From 7f6b41d8b17b0e1ddfc2c3f05a7332e7271eec01 Mon Sep 17 00:00:00 2001 From: Seth Call Date: Thu, 18 Feb 2016 06:12:28 -0600 Subject: [PATCH] * jamblaster apis VRFS-3912 --- db/manifest | 1 + db/up/jamblaster_v2.sql | 2 + .../models/jamblaster_pairing_request.rb | 2 +- .../controllers/api_jamblasters_controller.rb | 123 ++++++++++++++-- web/app/views/api_jamblasters/auth_users.rabl | 7 + web/app/views/api_jamblasters/get_tokens.rabl | 5 +- web/config/routes.rb | 5 +- .../api_jamblasters_controller_spec.rb | 137 +++++++++--------- 8 files changed, 198 insertions(+), 84 deletions(-) create mode 100644 db/up/jamblaster_v2.sql create mode 100644 web/app/views/api_jamblasters/auth_users.rabl diff --git a/db/manifest b/db/manifest index d48a70cc5..23fd550a6 100755 --- a/db/manifest +++ b/db/manifest @@ -334,3 +334,4 @@ test_drive_lessons.sql whitelist.sql teacher_student_flags.sql add_sale_source_col.sql +jamblaster_v2.sql \ No newline at end of file diff --git a/db/up/jamblaster_v2.sql b/db/up/jamblaster_v2.sql new file mode 100644 index 000000000..b825f2ae3 --- /dev/null +++ b/db/up/jamblaster_v2.sql @@ -0,0 +1,2 @@ +ALTER TABLE jamblaster_pairing_requests ALTER COLUMN sibling_key DROP NOT NULL; +ALTER TABLE jamblaster_pairing_requests ADD COLUMN vtoken VARCHAR(400) NOT NULL; \ No newline at end of file diff --git a/ruby/lib/jam_ruby/models/jamblaster_pairing_request.rb b/ruby/lib/jam_ruby/models/jamblaster_pairing_request.rb index 682c34314..1f4b98fa7 100644 --- a/ruby/lib/jam_ruby/models/jamblaster_pairing_request.rb +++ b/ruby/lib/jam_ruby/models/jamblaster_pairing_request.rb @@ -8,7 +8,7 @@ module JamRuby validates :jamblaster, presence: true validates :jamblaster_client_id, presence: true validates :sibling_client_id, presence: true - validates :sibling_key, presence: true + validates :vtoken, presence: true end end diff --git a/web/app/controllers/api_jamblasters_controller.rb b/web/app/controllers/api_jamblasters_controller.rb index 9ecf43923..46f788ef1 100644 --- a/web/app/controllers/api_jamblasters_controller.rb +++ b/web/app/controllers/api_jamblasters_controller.rb @@ -1,8 +1,90 @@ class ApiJamblastersController < ApiController - before_filter :api_signed_in_user, except: [:login, :store_token] + before_filter :api_signed_in_user, except: [:login, :store_token, :auth_users, :can_pair, :is_allowed] respond_to :json + # called from jamblaster + def can_pair + cid_a = params[:cid_a] + cid_b = params[:cid_b] + + connection_a = nil + connection_b = nil + + connection_a = Connection.find_by_client_id(cid_a) if cid_a + connection_b = Connection.find_by_client_id(cid_b) if cid_b + + if connection_a.nil? + render :json => {:message => 'No connection found with client_id ' + cid_a, reason: "cid_a"}, :status => 404 + return + end + + if connection_b.nil? + render :json => {:message => 'No connection found with client_id ' + cid_b, reason: "cid_b"}, :status => 404 + return + end + + user_a = connection_a.user + user_b = connection_b.user + + if user_a.nil? + render :json => {:message => 'No connection found with client_id ' + user_a, reason: "user_a"}, :status => 404 + return + end + + if user_b.nil? + render :json => {:message => 'No connection found with client_id ' + user_b, reason: "user_b"}, :status => 404 + return + end + + if user_a.id == user_b.id + render :json => {}, :status => 200 + else + render :json => {:message => 'Users do not match for both client IDs', reason: "can_not_pair"}, :status => 403 + end + end + + def is_allowed + #Pass the jbid & cbid. Reply is no error on true, else error + jbid = params[:jbid] + cbid = params[:cbid] + + jamblaster = Jamblaster.find_by_client_id!