From 0a0fed78b7ffcd0b50f3c7003ede894bdc3766ab Mon Sep 17 00:00:00 2001
From: fauno <fauno@partidopirata.com.ar>
Date: Sat, 6 Apr 2019 16:45:07 -0300
Subject: [PATCH] http basic auth + posiciones

---
 app/controllers/application_controller.rb     | 25 ++++++++++++++++
 app/controllers/consensos_controller.rb       | 15 ++++++----
 app/controllers/posiciones_controller.rb      | 14 ++++++---
 app/views/posiciones/create.json.jbuilder     |  4 +++
 test/controllers/consensos_controller_test.rb | 18 +++++++----
 .../controllers/posiciones_controller_test.rb | 30 +++++++++++++++++--
 6 files changed, 89 insertions(+), 17 deletions(-)
 create mode 100644 app/views/posiciones/create.json.jbuilder

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 13c271f..5aa1baf 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,29 @@
 # frozen_string_literal: true
 
+# El controlador desde el que descienden todos los controladores
 class ApplicationController < ActionController::API
+  # authenticate! obtiene la pirata a partir de los datos de
+  # autenticacion y la pone en este atributo
+  attr_reader :current_pirata
+
+  # Vamos a usar HTTP Basic Auth
+  include ActionController::HttpAuthentication::Basic::ControllerMethods
+
+  private
+
+  # Autenticar a la pirata usando HTTP Basic Auth
+  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
+  def authenticate!
+    @current_pirata ||= authenticate_with_http_basic do |email, password|
+      pirata = Pirata.find_by_email(email)
+
+      if pirata&.authenticate(password)
+        session[:pirata_id] = pirata.id
+        pirata
+      end
+    end
+
+    # Si no la encuentra, no nos deja hacer nada
+    render(json: {}, status: :forbidden) unless current_pirata
+  end
 end
diff --git a/app/controllers/consensos_controller.rb b/app/controllers/consensos_controller.rb
index f188d52..2cb98a0 100644
--- a/app/controllers/consensos_controller.rb
+++ b/app/controllers/consensos_controller.rb
@@ -2,6 +2,8 @@
 
 # Consensos
 class ConsensosController < ApplicationController
+  before_action :authenticate!
+
   # Podemos ver todos los consensos
   def index
     @consensos = Consenso.all.order(:created_at, :desc)
@@ -17,11 +19,14 @@ class ConsensosController < ApplicationController
 
   # Podemos crear uno
   def create
-    @consenso = Consenso.new(params.require(:consenso).permit(:titulo, :texto))
+    @consenso = current_pirata.consensos
+                              .new(params.require(:consenso).permit(:titulo, :texto))
 
-    return if @consenso.save
-
-    render json: { errors: @consenso.errors.full_messages },
-           status: :unprocessable_entity
+    if @consenso.save
+      render status: :created
+    else
+      render json: { errors: @consenso.errors.full_messages },
+             status: :unprocessable_entity
+    end
   end
 end
diff --git a/app/controllers/posiciones_controller.rb b/app/controllers/posiciones_controller.rb
index 4805acf..4fb0d2d 100644
--- a/app/controllers/posiciones_controller.rb
+++ b/app/controllers/posiciones_controller.rb
@@ -2,13 +2,19 @@
 
 # Las posiciones solo se pueden agregar a su consenso
 class PosicionesController < ApplicationController
+  before_action :authenticate!
+
   def create
     @consenso = Consenso.find(params[:consenso_id])
-    @posicion = consenso.try(:posiciones).try(:build, posicion_params)
+    @posicion = @consenso.try(:posiciones).try(:build, posicion_params)
+    @posicion.try(:pirata=, current_pirata)
 
-    return if @posicion.try(:save)
-
-    render json: {}, status: :not_found
+    if @posicion.try(:save)
+      render status: :created
+    else
+      render json: @posicion.try(:errors).try(:full_messages),
+             status: :unprocessable_entity
+    end
   end
 
   private
diff --git a/app/views/posiciones/create.json.jbuilder b/app/views/posiciones/create.json.jbuilder
new file mode 100644
index 0000000..54a3361
--- /dev/null
+++ b/app/views/posiciones/create.json.jbuilder
@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+json.call(@posicion, :id, :created_at, :pirata_id, :consenso_id, :estado,
+          :comentario)
diff --git a/test/controllers/consensos_controller_test.rb b/test/controllers/consensos_controller_test.rb
index 4643d02..88d9cf1 100644
--- a/test/controllers/consensos_controller_test.rb
+++ b/test/controllers/consensos_controller_test.rb
@@ -1,34 +1,42 @@
 # frozen_string_literal: true
 
-require 'test_helper'
-
 class ConsensosControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @pirata = create :pirata
+    @auth = { Authorization: ActionController::HttpAuthentication::Basic
+            .encode_credentials(@pirata.email, @pirata.password) }
+  end
+
   test 'se pueden mostrar' do
     2.times { create :consenso }
 
-    get consensos_url, as: :json
+    get consensos_url, as: :json, headers: @auth
     body = JSON.parse(@response.body)
 
+    assert_equal 200, @response.status
     assert_equal 2, body['consensos'].size
   end
 
   test 'se puede ver uno solo' do
     consenso = create :consenso
 
-    get consenso_url(consenso), as: :json
+    get consenso_url(consenso), as: :json, headers: @auth
     body = JSON.parse(@response.body)
 
+    assert_equal 200, @response.status
     assert_equal consenso.titulo, body['titulo']
   end
 
   test 'se pueden crear' do
-    post consensos_url, as: :json, params: {
+    post consensos_url, as: :json, headers: @auth, params: {
       consenso: {
         titulo: 'hola',
         texto: 'chau'
       }
     }
 
+    assert_equal 201, @response.status
+
     body = JSON.parse(@response.body)
     consenso = Consenso.find(body['id'])
 
diff --git a/test/controllers/posiciones_controller_test.rb b/test/controllers/posiciones_controller_test.rb
index 4c12fbb..1bd0de3 100644
--- a/test/controllers/posiciones_controller_test.rb
+++ b/test/controllers/posiciones_controller_test.rb
@@ -3,7 +3,31 @@
 require 'test_helper'
 
 class PosicionesControllerTest < ActionDispatch::IntegrationTest
-  # test "the truth" do
-  #   assert true
-  # end
+  setup do
+    @pirata = create :pirata
+    @auth = { Authorization: ActionController::HttpAuthentication::Basic
+            .encode_credentials(@pirata.email, @pirata.password) }
+  end
+
+  test 'se pueden crear' do
+    consenso = create :consenso
+    estado = Posicion::ESTADOS.sample
+
+    post consenso_posiciones_url(consenso), as: :json, headers: @auth,
+                                            params: {
+                                              posicion: {
+                                                estado: estado,
+                                                comentario: 'porque me place'
+                                              }
+                                            }
+
+    assert_equal 201, @response.status
+
+    body = JSON.parse(@response.body)
+    posicion = Posicion.find(body['id'])
+
+    assert_equal estado, posicion.estado
+    assert_equal consenso, posicion.consenso
+    assert_equal 'porque me place', posicion.comentario
+  end
 end