From 3fd3248b93552bcb4653e6e7c5c3aa88988bd371 Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 11:52:13 +0200 Subject: [PATCH 01/12] [434] parse user_id from bearer token --- .../concerns/uffizzi_core/auth_management.rb | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/core/app/controllers/concerns/uffizzi_core/auth_management.rb b/core/app/controllers/concerns/uffizzi_core/auth_management.rb index 48623ce7..5ccb35c2 100644 --- a/core/app/controllers/concerns/uffizzi_core/auth_management.rb +++ b/core/app/controllers/concerns/uffizzi_core/auth_management.rb @@ -14,7 +14,18 @@ def signed_in? end def current_user - @current_user ||= UffizziCore::User.find_by(id: session[:user_id]) + @current_user ||= UffizziCore::User.find_by(id: current_user_id) + end + + def auth_token + @auth_token ||= request.headers['Authorization'] + end + + def current_user_id + return session[:user_id] if session[:user_id].present? + return unless auth_token.present? + + UffizziCore::TokenService.decode(auth_token)[:user_id] end def authenticate_request! From b4dd6de5c2b487a0af2ce7ce8b8165a4ba40e96e Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 12:26:01 +0200 Subject: [PATCH 02/12] [434] moved token service to dependency injection --- .../controllers/concerns/uffizzi_core/auth_management.rb | 5 ++++- .../concerns/uffizzi_core/dependency_injection_concern.rb | 6 ++++++ core/lib/uffizzi_core.rb | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/core/app/controllers/concerns/uffizzi_core/auth_management.rb b/core/app/controllers/concerns/uffizzi_core/auth_management.rb index 5ccb35c2..5fed0606 100644 --- a/core/app/controllers/concerns/uffizzi_core/auth_management.rb +++ b/core/app/controllers/concerns/uffizzi_core/auth_management.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true module UffizziCore::AuthManagement + include UffizziCore::DependencyInjectionConcern + def sign_in(user) session[:user_id] = user.id end @@ -25,7 +27,8 @@ def current_user_id return session[:user_id] if session[:user_id].present? return unless auth_token.present? - UffizziCore::TokenService.decode(auth_token)[:user_id] + decoded_token = access_token_module.decode(auth_token) + decoded_token&.dig(:user_id) end def authenticate_request! diff --git a/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb b/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb index 5bb75769..a50e26df 100644 --- a/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb +++ b/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb @@ -51,6 +51,12 @@ def domain_module module_class(:domain_module) end + def access_token_module + return unless module_exists?(:token_module) + + module_class(:token_module) + end + private def module_exists?(module_name) diff --git a/core/lib/uffizzi_core.rb b/core/lib/uffizzi_core.rb index 466020dc..d5b7e726 100644 --- a/core/lib/uffizzi_core.rb +++ b/core/lib/uffizzi_core.rb @@ -30,6 +30,7 @@ module UffizziCore mattr_accessor :dependencies, default: { rbac: 'UffizziCore::Rbac::UserAccessService', + token_module: 'UffizziCore::TokenService', } mattr_accessor :table_names, default: { accounts: :uffizzi_core_accounts, From cffaaa6f5162b540dd713a529e036e7083c5d6f3 Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 12:48:18 +0200 Subject: [PATCH 03/12] [434] removed dependency injection --- core/app/controllers/concerns/uffizzi_core/auth_management.rb | 4 +--- core/lib/uffizzi_core.rb | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/core/app/controllers/concerns/uffizzi_core/auth_management.rb b/core/app/controllers/concerns/uffizzi_core/auth_management.rb index 5fed0606..ee82cdb0 100644 --- a/core/app/controllers/concerns/uffizzi_core/auth_management.rb +++ b/core/app/controllers/concerns/uffizzi_core/auth_management.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true module UffizziCore::AuthManagement - include UffizziCore::DependencyInjectionConcern - def sign_in(user) session[:user_id] = user.id end @@ -27,7 +25,7 @@ def current_user_id return session[:user_id] if session[:user_id].present? return unless auth_token.present? - decoded_token = access_token_module.decode(auth_token) + decoded_token = UffizziCore::TokenService.decode(auth_token) decoded_token&.dig(:user_id) end diff --git a/core/lib/uffizzi_core.rb b/core/lib/uffizzi_core.rb index d5b7e726..466020dc 100644 --- a/core/lib/uffizzi_core.rb +++ b/core/lib/uffizzi_core.rb @@ -30,7 +30,6 @@ module UffizziCore mattr_accessor :dependencies, default: { rbac: 'UffizziCore::Rbac::UserAccessService', - token_module: 'UffizziCore::TokenService', } mattr_accessor :table_names, default: { accounts: :uffizzi_core_accounts, From 8eddb7465c0b5291a911a9e2fed750934022dead Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 13:13:23 +0200 Subject: [PATCH 04/12] [434] fix getting token --- core/app/controllers/concerns/uffizzi_core/auth_management.