Create authentication endpoint

sbhacks-org · Aug 26, 2020 · 041b5ba · 041b5ba
1 parent e73b49f
commit 041b5ba
Show file tree

Hide file tree

Showing 12 changed files with 90 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -25,3 +25,5 @@
 
 # Ignore master key for decrypting credentials and more.
 /config/master.key
+/config/credentials/development.key
+/config/credentials/production.key
diff --git a/app/api/api/auth.rb b/app/api/api/auth.rb
@@ -0,0 +1,23 @@
+module API
+  class Auth < Grape::API
+    namespace :session do
+      desc 'Acquires a session cookie from a username and password'
+      params do
+        requires :username, type: String
+        requires :password, type: String
+      end
+      post do
+        session.destroy
+
+        user = User.find_by(email: params[:username])
+
+        error! :not_found, 404 unless user.try(:authenticate, params[:password])
+
+        session[:user_id] = user.id
+
+        status :ok
+        {}
+      end
+    end
+  end
+end
diff --git a/app/api/api_helpers.rb b/app/api/api_helpers.rb
@@ -0,0 +1,7 @@
+module APIHelpers
+  extend Grape::API::Helpers
+
+  def session
+    env['rack.session']
+  end
+end
diff --git a/app/lib/auth/session_auth_middleware.rb b/app/lib/auth/session_auth_middleware.rb
@@ -0,0 +1,17 @@
+module Auth
+  class SessionAuthMiddleware < Rack::Auth::AbstractHandler
+    def call(env)
+      session = env['rack.session']
+
+      return @app.call(env) if session[:user_id]
+
+      unauthorized
+    end
+
+    private
+
+    def challenge
+      'Session-Cookie'
+    end
+  end
+end
diff --git a/config/credentials/development.yml.enc b/config/credentials/development.yml.enc
@@ -0,0 +1 @@
+hAbLzw==--Izatsmxe7g0ccMzf--NlgK4PY2R7zLYMwSPx4Yeg==
diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc
@@ -0,0 +1 @@
+DClZHkmJZpADs4292n3axT+PHxN5YgAXk7CUqJEiQlW9+BfPJjeCH6IgLVI13ERsPqjE5HLwPwkewSbjw2pzwTDoZ6IbLbJFCCE5TSMnDvfOo8mjzaFoqMyFSouUN5BRinqJlbm7tLIuWauoH5UjE2LmWN6n7hr8iO6dchDzyWyhDJ+sH2xqaiDrlIgTeJGbxhSEOg4dHw==--I5PVRTkkRL16keFX--RS9Oq7j9pwZalWyU/Q26lw==
diff --git a/config/initializers/cookies.rb b/config/initializers/cookies.rb
@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Rails.application.config.middleware.use ActionDispatch::Cookies
diff --git a/config/initializers/grape.rb b/config/initializers/grape.rb
@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+Rails.configuration.to_prepare do
+  Grape::Middleware::Auth::Strategies.add(:from_session, Auth::SessionAuthMiddleware)
+end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Rails.application.config.middleware.use ActionDispatch::Session::CookieStore, key: '_sbhacks_session'
diff --git a/test/api/auth_test.rb b/test/api/auth_test.rb
@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class AuthTest < ActionDispatch::IntegrationTest
+  test 'signing in sets the session id' do
+    user = sign_in_as(:user)
+
+    assert_equal user.id, @request.session[:user_id]
+  end
+
+  test 'signing in with invalid credentials clears the session' do
+    sign_in_as(:user)
+
+    post session_path, params: { username: 'nonexistent user', password: '' }
+
+    assert_nil @request.session[:user_id]
+  end
+end
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -1,11 +1,13 @@
 ENV['RAILS_ENV'] ||= 'test'
 require_relative '../config/environment'
 require 'rails/test_help'
+require 'test_helpers/sign_in_helper'
 
 module ActiveSupport
   class TestCase
     include GrapeRouteHelpers::NamedRouteMatcher
     include FactoryBot::Syntax::Methods
+    include SignInHelper
     # Run tests in parallel with specified workers
     parallelize(workers: :number_of_processors)
 

diff --git a/test/test_helpers/sign_in_helper.rb b/test/test_helpers/sign_in_helper.rb
@@ -0,0 +1,9 @@
+module SignInHelper
+  def sign_in_as(user)
+    user = create(user) if user.is_a? Symbol
+
+    post session_path, params: { username: user.email, password: user.password }
+
+    user
+  end
+end
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		hAbLzw==--Izatsmxe7g0ccMzf--NlgK4PY2R7zLYMwSPx4Yeg==
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		DClZHkmJZpADs4292n3axT+PHxN5YgAXk7CUqJEiQlW9+BfPJjeCH6IgLVI13ERsPqjE5HLwPwkewSbjw2pzwTDoZ6IbLbJFCCE5TSMnDvfOo8mjzaFoqMyFSouUN5BRinqJlbm7tLIuWauoH5UjE2LmWN6n7hr8iO6dchDzyWyhDJ+sH2xqaiDrlIgTeJGbxhSEOg4dHw==--I5PVRTkkRL16keFX--RS9Oq7j9pwZalWyU/Q26lw==
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Be sure to restart your server when you modify this file.

		Rails.application.config.middleware.use ActionDispatch::Cookies