Allow logging in via token before recording

7 years ago · 85823d8b83
parent 74c32eb81d
commit 85823d8b83
5 changed files with 23 additions and 18 deletions
--- a/lib/asciinema/users.ex
+++ b/lib/asciinema/users.ex
@ -51,27 +51,32 @@ defmodule Asciinema.Users do
    end
  end

-  def get_user_with_api_token(username, api_token) do
+  def get_user_with_api_token(api_token, tmp_username \\ nil) do
    case authenticate(api_token) do
-      {:ok, %User{} = user} ->
-        user
-      {:error, :token_revoked} ->
-        nil
+      {:ok, %User{}} = res ->
+        res
+      {:error, :token_revoked} = res ->
+        res
      {:error, :token_not_found} ->
-        create_user_with_api_token(username, api_token)
+        create_user_with_api_token(api_token, tmp_username)
    end
  end

-  def create_user_with_api_token(username, api_token) do
-    user_changeset = User.temporary_changeset(username)
+  def create_user_with_api_token(api_token, tmp_username) do
+    user_changeset = User.temporary_changeset(tmp_username)

    {_, result} = Repo.transaction(fn ->
      with {:ok, %User{} = user} <- Repo.insert(user_changeset),
           api_token_changeset = ApiToken.create_changeset(user, api_token),
           {:ok, %ApiToken{}} <- Repo.insert(api_token_changeset) do
-        user
+        {:ok, user}
      else
-        _otherwise -> Repo.rollback(nil)
+        {:error, %Ecto.Changeset{}} ->
+          {:error, :token_invalid}
+        {:error, _} = err ->
+          Repo.rollback(err)
+        result ->
+          Repo.rollback({:error, result})
      end
    end)

--- a/test/controllers/api/asciicast_controller_test.exs
+++ b/test/controllers/api/asciicast_controller_test.exs
@ -84,7 +84,7 @@ defmodule Asciinema.Api.AsciicastControllerTest do
    end

    test "existing user (API token)", %{conn: conn, token: token} do
-      Users.create_user_with_api_token("test", token)
+      {:ok, _} = Users.create_user_with_api_token(token, "test")
      upload = fixture(:upload, %{path: "1/asciicast.json"})
      conn = post conn, api_asciicast_path(conn, :create), %{"asciicast" => upload}
      assert text_response(conn, 201) =~ @asciicast_url
@ -99,7 +99,7 @@ defmodule Asciinema.Api.AsciicastControllerTest do
    end

    test "authentication with revoked token", %{conn: conn, token: token} do
-      Users.get_user_with_api_token("test", token) # force registration of the token
+      Users.get_user_with_api_token(token, "test") # force registration of the token
      token |> Users.get_api_token! |> Users.revoke_api_token!
      upload = fixture(:upload, %{path: "1/asciicast.json"})
      conn = post conn, api_asciicast_path(conn, :create), %{"asciicast" => upload}
--- a/test/controllers/session_controller_test.exs
+++ b/test/controllers/session_controller_test.exs
@ -9,7 +9,7 @@ defmodule Asciinema.SessionControllerTest do
  @other_tmp_user_token "2eafaa20-80c8-47fc-b014-74072027edae"

  setup %{conn: conn} do
-    %User{} = Users.get_user_with_api_token("revoked", @revoked_token)
+    {:ok, %User{}} = Users.get_user_with_api_token(@revoked_token, "revoked")
    @revoked_token |> Users.get_api_token! |> Users.revoke_api_token!

    regular_user = fixture(:user)
@ -18,9 +18,9 @@ defmodule Asciinema.SessionControllerTest do
    other_regular_user = fixture(:user, %{username: "other", email: "other@example.com"})
    ApiToken.create_changeset(other_regular_user, @other_regular_user_token) |> Repo.insert!

-    %User{} = tmp_user = Users.get_user_with_api_token("tmp", @tmp_user_token)
+    {:ok, %User{} = tmp_user} = Users.get_user_with_api_token(@tmp_user_token, "tmp")

-    %User{} = Users.get_user_with_api_token("other_tmp", @other_tmp_user_token)
+    {:ok, %User{}} = Users.get_user_with_api_token(@other_tmp_user_token, "other_tmp")

    {:ok, conn: conn, regular_user: regular_user, tmp_user: tmp_user}
  end
--- a/web/controllers/api/asciicast_controller.ex
+++ b/web/controllers/api/asciicast_controller.ex
@ -73,7 +73,7 @@ defmodule Asciinema.Api.AsciicastController do

  defp authenticate(conn, _opts) do
    with {username, api_token} <- get_basic_auth(conn),
-         %User{} = user <- Users.get_user_with_api_token(username, api_token) do
+         {:ok, %User{} = user} <- Users.get_user_with_api_token(api_token, username) do
      assign(conn, :current_user, user)
    else
      _otherwise ->
--- a/web/controllers/session_controller.ex
+++ b/web/controllers/session_controller.ex
@ -4,10 +4,10 @@ defmodule Asciinema.SessionController do
  alias Asciinema.{Auth, Users, User}

  def create(conn, %{"api_token" => api_token}) do
-    case Users.authenticate(api_token) do
+    case Users.get_user_with_api_token(api_token) do
      {:ok, user} ->
        login(conn, user)
-      {:error, :token_not_found} ->
+      {:error, :token_invalid} ->
        conn
        |> put_rails_flash(:alert, "Invalid token. Make sure you pasted the URL correctly.")
        |> redirect(to: "/")