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/app/controllers/concerns/uffizzi_core/auth_management.rb b/core/app/controllers/concerns/uffizzi_core/auth_management.rb index ee82cdb0..5c9eaf1f 100644 --- a/core/app/controllers/concerns/uffizzi_core/auth_management.rb +++ b/core/app/controllers/concerns/uffizzi_core/auth_management.rb @@ -26,7 +26,7 @@ def current_user_id return unless auth_token.present? decoded_token = UffizziCore::TokenService.decode(auth_token) - decoded_token&.dig(:user_id) + decoded_token&.first.&dig(:user_id) end def authenticate_request! From 6499976956bae0504f1f5a9d2501d5d5c54f9715 Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 13:16:13 +0200 Subject: [PATCH 05/12] [434] fix getting token --- core/app/controllers/concerns/uffizzi_core/auth_management.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/app/controllers/concerns/uffizzi_core/auth_management.rb b/core/app/controllers/concerns/uffizzi_core/auth_management.rb index 5c9eaf1f..4096545c 100644 --- a/core/app/controllers/concerns/uffizzi_core/auth_management.rb +++ b/core/app/controllers/concerns/uffizzi_core/auth_management.rb @@ -26,7 +26,7 @@ def current_user_id return unless auth_token.present? decoded_token = UffizziCore::TokenService.decode(auth_token) - decoded_token&.first.&dig(:user_id) + decoded_token&.first&.dig('user_id') end def authenticate_request! From b21e61e96c3ee62e8a7f0fdbc70c31ed83f42fde Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 18:59:56 +0200 Subject: [PATCH 06/12] [434] changed the method of getting the auth token --- core/app/controllers/concerns/uffizzi_core/auth_management.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/app/controllers/concerns/uffizzi_core/auth_management.rb b/core/app/controllers/concerns/uffizzi_core/auth_management.rb index 4096545c..12a14881 100644 --- a/core/app/controllers/concerns/uffizzi_core/auth_management.rb +++ b/core/app/controllers/concerns/uffizzi_core/auth_management.rb @@ -18,7 +18,8 @@ def current_user end def auth_token - @auth_token ||= request.headers['Authorization'] + header = request.headers['Authorization'] + header&.split(' ')&.last end def current_user_id From 68f762f8e129dad5a2a55901e14a17238406ddfd Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 19:16:10 +0200 Subject: [PATCH 07/12] [434] handle n+1 queries --- .../controllers/uffizzi_core/api/cli/v1/projects_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb index 32e6db89..365f535c 100644 --- a/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb +++ b/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb @@ -15,7 +15,7 @@ class UffizziCore::Api::Cli::V1::ProjectsController < UffizziCore::Api::Cli::V1: # @response [object> >] 200 OK # @response 401 Not authorized def index - projects = current_user.projects.active.order(updated_at: :desc) + projects = current_user.projects.active.includes([:secrets, :account]).order(updated_at: :desc) respond_with projects, each_serializer: UffizziCore::Api::Cli::V1::ShortProjectSerializer end From 345b4ca26ed91cd3b9e35b4b5554603613d7f5ac Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 23 Jun 2023 19:19:32 +0200 Subject: [PATCH 08/12] [434] removed includes --- .../controllers/uffizzi_core/api/cli/v1/projects_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb index 365f535c..32e6db89 100644 --- a/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb +++ b/core/app/controllers/uffizzi_core/api/cli/v1/projects_controller.rb @@ -15,7 +15,7 @@ class UffizziCore::Api::Cli::V1::ProjectsController < UffizziCore::Api::Cli::V1: # @response [object> >] 200 OK # @response 401 Not authorized def index - projects = current_user.projects.active.includes([:secrets, :account]).order(updated_at: :desc) + projects = current_user.projects.active.order(updated_at: :desc) respond_with projects, each_serializer: UffizziCore::Api::Cli::V1::ShortProjectSerializer end From 21eab9df86d9f52ebb28cf41e89f96f6021aff73 Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Tue, 27 Jun 2023 16:22:07 +0200 Subject: [PATCH 09/12] [434] added account related endpoints --- .../cli/v1/accounts/projects_controller.rb | 8 +++++- .../api/cli/v1/accounts_controller.rb | 25 +++++++++++++++++++ .../api/cli/v1/accounts/projects_policy.rb | 4 +++ .../api/cli/v1/accounts_policy.rb | 11 ++++++++ .../api/cli/v1/account_serializer.rb | 9 +++++++ core/config/routes.rb | 6 +++-- .../v1/accounts/projects_controller_test.rb | 13 ++++++++-- .../api/cli/v1/accounts_controller_test.rb | 24 ++++++++++++++++++ db/seeds.rb | 22 ++++++++++++---- 9 files changed, 112 insertions(+), 10 deletions(-) create mode 100644 core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb create mode 100644 core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb create mode 100644 core/app/serializers/uffizzi_core/api/cli/v1/account_serializer.rb create mode 100644 core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller.rb index 7733a9f9..373b2df1 100644 --- a/core/app/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller.rb +++ b/core/app/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller.rb @@ -5,6 +5,12 @@ class UffizziCore::Api::Cli::V1::Accounts::ProjectsController < UffizziCore::Api::Cli::V1::Accounts::ApplicationController before_action :authorize_uffizzi_core_api_cli_v1_accounts_projects + def index + projects = resource_account.projects.active + + respond_with projects, each_serializer: UffizziCore::Api::Cli::V1::ShortProjectSerializer + end + # Create a project # # @path [POST] /api/cli/v1/accounts/{account_id}/projects @@ -17,7 +23,7 @@ class UffizziCore::Api::Cli::V1::Accounts::ProjectsController < UffizziCore::Api def create project_form = UffizziCore::Api::Cli::V1::Project::CreateForm.new(project_params) - project_form.account = current_user.accounts.find(params[:account_id]) + project_form.account = resource_account UffizziCore::ProjectService.add_users_to_project!(project_form, project_form.account) if project_form.save respond_with project_form diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb new file mode 100644 index 00000000..4c25fbe3 --- /dev/null +++ b/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +# @resource Project + +class UffizziCore::Api::Cli::V1::AccountsController < UffizziCore::Api::Cli::V1::ApplicationController + before_action :authorize_uffizzi_core_api_cli_v1_accounts + + # Get projects of current user + # + # @path [GET] /api/cli/v1/accounts + # + # @response [object> >] 200 OK + # @response 401 Not authorized + def index + accounts = current_user.accounts.order(name: :desc) + + respond_with accounts + end + + def show + account = current_user.accounts.find_by!(name: params[:name]) + + respond_with account + end +end diff --git a/core/app/policies/uffizzi_core/api/cli/v1/accounts/projects_policy.rb b/core/app/policies/uffizzi_core/api/cli/v1/accounts/projects_policy.rb index 49493dd6..fbab78cd 100644 --- a/core/app/policies/uffizzi_core/api/cli/v1/accounts/projects_policy.rb +++ b/core/app/policies/uffizzi_core/api/cli/v1/accounts/projects_policy.rb @@ -1,6 +1,10 @@ # frozen_string_literal: true class UffizziCore::Api::Cli::V1::Accounts::ProjectsPolicy < UffizziCore::ApplicationPolicy + def index? + context.user_access_module.any_access_to_account?(context.user, context.account) + end + def create? context.user_access_module.admin_or_developer_access_to_account?(context.user, context.account) end diff --git a/core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb b/core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb new file mode 100644 index 00000000..238d7ac4 --- /dev/null +++ b/core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class UffizziCore::Api::Cli::V1::AccountsPolicy < UffizziCore::ApplicationPolicy + def index? + context.user.present? + end + + def show? + context.user.present? + end +end diff --git a/core/app/serializers/uffizzi_core/api/cli/v1/account_serializer.rb b/core/app/serializers/uffizzi_core/api/cli/v1/account_serializer.rb new file mode 100644 index 00000000..43dceff8 --- /dev/null +++ b/core/app/serializers/uffizzi_core/api/cli/v1/account_serializer.