Merge pull request #22 from RadiusNetworks/scoped-path-updates

cupakromer · web-flow · commit d2bcc188d9ce · 2017-02-06T21:39:09.000-05:00
Initial Rails 5 API updates
diff --git a/lib/kracken/controllers/json_api_compatible.rb b/lib/kracken/controllers/json_api_compatible.rb
@@ -50,7 +50,7 @@ def munge_resource_root!
         end
 
         def verify_scoped_resource(resource, options = {})
-          name = "verify_scoped_#{resource}"
+          name = "verify_scoped_#{resource}".to_sym
           relation = options.extract!(:as).fetch(:as, resource).to_s.pluralize
           scope = options.extract!(:scope).fetch(:scope, :current_user)
           resource_id = (resource_type == resource.to_sym) ? :id : "#{resource}_id"
@@ -74,14 +74,6 @@ def verify_required_params(options = {})
         end
       end
 
-      def self.included(base)
-        base.instance_exec do
-          extend Macros
-
-          before_action :munge_chained_param_ids!
-        end
-      end
-
       module DataIntegrity
         # Scan each item in the data root and enforce it has an id set.
         def enforce_resource_ids!
@@ -102,6 +94,18 @@ def verify_required_params!
                   "Single beacon object provided but multiple resources requested"
           end
         end
+
+        # Negotiate the mime type for the request format
+        #
+        # This will modify the request object setting the format.
+        def negotiate_mime
+          return if request.negotiate_mime(ALLOWED_MEDIA_TYPES)
+          raise ::ActionController::UnknownFormat
+        end
+
+      private
+
+        ALLOWED_MEDIA_TYPES = [Mime[:json]].freeze
       end
       include DataIntegrity
 
@@ -125,6 +129,7 @@ def self.included(base)
         base.instance_exec do
           extend Macros
 
+          before_action :negotiate_mime
           before_action :munge_chained_param_ids!
           skip_before_action :verify_authenticity_token, raise: false
 
diff --git a/lib/kracken/controllers/token_authenticatable.rb b/lib/kracken/controllers/token_authenticatable.rb
@@ -29,6 +29,33 @@ def request_http_token_authentication(realm = 'Application')
         end
       end
 
+    module_function
+
+      TOKEN_AUTH_CACHE_PREFIX = "auth/token/"
+
+      def cache_valid_auth(token, force: false, &generate_cache)
+        cache_key = TOKEN_AUTH_CACHE_PREFIX + token
+        val = Rails.cache.read(cache_key) unless force
+        val ||= store_valid_auth(cache_key, &generate_cache)
+        shallow_freeze(val)
+      end
+
+      def clear_auth_cache
+        Rails.cache.delete_matched TOKEN_AUTH_CACHE_PREFIX + "*"
+      end
+
+      def shallow_freeze(val)
+        # `nil` is frozen in Ruby 2.2 but not in Ruby 2.1
+        return val if val.frozen? || val.nil?
+        val.each { |_k, v| v.freeze }.freeze
+      end
+
+      def store_valid_auth(cache_key)
+        val = yield
+        Rails.cache.write(cache_key, val, CACHE_TTL_OPTS) if val
+        val
+      end
+
     private
 
       CACHE_TTL_OPTS = {
@@ -51,19 +78,6 @@ def authenticate_user_with_token!
         }
       end
 
-      def cache_valid_auth(token, &generate_cache)
-        cache_key = "auth/token/#{token}"
-        val = Rails.cache.read(cache_key)
-        val ||= store_valid_auth(cache_key, &generate_cache)
-        shallow_freeze(val)
-      end
-
-      def shallow_freeze(val)
-        # `nil` is frozen in Ruby 2.2 but not in Ruby 2.1
-        return val if val.frozen? || val.nil?
-        val.each { |_k, v| v.freeze }.freeze
-      end
-
       def current_auth_info
         @_auth_info ||= {}
       end
@@ -96,12 +110,6 @@ def munge_header_auth_token!
       def realm
         self.class.realm
       end
-
-      def store_valid_auth(cache_key)
-        val = yield
-        Rails.cache.write(cache_key, val, CACHE_TTL_OPTS) if val
-        val
-      end
     end
 
   end
diff --git a/lib/kracken/json_api.rb b/lib/kracken/json_api.rb
@@ -1,7 +1,6 @@
 require_relative 'json_api/exception_wrapper'
 require_relative 'json_api/path'
 require_relative 'json_api/public_exceptions'
-require_relative 'json_api/request'
 require_relative 'json_api/routing_mapper'
 
 module Kracken
diff --git a/lib/kracken/json_api/exception_wrapper.rb b/lib/kracken/json_api/exception_wrapper.rb
@@ -17,8 +17,23 @@ def self.status_code_for_exception(class_name)
         end
       end
 