(jbid) + + connection = Connection.find_by_client_id(cbid) + if connection.nil? + render :json => {:message => 'No connection found with client_id ' + cbid, reason: "cbid"}, :status => 404 + return + end + + user = connection.user + if user.nil? + render :json => {:message => 'No user associated with the connection ' + cbid, reason: "cbid"}, :status => 404 + return + end + + if jamblaster && !user.jamblasters.include?(jamblaster) + render :json => {reason: "jamblaster_access", message: "current user does not have access to jamblaster #{jamblaster.id}"}, status: 403 + return + end + + render :json => {}, status: 200 + end + + def auth_users + # use by jamblaster to get all key (cid,key)* that are currently paired to it. + + jbid = params[:jbid] + serial_no = params[:serial_no] + + @jamblaster = Jamblaster.where(client_id: jbid, serial_no: serial_no).first + + if @jamblaster.nil? + render :json => {:message => 'No jamblaster found with serial_no ' + serial_no + ' and jbid' + jbid, reason: "serial_no"}, :status => 404 + return + end + end + def get_tokens @jamblasters = current_user.jamblasters end @@ -20,7 +102,7 @@ class ApiJamblastersController < ApiController @pairing.jamblaster_client_id = params[:jbid] @pairing.jamblaster = jamblaster @pairing.sibling_client_id = params[:scid] - @pairing.sibling_key = params[:key] + @pairing.vtoken = params[:vtoken] if !@pairing.save respond_with_model(@pairing) else @@ -31,22 +113,22 @@ class ApiJamblastersController < ApiController def login scid = params[:scid] jbid = params[:jbid] - key = params[:key] + vtoken = params[:vtoken] serial_no = params[:serial_no] - pairing_request = JamblasterPairingRequest.where(jamblaster_client_id: jbid).where(sibling_client_id: scid).where(sibling_key: key).first + pairing_request = JamblasterPairingRequest.where(jamblaster_client_id: jbid).where(sibling_client_id: scid).where(vtoken: vtoken).first jamblaster = Jamblaster.find_by_serial_no(serial_no) if jamblaster.nil? - render :json => { :message => 'No jamblaster found with serial_no ' + serial_no, reason: "serial_no" }, :status => 404 + render :json => {:message => 'No jamblaster found with serial_no ' + serial_no, reason: "serial_no"}, :status => 404 return end if pairing_request.nil? - render :json => { :message => "No pairing request found with jbid=#{jbid} && sibling_client_id=#{scid} && sibling_key=#{key}", reason: "no_pairing_request" }, :status => 404 + render :json => {:message => "No pairing request found with jbid=#{jbid} && sibling_client_id=#{scid} && vtoken=#{vtokne}", reason: "no_pairing_request"}, :status => 404 return end - render :json => {remember_token: pairing_request.user.remember_token}, :status => 200 + render :json => {}, :status => 200 end def store_token @@ -57,12 +139,12 @@ class ApiJamblastersController < ApiController pairing_request = JamblasterPairingRequest.where(jamblaster_client_id: jbid).where(sibling_client_id: scid).where(sibling_key: key).first if pairing_request.nil? - render :json => { :message => "No pairing request found with jbid=#{jbid} && sibling_client_id=#{scid} && sibling_key=#{key}", reason: "no_pairing_request" }, :status => 404 + render :json => {:message => "No pairing request found with jbid=#{jbid} && sibling_client_id=#{scid} && sibling_key=#{key}", reason: "no_pairing_request"}, :status => 404 return end if vtoken.blank? - render :json => { :errors => { vtoken: ['is empty'] } }, :status => 422 + render :json => {:errors => {vtoken: ['is empty']}}, :status => 422 return end @@ -77,24 +159,37 @@ class ApiJamblastersController < ApiController end def pair + key = params[:key] vtoken = params[:vtoken] scid = params[:scid] jbid = params[:jbid] - jamblaster = Jamblaster.find_by_vtoken(vtoken) + jamblaster = Jamblaster.find_by_client_id!(jbid) if jamblaster.nil? - render :json => {reason: "no_vtoken", message: "No jamblaster found with vtoken:#{vtoken}" }, status: 404 + render :json => {reason: "no_jbid", message: "No jamblaster found with jbid:#{jbid}"}, status: 404 return end - if !current_user.jamblasters.include?