE_TOKEN_PARAM].to_s if params
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s if params
         @current_user ||= User.find_by_private_token(private_token)
         @current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
         @current_user
@@ -5,6 +5,12 @@ class APITest &lt; ActiveSupport::TestCase
  
   include Noosfero::API::APIHelpers
  
+  def setup
+    @headers = {}
+  end
+
+  attr_accessor :headers
+
   should 'get the current user with valid token' do
     user = create_user('someuser')
     user.generate_private_token!
@@ -12,6 +18,13 @@ class APITest &lt; ActiveSupport::TestCase
     assert_equal user, current_user
   end
  
+  should 'get the current user with valid token in header' do
+    user = create_user('someuser')
+    user.generate_private_token!
+    headers['Private-Token'] = user.private_token
+    assert_equal user, current_user
+  end
+
   should 'not get the current user with expired token' do
     user = create_user('someuser')
     user.generate_private_token!
@@ -154,4 +167,5 @@ class APITest &lt; ActiveSupport::TestCase
   def params= value
     @params = value
   end
+
 end
...	...	@@ -9,7 +9,7 @@ module Noosfero
9	9	end
10	10
11	11	def current_user
12		- private_token = params[PRIVATE_TOKEN_PARAM].to_s if params
	12	+ private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s if params
13	13	@current_user \|\|= User.find_by_private_token(private_token)
14	14	@current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
15	15	@current_user
...	...
...	...	@@ -5,6 +5,12 @@ class APITest < ActiveSupport::TestCase
5	5
6	6	include Noosfero::API::APIHelpers
7	7
	8	+ def setup
	9	+ @headers = {}
	10	+ end
	11	+
	12	+ attr_accessor :headers
	13	+
8	14	should 'get the current user with valid token' do
9	15	user = create_user('someuser')
10	16	user.generate_private_token!
...	...	@@ -12,6 +18,13 @@ class APITest < ActiveSupport::TestCase
12	18	assert_equal user, current_user
13	19	end
14	20
	21	+ should 'get the current user with valid token in header' do
	22	+ user = create_user('someuser')
	23	+ user.generate_private_token!
	24	+ headers['Private-Token'] = user.private_token
	25	+ assert_equal user, current_user
	26	+ end
	27	+
15	28	should 'not get the current user with expired token' do
16	29	user = create_user('someuser')
17	30	user.generate_private_token!
...	...	@@ -154,4 +167,5 @@ class APITest < ActiveSupport::TestCase
154	167	def params= value
155	168	@params = value
156	169	end
	170	+
157	171	end
...	...