I want be able to get token via api. Used for mobile applications

This commit is contained in:
Dmitriy Zaporozhets 2012-09-20 17:44:44 +03:00
parent 37817cc31d
commit 9aafe77e70
6 changed files with 90 additions and 2 deletions

View file

@ -30,6 +30,7 @@ When listing resources you can pass the following parameters:
## Contents
+ [Users](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/users.md)
+ [Session](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/session.md)
+ [Projects](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/projects.md)
+ [Snippets](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/snippets.md)
+ [Issues](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/issues.md)

22
doc/api/session.md Normal file
View file

@ -0,0 +1,22 @@
Login to get private token
```
POST /session
```
Parameters:
+ `email` (required) - The email of user
+ `password` (required) - Valid password
```json
{
"id": 1,
"email": "john@example.com",
"name": "John Smith",
"private_token": "dd34asd13as",
"created_at": "2012-05-23T08:00:58Z",
"blocked": true
}
```

View file

@ -18,5 +18,6 @@ module Gitlab
mount Issues
mount Milestones
mount Keys
mount Session
end
end

View file

@ -9,6 +9,10 @@ module Gitlab
expose :id, :email, :name, :blocked, :created_at
end
class UserLogin < Grape::Entity
expose :id, :email, :name, :private_token, :blocked, :created_at
end
class Hook < Grape::Entity
expose :id, :url
end

21
lib/api/session.rb Normal file
View file

@ -0,0 +1,21 @@
module Gitlab
# Users API
class Session < Grape::API
# Login to get token
#
# Example Request:
# POST /session
post "/session" do
resource = User.find_for_database_authentication(email: params[:email])
return forbidden! unless resource
if resource.valid_password?(params[:password])
present resource, with: Entities::UserLogin
else
forbidden!
end
end
end
end

View file

@ -0,0 +1,39 @@
require 'spec_helper'
describe Gitlab::API do
include ApiHelpers
let(:user) { Factory :user }
describe "POST /session" do
context "when valid password" do
it "should return private token" do
post api("/session"), email: user.email, password: '123456'
response.status.should == 201
json_response['email'].should == user.email
json_response['private_token'].should == user.private_token
end
end
context "when invalid password" do
it "should return authentication error" do
post api("/session"), email: user.email, password: '123'
response.status.should == 403
json_response['email'].should be_nil
json_response['private_token'].should be_nil
end
end
context "when empty password" do
it "should return authentication error" do
post api("/session"), email: user.email
response.status.should == 403
json_response['email'].should be_nil
json_response['private_token'].should be_nil
end
end
end
end