Confirm user account endpoints

Author: weban-pl

lib/travis/api/app/endpoint/authorization.rb

@@ -127,6 +127,21 @@ class Authorization < Endpoint
         halt 401, 'could not resolve github token'
       end
 
+      get '/confirm_user/:token' do
+        content_type :json
+        Travis::RemoteVCS::User.new.confirm_user(token: params[:token])
+        { status: 200 }.to_json
+      rescue Travis::RemoteVCS::ResponseError
+        halt 404, 'The token is expired or not found.'
+      end
+
+      get '/request_confirmation/:id' do
+        content_type :json
+        Travis::RemoteVCS::User
+          .new.request_confirmation(id: current_user.id)
+        { status: 200 }.to_json
+      end
+
       private
 
         # update first login date if not set

lib/travis/api/serialize/v2/http/user.rb

@@ -1,5 +1,4 @@
 require 'travis/api/serialize/formats'
-require 'travis/github/oauth'
 require 'travis/remote_vcs/user'
 require 'travis/remote_vcs/response_error'
 

lib/travis/api/v3/renderer/user.rb

@@ -2,7 +2,7 @@
 
 module Travis::API::V3
   class Renderer::User < Renderer::Owner
-    representation(:standard, :email, :is_syncing, :synced_at, :recently_signed_up, :secure_user_hash)
+    representation(:standard, :email, :is_syncing, :synced_at, :recently_signed_up, :secure_user_hash, :confirmed_at)
     representation(:additional, :emails)
 
     def email

lib/travis/remote_vcs/user.rb

@@ -44,6 +44,20 @@ def check_scopes(user_id:)
           req.url "users/#{user_id}/check_scopes"
         end && true
       end
+
+      def confirm_user(token:)
+        request(:post, __method__) do |req|
+          req.url 'users/confirm'
+          req.params['token'] = token
+        end
+      end
+
+      def request_confirmation(id:)
+        request(:post, __method__) do |req|
+          req.url 'users/request_confirmation'
+          req.params['id'] = id
+        end
+      end
     end
   end
 end

spec/auth/v2/users_spec.rb

@@ -3,6 +3,7 @@
   let(:repo) { Repository.by_slug('svenfuchs/minimal').first }
 
   before { allow_any_instance_of(Travis::RemoteVCS::User).to receive(:check_scopes) }
+
   # TODO put /users/
   # TODO put /users/:id ?
   # TODO post /users/sync

spec/travis/remote_vcs/user_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'rspec'
+
+describe Travis::RemoteVCS::User do
+  describe '#confirm_user' do
+    let(:token) { double(:token) }
+    let(:instance) { described_class.new }
+    let(:req) { double(:request) }
+    let(:params) { double(:params) }
+
+    subject { instance.confirm_user(token: token) }
+
+    before do
+      allow(req).to receive(:url)
+      allow(req).to receive(:params).and_return(params)
+      allow(params).to receive(:[]=)
+    end
+
+    it 'performs POST to VCS with proper params' do
+      expect(instance).to receive(:request).with(:post, :confirm_user).and_yield(req)
+      expect(req).to receive(:url).with('users/confirm')
+      expect(params).to receive(:[]=).with('token', token)
+
+      subject
+    end
+  end
+
+  describe '#request_confirmation' do
+    let(:id) { double(:id) }
+    let(:instance) { described_class.new }
+    let(:req) { double(:request) }
+    let(:params) { double(:params) }
+
+    subject { instance.request_confirmation(id: id) }
+
+    before do
+      allow(req).to receive(:url)
+      allow(req).to receive(:params).and_return(params)
+      allow(params).to receive(:[]=)
+    end
+
+    it 'performs POST to VCS with proper params' do
+      expect(instance).to receive(:request).with(:post, :request_confirmation).and_yield(req)
+      expect(req).to receive(:url).with('users/request_confirmation')
+      expect(params).to receive(:[]=).with('id', id)
+
+      subject
+    end
+  end
+end

spec/unit/endpoint/authorization_spec.rb

@@ -304,4 +304,53 @@ def user_for(github_token)
       expect(post('/auth/github', github_token: 'public repos')).to be_ok
     end
   end
+
+  describe 'GET /confirm_user/:token' do
+    context 'when response is ok' do
+      before { allow_any_instance_of(Travis::RemoteVCS::User).to receive(:confirm_user) }
+
+      it 'returns ok' do
+        expect(get('/auth/confirm_user/mytokentopass')).to be_ok
+      end
+
+      it 'calls VCS service with proper params' do
+        expect_any_instance_of(Travis::RemoteVCS::User)
+          .to receive(:confirm_user).with(token: 'mytokentopass')
+
+        get('/auth/confirm_user/mytokentopass')
+      end
+    end
+
+    context 'when response is not ok' do
+      before do
+        allow_any_instance_of(Travis::RemoteVCS::User)
+          .to receive(:confirm_user).and_raise(Travis::RemoteVCS::ResponseError)
+      end
+
+      it 'returns 404 with a message' do
+        expect(get('/auth/confirm_user/mytokentopass')).not_to be_ok
+        expect(last_response.status).to eq(404)
+        expect(body).to include('The token is expired or not found.')
+      end
+    end
+  end
+
+  describe 'GET /request_confirmation/:session_token/:id' do
+    let(:current_user) { double(:user, id: 123) }
+    before do
+      allow_any_instance_of(described_class).to receive(:current_user).and_return(current_user)
+      allow_any_instance_of(Travis::RemoteVCS::User).to receive(:request_confirmation)
+    end
+
+    it 'returns ok' do
+      expect(get('/auth/request_confirmation/123')).to be_ok
+    end
+
+    it 'calls VCS service with proper params' do
+      expect_any_instance_of(Travis::RemoteVCS::User)
+        .to receive(:request_confirmation).with(id: 123)
+
+      get('/auth/request_confirmation/123')
+    end
+  end
 end

spec/v3/services/installation/find_spec.rb

@@ -64,6 +64,7 @@
         "allow_migration" => false,
         "recently_signed_up" => false,
         "secure_user_hash" => nil,
+        "confirmed_at" => nil,
       }
     }}
   end

spec/v3/services/owner/find_spec.rb

@@ -296,6 +296,7 @@
         },
         "recently_signed_up"=>false,
         "secure_user_hash" => nil,
+        "confirmed_at" => nil,
       }}
     end
 
@@ -326,6 +327,7 @@
         },
         "recently_signed_up"=>false,
         "secure_user_hash" => nil,
+        "confirmed_at" => nil,
       }}
     end
 
@@ -356,6 +358,7 @@
         },
         "recently_signed_up"=>false,
         "secure_user_hash" => nil,
+        "confirmed_at" => nil,
       }}
     end
 
@@ -390,6 +393,7 @@
         },
         "recently_signed_up"=>false,
         "secure_user_hash" => nil,
+        "confirmed_at" => nil,
         "@warnings"        => [{
           "@type"          => "warning",
           "message"        => "query parameter user.id not safelisted, ignored",

spec/v3/services/user/current_spec.rb

@@ -30,7 +30,8 @@
         "id"                    => user.id
       },
       "recently_signed_up"=>false,
-      "secure_user_hash" => nil
+      "secure_user_hash" => nil,
+      "confirmed_at" => nil,
     }}
   end
 end