api: accept private_token in header

Victor Costa · Rodrigo Souto
1 parent f19bda31
Showing 2 changed files with 15 additions and 1 deletions Show diff stats
lib/noosfero/api/helpers.rb
test/unit/api/helpers_test.rb
@@ -9,7 +9,7 @@ module Noosfero
       end
       def current_user
-        private_token = params[PRIVATE_TOKEN_PARAM].to_s if params
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s if params
         @current_user ||= User.find_by_private_token(private_token)
         @current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
         @current_user
@@ -5,6 +5,12 @@ class APITest &lt; ActiveSupport::TestCase
   include Noosfero::API::APIHelpers
+  def setup
+    @headers = {}
+  end
+
+  attr_accessor :headers
+
   should 'get the current user with valid token' do
     user = create_user('someuser')
     user.generate_private_token!
@@ -12,6 +18,13 @@ class APITest &lt; ActiveSupport::TestCase
     assert_equal user, current_user
   end
+  should 'get the current user with valid token in header' do
+    user = create_user('someuser')
+    user.generate_private_token!
+    headers['Private-Token'] = user.private_token
+    assert_equal user, current_user
+  end
+
   should 'not get the current user with expired token' do
     user = create_user('someuser')
     user.generate_private_token!
@@ -154,4 +167,5 @@ class APITest &lt; ActiveSupport::TestCase
   def params= value
     @params = value
   end
+
 end
	@@ -9,7 +9,7 @@ module Noosfero		@@ -9,7 +9,7 @@ module Noosfero
9	end	9	end
10		10
11	def current_user	11	def current_user
12	- private_token = params[PRIVATE_TOKEN_PARAM].to_s if params	12	+ private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s if params
13	@current_user \|\|= User.find_by_private_token(private_token)	13	@current_user \|\|= User.find_by_private_token(private_token)
14	@current_user = nil if !@current_user.nil? && @current_user.private_token_expired?	14	@current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
15	@current_user	15	@current_user
	@@ -5,6 +5,12 @@ class APITest < ActiveSupport::TestCase		@@ -5,6 +5,12 @@ class APITest < ActiveSupport::TestCase
5		5
6	include Noosfero::API::APIHelpers	6	include Noosfero::API::APIHelpers
7		7
		8	+ def setup
		9	+ @headers = {}
		10	+ end
		11	+
		12	+ attr_accessor :headers
		13	+
8	should 'get the current user with valid token' do	14	should 'get the current user with valid token' do
9	user = create_user('someuser')	15	user = create_user('someuser')
10	user.generate_private_token!	16	user.generate_private_token!
	@@ -12,6 +18,13 @@ class APITest < ActiveSupport::TestCase		@@ -12,6 +18,13 @@ class APITest < ActiveSupport::TestCase
12	assert_equal user, current_user	18	assert_equal user, current_user
13	end	19	end
14		20
		21	+ should 'get the current user with valid token in header' do
		22	+ user = create_user('someuser')
		23	+ user.generate_private_token!
		24	+ headers['Private-Token'] = user.private_token
		25	+ assert_equal user, current_user
		26	+ end
		27	+
15	should 'not get the current user with expired token' do	28	should 'not get the current user with expired token' do
16	user = create_user('someuser')	29	user = create_user('someuser')
17	user.generate_private_token!	30	user.generate_private_token!
	@@ -154,4 +167,5 @@ class APITest < ActiveSupport::TestCase		@@ -154,4 +167,5 @@ class APITest < ActiveSupport::TestCase
154	def params= value	167	def params= value
155	@params = value	168	@params = value
156	end	169	end
		170	+
157	end	171	end