[API] Commenting through a token (#1513)

* Start working on a function to add commenting feature through a token * Add authorization * Avoid ruby hash rocket syntax * Facepalm * Start working on a private function for adding comments * Finalize the original function using the private helper * Make comment_by_token method using the private function * Move CommentError and create_comment to CommentHelper * Write first functional test; Introduce wierd 406 error * Fix 406 issue * Add second test and improve responses * Fix test names * Add test for invalid comment * Add recommendations
publiclab · Jul 11, 2017 · c74f950 · c74f950
1 parent 157f93b
commit c74f950
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 6 deletions.
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
@@ -1,4 +1,6 @@
 class CommentController < ApplicationController
+  include CommentHelper
+
   respond_to :html, :xml, :json
   before_filter :require_user, only: %i[create update delete]
 
@@ -12,9 +14,11 @@ def index
   # create node comments
   def create
     @node = Node.find params[:id]
-    @comment = @node.add_comment(uid: current_user.uid, body: params[:body])
-    if current_user && @comment.save
-      @comment.notify(current_user)
+    @body = params[:body]
+    @user = current_user
+
+    begin
+      @comment = create_comment(@node, @user, @body)
       respond_with do |format|
         if params[:type] && params[:type] == 'question'
           @answer_id = 0
@@ -30,12 +34,39 @@ def create
           end
         end
       end
-    else
+    rescue CommentError
       flash[:error] = 'The comment could not be saved.'
       render text: 'failure'
     end
   end
 
+  def create_by_token
+    @node = Node.find params[:id]
+    @user = User.find_by_username params[:username]
+    @body = params[:body]
+    @token = request.env['rack.session']['token']
+
+    if @user && @user.token == @token
+      begin
+        # The create_comment is a function that has been defined inside the
+        # CommentHelper module inside app/helpers/comment_helper.rb and can be
+        # used in here because the module was `include`d right at the beginning
+        @comment = create_comment(@node, @user, @body)
+        respond_to do |format|
+          format.all { render :nothing => true, :status => :created }
+        end
+      rescue CommentError
+        respond_to do |format|
+          format.all { render :nothing => true, :status => :bad_request }
+        end
+      end
+    else
+      respond_to do |format|
+        format.all { render :nothing => true, :status => :unauthorized }
+      end
+    end
+  end
+
   # create answer comments
   def answer_create
     @answer_id = params[:aid]

diff --git a/app/helpers/comment_helper.rb b/app/helpers/comment_helper.rb
@@ -0,0 +1,14 @@
+module CommentHelper
+  class CommentError < ArgumentError
+  end
+
+  def create_comment(node, user, body)
+    @comment = node.add_comment(uid: user.uid, body: body)
+    if user && @comment.save
+      @comment.notify user
+      return @comment
+    else
+      raise CommentError.new()
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -3,13 +3,15 @@
   mount JasmineRails::Engine => '/specs' if defined?(JasmineRails)
   mount JasmineFixtureServer => '/spec/javascripts/fixtures' if defined?(Jasmine::Jquery::Rails::Engine)
 
+  # Manually written API functions
+  post '/comment/create/token/id.:format', to: 'comment#create_by_token'
+
   #Search RESTful endpoints
   #constraints(subdomain: 'api') do
   mount Srch::API => '/api'
   mount GrapeSwaggerRails::Engine => '/api/d1ocs'
   #end
 
-
   resources :rusers
   resources :user_sessions
   resources :images

diff --git a/test/functional/comment_controller_test.rb b/test/functional/comment_controller_test.rb
@@ -53,7 +53,7 @@ def teardown
     end
     assert_response :success
     assert_not_nil :comment
-    #assert_template partial: 'wiki/_comment' 
+    #assert_template partial: 'wiki/_comment'
     #should uncomment above once comment displaying partial is implemented for wikis.
   end
 
@@ -251,4 +251,53 @@ def teardown
     assert ActionMailer::Base.deliveries.collect(&:to).include?([rusers(:moderator).email])
     # tag followers can be found in tag_selection.yml
   end
+
+  test 'should not post comment through invalid token successfully' do
+    @params = {
+      id: 1,
+      body: 'Test Comment',
+      username: 'Bob',
+      format: 'json'
+    }
+
+    @headers = {
+      'token' => 'invalid-token'
+    }
+
+    post :create_by_token, @params, @headers
+    assert_response :unauthorized
+  end
+
+  test 'should not post an invalid comment successfully' do
+    @params = {
+      id: 1,
+      body: '',
+      username: 'Bob',
+      format: 'json'
+    }
+
+    @headers = {
+      'token' => 'abcdefg12345'
+    }
+
+    post :create_by_token, @params, @headers
+    assert_response :bad_request
+  end
+
+  test 'should post comment through valid token successfully' do
+    @params = {
+      id: 1,
+      body: 'Test Comment',
+      username: 'Bob',
+      format: 'json'
+    }
+
+    @headers = {
+      'token' => 'abcdefg12345'
+    }
+
+    post :create_by_token, @params, @headers
+    assert_response :success
+  end
+
 end