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class UffizziCore::Api::Cli::V1::AccountSerializer < UffizziCore::BaseSerializer + type :account + + has_many :projects + + attributes :id, :name +end diff --git a/core/config/routes.rb b/core/config/routes.rb index 0f22747c..af1d216e 100644 --- a/core/config/routes.rb +++ b/core/config/routes.rb @@ -41,9 +41,11 @@ resource :session, only: ['create'] end - resources :accounts, only: [] do + resources :accounts, only: ['show'], param: :name + + resources :accounts, only: ['index'] do scope module: :accounts do - resources :projects, only: ['create'] + resources :projects, only: ['index', 'create'] resources :credentials, only: ['index', 'create', 'update', 'destroy'], param: :type do member do get :check_credential diff --git a/core/test/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller_test.rb b/core/test/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller_test.rb index 0232ab06..2468fa8d 100644 --- a/core/test/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller_test.rb +++ b/core/test/controllers/uffizzi_core/api/cli/v1/accounts/projects_controller_test.rb @@ -5,9 +5,18 @@ class UffizziCore::Api::Cli::V1::Accounts::ProjectsControllerTest < ActionController::TestCase setup do @user = create(:user, :with_personal_account) + @account = @user.personal_account sign_in @user end + test '#index' do + create(:project, :with_members, account: @account, members: [@user]) + + get :index, params: { account_id: @account.id }, format: :json + + assert_response(:success) + end + test '#create' do attributes = attributes_for(:project) @@ -17,9 +26,9 @@ class UffizziCore::Api::Cli::V1::Accounts::ProjectsControllerTest < ActionContro } assert_difference differences do - post :create, params: { account_id: @user.personal_account.id, project: attributes }, format: :json + post :create, params: { account_id: @account.id, project: attributes }, format: :json end - assert_response :success + assert_response(:success) end end diff --git a/core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb b/core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb new file mode 100644 index 00000000..81639ba3 --- /dev/null +++ b/core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +require 'test_helper' + +class UffizziCore::Api::Cli::V1::AccountsControllerTest < ActionController::TestCase + setup do + @user = create(:user, :with_personal_account) + sign_in(@user) + end + + test '#index' do + get :index, format: :json + + assert_response(:success) + end + + test '#show' do + account = @user.personal_account + + get :show, params: { name: account.name }, format: :json + + assert_response(:success) + end +end diff --git a/db/seeds.rb b/db/seeds.rb index 81f62cde..47fa1a07 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -7,14 +7,26 @@ creation_source: UffizziCore::User.creation_source.system, ) -account = UffizziCore::Account.create!( +personal_account = UffizziCore::Account.create!( owner: user, - name: 'default', + name: 'personal', state: UffizziCore::Account::STATE_ACTIVE, kind: UffizziCore::Account.kind.personal, ) -user.memberships.create!(account: account, role: UffizziCore::Membership.role.admin) +organizational_account = UffizziCore::Account.create!( + owner: user, + name: 'organizational', + state: UffizziCore::Account::STATE_ACTIVE, + kind: UffizziCore::Account.kind.organizational, +) + +user.memberships.create!(account: personal_account, role: UffizziCore::Membership.role.admin) +user.memberships.create!(account: organizational_account, role: UffizziCore::Membership.role.admin) + +personal_project = personal_account.projects.create!(name: 'default', slug: 'default', state: UffizziCore::Project::STATE_ACTIVE) +personal_project.user_projects.create!(user: user, role: UffizziCore::UserProject.role.admin) -project = account.projects.create!(name: 'default', slug: 'default', state: UffizziCore::Project::STATE_ACTIVE) -project.user_projects.create!(user: user, role: UffizziCore::UserProject.role.admin) +organizational_project = organizational_account.projects.create!(name: 'uffizzi', slug: 'uffizzi', + state: UffizziCore::Project::STATE_ACTIVE) +organizational_project.user_projects.create!(user: user, role: UffizziCore::UserProject.role.admin) From 1766a8f5aa83e795eb0857c8da56ec2960343411 Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Tue, 27 Jun 2023 16:53:48 +0200 Subject: [PATCH 10/12] [434] updated accounts show policy --- .../dependency_injection_concern.rb | 6 ----- .../api/cli/v1/accounts_controller.rb | 26 ++++++++++++++++--- .../api/cli/v1/accounts_policy.rb | 2 +- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb b/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb index a50e26df..5bb75769 100644 --- a/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb +++ b/core/app/controllers/concerns/uffizzi_core/dependency_injection_concern.rb @@ -51,12 +51,6 @@ def domain_module module_class(:domain_module) end - def access_token_module - return unless module_exists?