(jamblaster) + pairing_request = JamblasterPairingRequest.find_by_vtoken(vtoken) + + if pairing_request.nil? + render :json => {:message => "No pairing request found with vtoken=#{vtoken}", reason: "no_pairing_request"}, :status => 404 + return + end + + if !pairing_request.user.jamblasters.include?(jamblaster) render :json => {reason: "jamblaster_access", message: "current user does not have access to jamblaster #{jamblaster.id} with vtoken #{vtoken}"}, status: 403 return end - Jamblaster.send_pair_attempt(jbid, scid, vtoken) + pairing_request.sibling_key = key - @jamblaster = jamblaster + if !pairing_request.save + respond_with_model(pairing_request) + else + Jamblaster.send_pair_attempt(jbid, scid, key) + @jamblaster = jamblaster + end end end diff --git a/web/app/views/api_jamblasters/auth_users.rabl b/web/app/views/api_jamblasters/auth_users.rabl new file mode 100644 index 000000000..073d7df4e --- /dev/null +++ b/web/app/views/api_jamblasters/auth_users.rabl @@ -0,0 +1,7 @@ +object @jamblaster + +attributes :id, :serial_no, :client_id + +child(:jamblaster_pairing_requests => :pairings) { + attributes :sibling_client_id, :jamblaster_client_id, :vtoken, :key +} \ No newline at end of file diff --git a/web/app/views/api_jamblasters/get_tokens.rabl b/web/app/views/api_jamblasters/get_tokens.rabl index 6fdfa70ef..db23a32cc 100644 --- a/web/app/views/api_jamblasters/get_tokens.rabl +++ b/web/app/views/api_jamblasters/get_tokens.rabl @@ -1,4 +1,7 @@ object @jamblasters +attributes :id, :serial_no, :client_id -attributes :id, :serial_no, :client_id, :vtoken \ No newline at end of file +child(:jamblaster_pairing_requests => :pairings) { + attributes :sibling_client_id, :jamblaster_client_id, :vtoken, :key +} \ No newline at end of file diff --git a/web/config/routes.rb b/web/config/routes.rb index b0f8829f3..2c022619f 100644 --- a/web/config/routes.rb +++ b/web/config/routes.rb @@ -676,7 +676,10 @@ SampleApp::Application.routes.draw do match '/links/sessions' => 'api_links#session_index' match '/links/recordings' => 'api_links#recording_index' - match 'jamblasters/pairing/tokens' => 'api_jamblasters#get_tokens', :via => :get + match 'desktopclient/canpair' => 'api_jamblasters#can_pair', :via => :get + match 'jamblasters/pairing/isallowed' => 'api_jamblasters#is_allowed', :via => :get + match 'jamblasters/pairing/authusers' => 'api_jamblasters#auth_users', :via => :get + match 'jamblasters/pairing/mykeys' => 'api_jamblasters#get_tokens', :via => :get match 'jamblasters/pairing/start' => 'api_jamblasters#start_pairing', :via => :post match 'jamblasters/pairing/login' => 'api_jamblasters#login', :via => :post match 'jamblasters/pairing/store' => 'api_jamblasters#store_token', :via => :post diff --git a/web/spec/controllers/api_jamblasters_controller_spec.rb b/web/spec/controllers/api_jamblasters_controller_spec.rb index 20dfaffea..70aa5a704 100644 --- a/web/spec/controllers/api_jamblasters_controller_spec.rb +++ b/web/spec/controllers/api_jamblasters_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' describe ApiJamblastersController do render_views - let(:user) {FactoryGirl.create(:user)} + let(:user) { FactoryGirl.create(:user) } let(:jamblaster) { FactoryGirl.create(:jamblaster, user: user) } before(:each) do @@ -11,13 +11,51 @@ describe ApiJamblastersController do Jamblaster.delete_all end + describe "can_pair" do + it "works" do + connection1 = FactoryGirl.create(:connection, :user => user, client_id: 'abc1') + connection2 = FactoryGirl.create(:connection, :user => user, client_id: 'abc2') + + get :can_pair, {:format => 'json', cid_a: connection1.client_id, cid_b: connection2.client_id} + response.status.should == 200 + end + end + + describe "is_allowed" do + before(:each) do + user.jamblasters << jamblaster + user.save! + end + + it "works" do + connection1 = FactoryGirl.create(:connection, :user => user, client_id: 'client_id3') + + get :is_allowed, {:format => 'json', jbid: jamblaster.client_id, cbid: connection1.client_id} + response.status.should == 200 + end + end + + describe "auth_users" do + before(:each) do + user.jamblasters << jamblaster + user.save! + end + + it "works" do + get :auth_users, {:format => 'json', jbid: jamblaster.client_id, serial_no: jamblaster.serial_no} + response.status.should == 200 + json = JSON.parse(response.body) + json["pairings"].length.should eq(0) + end + end + describe "get_tokens" do before(:each) { controller.current_user = user } it "works" do - get :get_tokens, {:format=>'json' } + get :get_tokens, {:format => 'json'} response.status.should == 200 json = JSON.parse(response.body) json.length.should eq(0) @@ -28,13 +66,13 @@ describe ApiJamblastersController do user.jamblasters << jamblaster user.save! - get :get_tokens, {:format=>'json' } + get :get_tokens, {:format => 'json'} response.status.should == 200 json = JSON.parse(response.body) json.length.should eq(1) end end - + describe "start_pairing" do before(:each) do @@ -44,19 +82,19 @@ describe ApiJamblastersController do end it "works" do - post :start_pairing, {:format=>'json', jbid: jamblaster.client_id, scid: 'sibling_id', key: 'sibling_key'} + post :start_pairing, {:format => 'json', jbid: jamblaster.client_id, scid: 'sibling_id', vtoken: 'vtoken'} json = JSON.parse(response.body) response.status.should == 200 request = JamblasterPairingRequest.where(jamblaster_id: jamblaster.id).first request.should_not be_nil request.user.should eql(user) - request.sibling_key.should eq 'sibling_key' + request.vtoken.should eq 'vtoken' request.sibling_client_id.should eq 'sibling_id' end it "returns 422 if bogus jamblaster" do - post :start_pairing, {:format=>'json', jbid: 'nada', scid: 'sibling_id', key: 'sibling_key'} + post :start_pairing, {:format => 'json', jbid: 'nada', scid: 'sibling_id', vtoken: 'vtoken'} json = JSON.parse(response.body) response.status.should == 422 json = JSON.parse(response.body) @@ -76,51 +114,19 @@ describe ApiJamblastersController do end it "works" do - post :start_pairing, {:format=>'json', jbid: jamblaster.client_id, scid: 'sibling_id2', key: 'sibling_key2'} + post :start_pairing, {:format => 'json', jbid: jamblaster.client_id, scid: 'sibling_id2', vtoken: 'vtoken2'} response.status.should == 200 - request = JamblasterPairingRequest.where(jamblaster_client_id: jamblaster.client_id, sibling_key: 'sibling_key2', sibling_client_id: 'sibling_id2').first + request = JamblasterPairingRequest.where(jamblaster_client_id: jamblaster.client_id, vtoken: 'vtoken2', sibling_client_id: 'sibling_id2').first request.should_not be_nil request.user.should eql(user) - request.sibling_key.should eq 'sibling_key2' + request.vtoken.should eq 'vtoken2' request.sibling_client_id.should eq 'sibling_id2' request.jamblaster_client_id.should eq jamblaster.client_id - post :login, {:format=>'json', jbid: jamblaster.client_id, serial_no: jamblaster.serial_no, scid: 'sibling_id2', key: 'sibling_key2'} + post :login, {:format => 'json', jbid: jamblaster.client_id, serial_no: jamblaster.serial_no, scid: 'sibling_id2', vtoken: 'vtoken2'} json = JSON.parse(response.body) response.status.should == 200 - json['remember_token'].should eq(user.remember_token) - end - end - - describe "store_token" do - - before(:each) do - controller.current_user = user - user.jamblasters << jamblaster - user.save! - end - - it "works" do - post :start_pairing, {:format=>'json', jbid: jamblaster.client_id, scid: 'sibling_id3', key: 'sibling_key3'} - response.status.should == 200 - - request = JamblasterPairingRequest.where(jamblaster_client_id: jamblaster.client_id, sibling_key: 'sibling_key3', sibling_client_id: 'sibling_id3').first - request.should_not be_nil - request.user.should eql(user) - request.sibling_key.should eq 'sibling_key3' - request.sibling_client_id.should eq 'sibling_id3' - request.jamblaster_client_id.should eq jamblaster.client_id - - post :login, {:format=>'json', jbid: jamblaster.client_id, serial_no: jamblaster.serial_no, scid: 'sibling_id3', key: 'sibling_key3'} - json = JSON.parse(response.body) - response.status.should == 200 - json['remember_token'].should eq(user.remember_token) - - post :store_token, {:format => 'json', vtoken: 'vtoken1', scid: 'sibling_id3', jbid: jamblaster.client_id, key: 'sibling_key3'} - json = JSON.parse(response.body) - response.status.should == 200 - json['id'].should eq(jamblaster.id) end end @@ -133,37 +139,34 @@ describe ApiJamblastersController do it "works" do - post :start_pairing, {:format=>'json', jbid: jamblaster.client_id, scid: 'sibling_id4', key: 'sibling_key4'} + post :start_pairing, {:format => 'json', jbid: jamblaster.client_id, scid: 'sibling_id4', vtoken: 'vtoken4'} response.status.should == 200 - request = JamblasterPairingRequest.where(jamblaster_client_id: jamblaster.client_id, sibling_key: 'sibling_key4', sibling_client_id: 'sibling_id4').first + request = JamblasterPairingRequest.where(jamblaster_client_id: jamblaster.client_id, vtoken: 'vtoken4', sibling_client_id: 'sibling_id4').first request.should_not be_nil request.user.should eql(user) - request.sibling_key.should eq 'sibling_key4' + request.vtoken.should eq 'vtoken4' request.sibling_client_id.should eq 'sibling_id4' request.jamblaster_client_id.should eq jamblaster.client_id - post :login, {:format=>'json', jbid: jamblaster.client_id, serial_no: jamblaster.serial_no, scid: 'sibling_id4', key: 'sibling_key4'} + post :login, {:format => 'json', jbid: jamblaster.client_id, serial_no: jamblaster.serial_no, scid: 'sibling_id4', vtoken: 'vtoken4'} json = JSON.parse(response.body) response.status.should == 200 - json['remember_token'].should eq(user.remember_token) - post :store_token, {:format => 'json', vtoken: 'vtoken2', scid: 'sibling_id4', jbid: jamblaster.client_id, key: 'sibling_key4'} - json = JSON.parse(response.body) - response.status.should == 200 - json['id'].should eq(jamblaster.id) - - get :get_tokens, {:format=>'json' } - response.status.should == 200 - json = JSON.parse(response.body) - json.length.should eq(1) - vtoken = json[0]["vtoken"] - vtoken.should eq("vtoken2") - - post :pair, {:format => 'json', vtoken: 'vtoken2', scid: 'sibling_id4', jbid: jamblaster.client_id} + post :pair, {:format => 'json', vtoken: 'vtoken4', scid: 'sibling_id4', jbid: jamblaster.client_id, key: 'abc'} response.status.should == 200 json = JSON.parse(response.body) json["id"].should eq jamblaster.id + + get :get_tokens, {:format => 'json'} + response.status.should == 200 + json = JSON.parse(response.body) + puts "JSON #{json}" + json.length.should eq(1) + vtoken = json[0]["pairings"][0]["vtoken"] + vtoken.should eq("vtoken4") + + end end @@ -173,17 +176,17 @@ describe ApiJamblastersController do end it "get_tokens" do - get :get_tokens, {:format=>'json' } + get :get_tokens, {:format => 'json'} response.status.should == 200 end it "start_pairing" do - post :start_pairing, {:format=>'json'} + post :start_pairing, {:format => 'json'} response.status.should == 422 end it "pair" do - post :pair, {:format=>'json'} + post :pair, {:format => 'json'} response.status.should == 404 end end @@ -194,17 +197,17 @@ describe ApiJamblastersController do end it "get_tokens" do - get :get_tokens, {:format=>'json'} + get :get_tokens, {:format => 'json'} response.status.should == 403 end it "start_pairing" do - post :start_pairing, {:format=>'json'} + post :start_pairing, {:format => 'json'} response.status.should == 403 end it "pair" do - post :pair, {:format=>'json'} + post :pair, {:format => 'json'} response.status.should == 403 end end