mirror of
https://github.com/sudoxnym/habitica.git
synced 2026-07-12 23:08:35 +00:00
Merge remote-tracking branch 'switz/api-authentication' into develop
Conflicts: src/server/api.coffee test/api.mocha.coffee
This commit is contained in:
commit
704a056c47
4 changed files with 54 additions and 4 deletions
|
|
@ -33,6 +33,8 @@ if (process.env.NODE_ENV === 'development') {
|
|||
"\n\t(2) open http://c4milo.github.com/node-webkit-agent/21.0.1180.57/inspector.html?host=localhost:1337&page=0");
|
||||
}*/
|
||||
|
||||
if (process.env.NODE_ENV === 'development') Error.stackTraceLimit = Infinity;
|
||||
|
||||
process.on('uncaughtException', function (error) {
|
||||
|
||||
function sendEmail(mailData) {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ validator = require 'derby-auth/node_modules/validator'
|
|||
check = validator.check
|
||||
sanitize = validator.sanitize
|
||||
misc = require '../app/misc'
|
||||
utils = require 'derby-auth/utils'
|
||||
|
||||
NO_TOKEN_OR_UID = err: "You must include a token and uid (user id) in your request"
|
||||
NO_USER_FOUND = err: "No user found."
|
||||
|
|
@ -92,6 +93,35 @@ router.put '/user', auth, (req, res) ->
|
|||
userObj.tasks = _.toArray(userObj.tasks) # FIXME figure out how we're going to consistently handle this. should always be array
|
||||
res.json 201, userObj
|
||||
|
||||
###
|
||||
POST /user/auth
|
||||
###
|
||||
router.post '/user/auth', (req, res) ->
|
||||
username = req.body.username
|
||||
password = req.body.password
|
||||
return res.json 401, err: 'No username or password' unless username and password
|
||||
|
||||
model = req.getModel()
|
||||
|
||||
q = model.query("users").withUsername(username)
|
||||
q.fetch (err, result1) ->
|
||||
return res.json 401, { err } if err
|
||||
u1 = result1.get()
|
||||
return res.json 401, err: 'Username not found' unless u1 # user not found
|
||||
|
||||
# We needed the whole user object first so we can get his salt to encrypt password comparison
|
||||
q = model.query("users").withLogin(username, utils.encryptPassword(password, u1.auth.local.salt))
|
||||
q.fetch (err, result2) ->
|
||||
return res.json 401, { err } if err
|
||||
|
||||
# joshua tree?
|
||||
u2 = result2.get()
|
||||
return res.json 401, err: 'Incorrect password' unless u2
|
||||
|
||||
res.json
|
||||
id: u2.id
|
||||
token: u2.apiToken
|
||||
|
||||
###
|
||||
GET /user/task/:id
|
||||
###
|
||||
|
|
|
|||
|
|
@ -23,9 +23,6 @@ racer.set('bundleTimeout', 40000)
|
|||
# racer.use(racer.logPlugin)
|
||||
# derby.use(derby.logPlugin)
|
||||
|
||||
# Infinite stack trace
|
||||
Error.stackTraceLimit = Infinity if process.env.NODE_ENV is 'development'
|
||||
|
||||
## SERVER CONFIGURATION ##
|
||||
|
||||
expressApp = express()
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ _ = require 'lodash'
|
|||
request = require 'superagent'
|
||||
expect = require 'expect.js'
|
||||
require 'coffee-script'
|
||||
utils = require 'derby-auth/utils'
|
||||
|
||||
conf = require("nconf")
|
||||
conf.argv().env().file({file: __dirname + '../config.json'}).defaults
|
||||
|
|
@ -39,6 +40,7 @@ describe 'API', ->
|
|||
model = null
|
||||
user = null
|
||||
uid = null
|
||||
username = null
|
||||
|
||||
before (done) ->
|
||||
server = require '../src/server'
|
||||
|
|
@ -51,6 +53,13 @@ describe 'API', ->
|
|||
user = helpers.newUser(true)
|
||||
user.apiToken = model.id()
|
||||
model.session = {userId:uid}
|
||||
salt = utils.makeSalt()
|
||||
username = 'jonfishman' + Math.random().toString().split('.')[1]
|
||||
user.auth =
|
||||
local:
|
||||
username: username
|
||||
hashed_password: utils.encryptPassword('icculus', salt)
|
||||
salt: salt
|
||||
model.set "users.#{uid}", user
|
||||
delete model.session
|
||||
# Crappy hack to let server start before tests run
|
||||
|
|
@ -390,4 +399,16 @@ describe 'API', ->
|
|||
done()
|
||||
|
||||
|
||||
|
||||
it 'POST /api/v1/user/auth', (done) ->
|
||||
userAuth =
|
||||
username: username
|
||||
password: 'icculus'
|
||||
request.post("#{baseURL}/user/auth")
|
||||
.set('Accept', 'application/json')
|
||||
.send(userAuth)
|
||||
.end (res) ->
|
||||
expect(res.body.err).to.be undefined
|
||||
expect(res.statusCode).to.be 200
|
||||
expect(res.body.id).to.be currentUser.id
|
||||
expect(res.body.token).to.be currentUser.apiToken
|
||||
done()
|
||||
|
|
|
|||
Loading…
Reference in a new issue