Merge remote-tracking branch 'switz/api-authentication' into develop

Conflicts:
	src/server/api.coffee
	test/api.mocha.coffee
This commit is contained in:
Tyler Renelle 2013-07-12 16:36:12 -04:00
commit 704a056c47
4 changed files with 54 additions and 4 deletions

View file

@ -33,6 +33,8 @@ if (process.env.NODE_ENV === 'development') {
"\n\t(2) open http://c4milo.github.com/node-webkit-agent/21.0.1180.57/inspector.html?host=localhost:1337&page=0");
}*/
if (process.env.NODE_ENV === 'development') Error.stackTraceLimit = Infinity;
process.on('uncaughtException', function (error) {
function sendEmail(mailData) {

View file

@ -8,6 +8,7 @@ validator = require 'derby-auth/node_modules/validator'
check = validator.check
sanitize = validator.sanitize
misc = require '../app/misc'
utils = require 'derby-auth/utils'
NO_TOKEN_OR_UID = err: "You must include a token and uid (user id) in your request"
NO_USER_FOUND = err: "No user found."
@ -92,6 +93,35 @@ router.put '/user', auth, (req, res) ->
userObj.tasks = _.toArray(userObj.tasks) # FIXME figure out how we're going to consistently handle this. should always be array
res.json 201, userObj
###
POST /user/auth
###
router.post '/user/auth', (req, res) ->
username = req.body.username
password = req.body.password
return res.json 401, err: 'No username or password' unless username and password
model = req.getModel()
q = model.query("users").withUsername(username)
q.fetch (err, result1) ->
return res.json 401, { err } if err
u1 = result1.get()
return res.json 401, err: 'Username not found' unless u1 # user not found
# We needed the whole user object first so we can get his salt to encrypt password comparison
q = model.query("users").withLogin(username, utils.encryptPassword(password, u1.auth.local.salt))
q.fetch (err, result2) ->
return res.json 401, { err } if err
# joshua tree?
u2 = result2.get()
return res.json 401, err: 'Incorrect password' unless u2
res.json
id: u2.id
token: u2.apiToken
###
GET /user/task/:id
###

View file

@ -23,9 +23,6 @@ racer.set('bundleTimeout', 40000)
# racer.use(racer.logPlugin)
# derby.use(derby.logPlugin)
# Infinite stack trace
Error.stackTraceLimit = Infinity if process.env.NODE_ENV is 'development'
## SERVER CONFIGURATION ##
expressApp = express()

View file

@ -2,6 +2,7 @@ _ = require 'lodash'
request = require 'superagent'
expect = require 'expect.js'
require 'coffee-script'
utils = require 'derby-auth/utils'
conf = require("nconf")
conf.argv().env().file({file: __dirname + '../config.json'}).defaults
@ -39,6 +40,7 @@ describe 'API', ->
model = null
user = null
uid = null
username = null
before (done) ->
server = require '../src/server'
@ -51,6 +53,13 @@ describe 'API', ->
user = helpers.newUser(true)
user.apiToken = model.id()
model.session = {userId:uid}
salt = utils.makeSalt()
username = 'jonfishman' + Math.random().toString().split('.')[1]
user.auth =
local:
username: username
hashed_password: utils.encryptPassword('icculus', salt)
salt: salt
model.set "users.#{uid}", user
delete model.session
# Crappy hack to let server start before tests run
@ -390,4 +399,16 @@ describe 'API', ->
done()
it 'POST /api/v1/user/auth', (done) ->
userAuth =
username: username
password: 'icculus'
request.post("#{baseURL}/user/auth")
.set('Accept', 'application/json')
.send(userAuth)
.end (res) ->
expect(res.body.err).to.be undefined
expect(res.statusCode).to.be 200
expect(res.body.id).to.be currentUser.id
expect(res.body.token).to.be currentUser.apiToken
done()