From 36809005771e12efeccebaf850bd359dac552e53 Mon Sep 17 00:00:00 2001 From: Daniel Saewitz Date: Sun, 21 Apr 2013 11:53:36 -0400 Subject: [PATCH] API Auth working + 1 test --- server.js | 2 ++ src/server/api.coffee | 30 ++++++++++++++++++++++++++++++ test/api.mocha.coffee | 27 ++++++++++++++++++++++++--- 3 files changed, 56 insertions(+), 3 deletions(-) diff --git a/server.js b/server.js index 6412b78225..ddfc8bd6b7 100644 --- a/server.js +++ b/server.js @@ -33,6 +33,8 @@ if (process.env.NODE_ENV === 'development') { "\n\t(2) open http://c4milo.github.com/node-webkit-agent/21.0.1180.57/inspector.html?host=localhost:1337&page=0"); }*/ +if (process.env.NODE_ENV === 'development') Error.stackTraceLimit = Infinity; + process.on('uncaughtException', function (error) { function sendEmail(mailData) { diff --git a/src/server/api.coffee b/src/server/api.coffee index b7b8af798b..11be86b142 100644 --- a/src/server/api.coffee +++ b/src/server/api.coffee @@ -7,6 +7,7 @@ _ = require 'underscore' validator = require 'derby-auth/node_modules/validator' check = validator.check sanitize = validator.sanitize +utils = require 'derby-auth/utils' NO_TOKEN_OR_UID = err: "You must include a token and uid (user id) in your request" NO_USER_FOUND = err: "No user found." @@ -91,6 +92,35 @@ router.put '/user', auth, (req, res) -> userObj.tasks = _.toArray(userObj.tasks) # FIXME figure out how we're going to consistently handle this. should always be array res.json 201, userObj +### + POST /user/auth +### +router.post '/user/auth', (req, res) -> + username = req.body.username + password = req.body.password + return res.json 401, err: 'No username or password' unless username and password + + model = req.getModel() + + q = model.query("users").withUsername(username) + q.fetch (err, result1) -> + return res.json 401, { err } if err + u1 = result1.get() + return res.json 401, err: 'Username not found' unless u1 # user not found + + # We needed the whole user object first so we can get his salt to encrypt password comparison + q = model.query("users").withLogin(username, utils.encryptPassword(password, u1.auth.local.salt)) + q.fetch (err, result2) -> + return res.json 401, { err } if err + + # joshua tree? + u2 = result2.get() + return res.json 401, err: 'Incorrect password' unless u2 + + res.json + id: u2.id + token: u2.apiToken + ### GET /user/task/:id ### diff --git a/test/api.mocha.coffee b/test/api.mocha.coffee index 0a488d57df..d09988b081 100644 --- a/test/api.mocha.coffee +++ b/test/api.mocha.coffee @@ -2,6 +2,7 @@ _ = require 'underscore' request = require 'superagent' expect = require 'expect.js' require 'coffee-script' +utils = require 'derby-auth/utils' conf = require("nconf") conf.argv().env().file({file: __dirname + '../config.json'}).defaults @@ -39,6 +40,7 @@ describe 'API', -> model = null user = null uid = null + username = null before (done) -> server = require '../src/server' @@ -51,6 +53,13 @@ describe 'API', -> user = character.newUserObject() user.apiToken = model.id() model.session = {userId:uid} + salt = utils.makeSalt() + username = 'jonfishman' + Math.random().toString().split('.')[1] + user.auth = + local: + username: username + hashed_password: utils.encryptPassword('icculus', salt) + salt: salt model.set "users.#{uid}", user delete model.session # Crappy hack to let server start before tests run @@ -374,11 +383,11 @@ describe 'API', -> tasks = res.body.tasks expect(_.findWhere(tasks,{id:habitId})).to.eql {id: habitId,text: 'hello2',notes: 'note2'} - + foundNewTask = _.findWhere(tasks,{text:'new task2'}) expect(foundNewTask.text).to.be 'new task2' expect(foundNewTask.notes).to.be 'notes2' - + found = _.findWhere(res.body.tasks, {id:dailyId}) expect(found).to.not.be.ok() @@ -390,4 +399,16 @@ describe 'API', -> done() - + it 'POST /api/v1/user/auth', (done) -> + userAuth = + username: username + password: 'icculus' + request.post("#{baseURL}/user/auth") + .set('Accept', 'application/json') + .send(userAuth) + .end (res) -> + expect(res.body.err).to.be undefined + expect(res.statusCode).to.be 200 + expect(res.body.id).to.be currentUser.id + expect(res.body.token).to.be currentUser.apiToken + done()