(:token_module) - - module_class(:token_module) - end - private def module_exists?(module_name) diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb index 4c25fbe3..7297cf12 100644 --- a/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb +++ b/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb @@ -5,11 +5,11 @@ class UffizziCore::Api::Cli::V1::AccountsController < UffizziCore::Api::Cli::V1::ApplicationController before_action :authorize_uffizzi_core_api_cli_v1_accounts - # Get projects of current user + # Get accounts of current user # # @path [GET] /api/cli/v1/accounts # - # @response [object> >] 200 OK + # @response [object> >] 200 OK # @response 401 Not authorized def index accounts = current_user.accounts.order(name: :desc) @@ -17,9 +17,27 @@ def index respond_with accounts end + # Get account by name + # + # @path [GET] /api/cli/v1/accounts/{name} + # + # @response [object>>> >] 200 OK + # @response 401 Not authorized def show - account = current_user.accounts.find_by!(name: params[:name]) + raise ActiveRecord::NotFound if resource_account.blank? + + respond_with resource_account + end + + private + + def policy_context + account = resource_account || current_user.default_account + + UffizziCore::AccountContext.new(current_user, user_access_module, account, params) + end - respond_with account + def resource_account + @resource_account ||= current_user.accounts.find_by(name: params[:name]) end end diff --git a/core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb b/core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb index 238d7ac4..c54f7f44 100644 --- a/core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb +++ b/core/app/policies/uffizzi_core/api/cli/v1/accounts_policy.rb @@ -6,6 +6,6 @@ def index? end def show? - context.user.present? + context.user_access_module.any_access_to_account?(context.user, context.account) end end From 00377ddceb60eb047636573aa6ab2098c9807c99 Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Wed, 28 Jun 2023 14:25:15 +0200 Subject: [PATCH 11/12] [434] check token expiration --- .../app/controllers/concerns/uffizzi_core/auth_management.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/app/controllers/concerns/uffizzi_core/auth_management.rb b/core/app/controllers/concerns/uffizzi_core/auth_management.rb index 12a14881..e7b96aa3 100644 --- a/core/app/controllers/concerns/uffizzi_core/auth_management.rb +++ b/core/app/controllers/concerns/uffizzi_core/auth_management.rb @@ -27,7 +27,10 @@ def current_user_id return unless auth_token.present? decoded_token = UffizziCore::TokenService.decode(auth_token) - decoded_token&.first&.dig('user_id') + return unless decoded_token + return if decoded_token.first['expires_at'] < DateTime.now + + decoded_token.first['user_id'] end def authenticate_request! From 46b112338420273dba53f7bb136d517e196e09f8 Mon Sep 17 00:00:00 2001 From: Lidia Mokevnina Date: Fri, 30 Jun 2023 14:33:55 +0200 Subject: [PATCH 12/12] [434] fix error when account not found --- .../uffizzi_core/api/cli/v1/accounts_controller.rb | 8 +++++--- .../uffizzi_core/api/cli/v1/accounts_controller_test.rb | 6 ++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb index 7297cf12..eade1db2 100644 --- a/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb +++ b/core/app/controllers/uffizzi_core/api/cli/v1/accounts_controller.rb @@ -24,8 +24,6 @@ def index # @response [object>>> >] 200 OK # @response 401 Not authorized def show - raise ActiveRecord::NotFound if resource_account.blank? - respond_with resource_account end @@ -38,6 +36,10 @@ def policy_context end def resource_account - @resource_account ||= current_user.accounts.find_by(name: params[:name]) + @resource_account ||= if params[:name] + current_user.accounts.find_by!(name: params[:name]) + else + current_user.default_account + end end end diff --git a/core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb b/core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb index 81639ba3..575db75e 100644 --- a/core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb +++ b/core/test/controllers/uffizzi_core/api/cli/v1/accounts_controller_test.rb @@ -15,10 +15,8 @@ class UffizziCore::Api::Cli::V1::AccountsControllerTest < ActionController::Test end test '#show' do - account = @user.personal_account + get :show, params: { name: 'wrong' }, format: :json - get :show, params: { name: account.name }, format: :json - - assert_response(:success) + assert_response(:not_found) end end