feat: Authenticate by SSO tokens (#1439)

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>
2020-11-25 13:59:38 +05:30
parent cb2a528be6
commit a988724c91
10 changed files with 147 additions and 8 deletions
--- a/spec/controllers/devise/session_controller_spec.rb
+++ b/spec/controllers/devise/session_controller_spec.rb
@@ -30,5 +30,36 @@ RSpec.describe 'Session', type: :request do
        expect(response.body).to include(user.email)
      end
    end
+
+    context 'when it is invalid sso auth token' do
+      let!(:user) { create(:user, password: 'test1234', account: account) }
+
+      it 'returns unauthorized' do
+        params = { email: user.email, sso_auth_token: SecureRandom.hex(32) }
+
+        post new_user_session_url,
+             params: params,
+             as: :json
+        expect(response).to have_http_status(:unauthorized)
+        expect(response.body).to include('Invalid login credentials')
+      end
+    end
+
+    context 'when with valid sso auth token' do
+      let!(:user) { create(:user, password: 'test1234', account: account) }
+
+      it 'returns successful auth response' do
+        params = { email: user.email, sso_auth_token: user.generate_sso_auth_token }
+
+        post new_user_session_url, params: params, as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(response.body).to include(user.email)
+
+        # token won't work on a subsequent request
+        post new_user_session_url, params: params, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
  end
 end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -26,4 +26,25 @@ RSpec.describe User do
    it { expect(user.pubsub_token).not_to eq(nil) }
    it { expect(user.saved_changes.keys).not_to eq('pubsub_token') }
  end
+
+  context 'sso_auth_token' do
+    it 'can generate multiple sso tokens which can be validated' do
+      sso_auth_token1 = user.generate_sso_auth_token
+      sso_auth_token2 = user.generate_sso_auth_token
+      expect(sso_auth_token1).present?
+      expect(sso_auth_token2).present?
+      expect(user.valid_sso_auth_token?(sso_auth_token1)).to eq true
+      expect(user.valid_sso_auth_token?(sso_auth_token2)).to eq true
+    end
+
+    it 'wont validate an invalid token' do
+      expect(user.valid_sso_auth_token?(SecureRandom.hex(32))).to eq false
+    end
+
+    it 'wont validate an invalidated token' do
+      sso_auth_token = user.generate_sso_auth_token
+      user.invalidate_sso_auth_token(sso_auth_token)
+      expect(user.valid_sso_auth_token?(sso_auth_token)).to eq false
+    end
+  end
 end