I want be able to get token via api. Used for mobile applications

author: Dmitriy Zaporozhets <dzaporozhets@sphereconsultinginc.com> 2012-09-20 17:44:44 +0300
committer: Dmitriy Zaporozhets <dzaporozhets@sphereconsultinginc.com> 2012-09-20 17:45:07 +0300
commit: 9aafe77e708174aac697a8dcafc99b90e96be36e (patch)
tree: cb22fddcf3feeefb381a3ded1407ef11767395b5
parent: 37817cc31d890f1e79b31ae3d625fbace672451e (diff)
download: gitlab-ce-9aafe77e708174aac697a8dcafc99b90e96be36e.tar.gz
6 files changed, 90 insertions, 2 deletions
diff --git a/doc/api/README.md b/doc/api/README.md
index 9741072c095..443ec7bf1ca 100644
--- a/doc/api/README.md
+++ b/doc/api/README.md
@@ -30,6 +30,7 @@ When listing resources you can pass the following parameters:
 ## Contents
 
 + [Users](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/users.md)
++ [Session](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/session.md)
 + [Projects](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/projects.md)
 + [Snippets](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/snippets.md)
 + [Issues](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/issues.md)
diff --git a/doc/api/session.md b/doc/api/session.md
new file mode 100644
index 00000000000..9fdbeb439a4
--- /dev/null
+++ b/doc/api/session.md
@@ -0,0 +1,22 @@
+Login to get private token
+
+```
+POST /session
+```
+
+Parameters:
+
++ `email` (required) - The email of user
++ `password` (required) - Valid password
+
+
+```json
+{
+  "id": 1,
+  "email": "john@example.com",
+  "name": "John Smith",
+  "private_token": "dd34asd13as",
+  "created_at": "2012-05-23T08:00:58Z",
+  "blocked": true
+}
+```
diff --git a/lib/api.rb b/lib/api.rb
index 37e03849b96..3b62f31bf32 100644
--- a/lib/api.rb
+++ b/lib/api.rb
@@ -18,5 +18,6 @@ module Gitlab
     mount Issues
     mount Milestones
     mount Keys
+    mount Session
   end
 end
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 6241fc8f187..5d8cc2765b1 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -9,6 +9,10 @@ module Gitlab
       expose :id, :email, :name, :blocked, :created_at
     end
 
+    class UserLogin < Grape::Entity
+      expose :id, :email, :name, :private_token, :blocked, :created_at
+    end
+
     class Hook < Grape::Entity
       expose :id, :url
     end
@@ -52,8 +56,8 @@ module Gitlab
     end
 
     class Key < Grape::Entity
-      expose  :id, 
-              :title, 
+      expose  :id,
+              :title,
               :key
     end
   end
diff --git a/lib/api/session.rb b/lib/api/session.rb
new file mode 100644
index 00000000000..5bcdf93abe9
--- /dev/null
+++ b/lib/api/session.rb
@@ -0,0 +1,21 @@
+module Gitlab
+  # Users API
+  class Session < Grape::API
+    # Login to get token
+    #
+    # Example Request:
+    #  POST /session
+    post "/session" do
+      resource = User.find_for_database_authentication(email: params[:email])
+
+      return forbidden! unless resource
+
+      if resource.valid_password?(params[:password])
+        present resource, with: Entities::UserLogin
+      else
+        forbidden!
+      end
+    end
+  end
+end
+
diff --git a/spec/requests/api/session_spec.rb b/spec/requests/api/session_spec.rb
new file mode 100644
index 00000000000..0809475be81
--- /dev/null
+++ b/spec/requests/api/session_spec.rb
@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe Gitlab::API do
+  include ApiHelpers
+
+  let(:user) { Factory :user }
+
+  describe "POST /session" do
+    context "when valid password" do
+      it "should return private token" do
+        post api("/session"), email: user.email, password: '123456'
+        response.status.should == 201
+
+        json_response['email'].should == user.email
+        json_response['private_token'].should == user.private_token
+      end
+    end
+
+    context "when invalid password" do
+      it "should return authentication error" do
+        post api("/session"), email: user.email, password: '123'
+        response.status.should == 403
+
+        json_response['email'].should be_nil
+        json_response['private_token'].should be_nil
+      end
+    end
+
+    context "when empty password" do
+      it "should return authentication error" do
+        post api("/session"), email: user.email
+        response.status.should == 403
+
+        json_response['email'].should be_nil
+        json_response['private_token'].should be_nil
+      end
+    end
+  end
+end
author	Dmitriy Zaporozhets <dzaporozhets@sphereconsultinginc.com>	2012-09-20 17:44:44 +0300
committer	Dmitriy Zaporozhets <dzaporozhets@sphereconsultinginc.com>	2012-09-20 17:45:07 +0300
commit	9aafe77e708174aac697a8dcafc99b90e96be36e (patch)
tree	cb22fddcf3feeefb381a3ded1407ef11767395b5
parent	37817cc31d890f1e79b31ae3d625fbace672451e (diff)
download	gitlab-ce-9aafe77e708174aac697a8dcafc99b90e96be36e.tar.gz