Setup tokens controller

2021-04-13 16:11:22 +02:00 · 2021-04-13 16:11:22 +02:00 · 2753b9f6c8
commit 2753b9f6c8
parent f8aae15cdc
6 changed files with 58 additions and 1 deletions
--- a/app/controllers/api/v1/tokens_controller.rb
+++ b/app/controllers/api/v1/tokens_controller.rb
@ -0,0 +1,20 @@
+class Api::V1::TokensController < ApplicationController
+  def create
+    @user = User.find_by_email(user_params[:email])
+    if @user&.authenticate(user_params[:password])
+      render json: {
+        token: JsonWebToken.encode(user_id: @user.id),
+        email: @user.email
+      }
+    else
+      head :unauthorized
+    end
+  end
+
+  private
+
+  # Only allow a trusted parameter "white list" through.
+  def user_params
+    params.require(:user).permit(:email, :password)
+  end
+end
--- a/config/application.rb
+++ b/config/application.rb
@ -36,5 +36,8 @@ module RegistraApi
    # Middleware like session, flash, cookies can be added back manually.
    # Skip views, helpers and assets when generating a new resource.
    config.api_only = true
+
+    # Adds the content of 'lib' folder to Ruby on Rails _autoload_s
+    config.eager_load_paths << Rails.root.join('lib')
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -2,6 +2,7 @@ Rails.application.routes.draw do
  namespace :api, defaults: { format: :json }  do
    namespace :v1 do
      resources :users
+      resources :tokens, only: %i[create]
    end
  end
 end
--- a/lib/json_web_token.rb
+++ b/lib/json_web_token.rb
@ -0,0 +1,13 @@
+class JsonWebToken
+  SECRET_KEY = Rails.application.credentials.secret_key_base.to_s
+
+  def self.encode(payload, exp = 24.hours.from_now)
+    payload[:exp] = exp.to_i
+    JWT.encode(payload, SECRET_KEY)
+  end
+
+  def self.decode(token)
+    decoded = JWT.decode(token, SECRET_KEY).first
+    HashWithIndifferentAccess.new decoded
+  end
+end
--- a/test/controllers/api/v1/tokens_controller_test.rb
+++ b/test/controllers/api/v1/tokens_controller_test.rb
@ -0,0 +1,20 @@
+require "test_helper"
+
+class Api::V1::TokensControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = users(:one)
+  end
+
+  test 'should get JWT token' do
+    post api_v1_tokens_url, params: { user: { email: @user.email, password: 'g00d_pa$$' } }, as: :json
+    assert_response :success
+
+    json_response = JSON.parse(response.body)
+    assert_not_nil json_response['token']
+  end
+
+  test 'should not get JWT token' do
+    post api_v1_tokens_url, params: { user: { email: @user.email, password: 'b@d_pa$$' } }, as: :json
+    assert_response :unauthorized
+  end
+end
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@ -3,4 +3,4 @@
 one:
  email: one@one.com
  username: OneUsername
-  password_digest: v@lid_pa$$w0rd
+  password_digest: <%= BCrypt::Password.create('g00d_pa$$') %>