-      def is_details_exception?
-        @@rescue_with_details_responses.has_key?(exception.class.name)
+      # Temporary work around while we support versions of Rails before 4
+      if Rails::VERSION::MAJOR < 5
+        def is_details_exception?
+          @@rescue_with_details_responses.has_key?(exception.class.name)
+        end
+      else
+        attr_reader :raised_exception
+
+        def initialize(backtrace_cleaner, exception)
+          super
+          @raised_exception = exception
+        end
+
+        def is_details_exception?
+          @@rescue_with_details_responses.has_key?(raised_exception.class.name) ||
+            @@rescue_with_details_responses.has_key?(exception.class.name)
+        end
       end
     end
   end
diff --git a/lib/kracken/json_api/path.rb b/lib/kracken/json_api/path.rb
@@ -1,14 +1,22 @@
 module Kracken
   module JsonApi
     class Path
-      attr_reader :path_match
+      attr_reader :basename
+      attr_reader :pathname
 
       def initialize(path)
-        @path_match = Pathname(path).join('*').to_path
+        @basename = ActionDispatch::Journey::Router::Utils.normalize_path(path)
+        @pathname = @basename + "/"
       end
 
       def matches?(request)
-        request.supports_json_format? && request.path.fnmatch?(path_match)
+        path_matches?(request.original_fullpath)
+      end
+
+    private
+
+      def path_matches?(path)
+        path == basename || path.start_with?(pathname)
       end
     end
   end
diff --git a/lib/kracken/json_api/public_exceptions.rb b/lib/kracken/json_api/public_exceptions.rb
@@ -37,7 +37,7 @@ def initialize(app)
       end
 
       def call(env)
-        if JsonApi.has_path?(JsonApi::Request.new(env))
+        if JsonApi.has_path?(ActionDispatch::Request.new(env))
           capture_error(env)
         else
           @app.call(env)
@@ -59,11 +59,23 @@ def capture_error(env)
 
         response
       rescue Exception => exception
-        wrapper = ExceptionWrapper.new(env, exception)
+        wrapper = exception_wrapper(env, exception)
         log_error(env, wrapper)
         render_json_error(wrapper)
       end
 
+      if Rails::VERSION::MAJOR < 5
+        def exception_wrapper(env, exception)
+          ExceptionWrapper.new(env, exception)
+        end
+      else
+        def exception_wrapper(env, exception)
+          request = ActionDispatch::Request.new(env)
+          backtrace_cleaner = request.get_header('action_dispatch.backtrace_cleaner')
+          ExceptionWrapper.new(backtrace_cleaner, exception)
+        end
+      end
+
       if Rails.env.production?
         def additional_details(error)
           {}
diff --git a/lib/kracken/json_api/request.rb b/lib/kracken/json_api/request.rb
diff --git a/lib/kracken/rspec.rb b/lib/kracken/rspec.rb
@@ -14,6 +14,12 @@ module Request
       def sign_in(user = nil)
         Kracken::SpecHelper.current_user = user
       end
+
+      def token_authorize(user, token:)
+        Kracken::Controllers::TokenAuthenticatable::cache_valid_auth(token, force: true) do
+          { id: user.id, team_ids: user.team_ids }
+        end
+      end
     end
 
     module Controller
@@ -43,8 +49,10 @@ def current_user
       end
     end
     module TokenAuthenticatable
+      alias_method :__original_user__, :current_user
       def current_user
-        Kracken::SpecHelper.current_user
+        Kracken::SpecHelper.current_user or
+          (current_user_id && __original_user__)
       end
 
       alias_method :__original_auth__, :authenticate_user_with_token!
@@ -69,6 +77,10 @@ def authenticate_user_with_token!
     c.include Kracken::SpecHelper::Request, type: :kracken
     c.include Kracken::SpecHelper::Request, type: :request
 
+    c.before do
+      Kracken::Controllers::TokenAuthenticatable.clear_auth_cache
+    end
+
     c.before(type: :kracken) do
         Kracken::SpecHelper.current_user = nil
     end
diff --git a/spec/requests/api_spec.rb b/spec/requests/api_spec.rb
