diff --git a/app/assets/javascripts/sessions.coffee b/app/assets/javascripts/sessions.coffee new file mode 100644 index 0000000..24f83d1 --- /dev/null +++ b/app/assets/javascripts/sessions.coffee @@ -0,0 +1,3 @@ +# Place all the behaviors and hooks related to the matching controller here. +# All this logic will automatically be available in application.js. +# You can use CoffeeScript in this file: http://coffeescript.org/ diff --git a/app/assets/javascripts/users.coffee b/app/assets/javascripts/users.coffee new file mode 100644 index 0000000..24f83d1 --- /dev/null +++ b/app/assets/javascripts/users.coffee @@ -0,0 +1,3 @@ +# Place all the behaviors and hooks related to the matching controller here. +# All this logic will automatically be available in application.js. +# You can use CoffeeScript in this file: http://coffeescript.org/ diff --git a/app/assets/stylesheets/sessions.scss b/app/assets/stylesheets/sessions.scss new file mode 100644 index 0000000..ccb1ed2 --- /dev/null +++ b/app/assets/stylesheets/sessions.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the Sessions controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/assets/stylesheets/users.scss b/app/assets/stylesheets/users.scss new file mode 100644 index 0000000..31a2eac --- /dev/null +++ b/app/assets/stylesheets/users.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the Users controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d83690e..45d1ec4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,4 +2,10 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end + + helper_method :current_user end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb new file mode 100644 index 0000000..dc24b30 --- /dev/null +++ b/app/controllers/sessions_controller.rb @@ -0,0 +1,18 @@ +class SessionsController < ApplicationController + + def create + user = User.find_by(email: params[:email]) + if user && user.authenticate(params[:password]) + session[:user_id] = user.id + render status: :ok, text: 'login success' + else + render status: :ok, text: 'account or password is not correct' + end + end + + def destroy + session[:user_id] = nil + @current_user &&= nil + render status: :ok, nothing: true + end +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb new file mode 100644 index 0000000..92c43a4 --- /dev/null +++ b/app/controllers/users_controller.rb @@ -0,0 +1,41 @@ +class UsersController < ApplicationController + + def emailExist + if checkExist?(:email, params[:email]) + render :text => 'exist' + else + render :text => 'not exist' + end + end + + def usernameExist + if checkExist?(:name, params[:username]) + render :text => 'exist' + else + render :text => 'not exist' + end + end + + def create + @user = User.new(user_params) + if @user.save + render status: :created, nothing: true + else + render json: @user.errors, status: :unprocessable_entity + end + end + + def update + @test = 1 + render 'show.json.jbuilder' + end + + private + def checkExist?(field_name, value) + User.exists?(field_name => value) + end + + def user_params + params.require(:user).permit(:name, :password, :password_confirmation, :email) + end +end diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb new file mode 100644 index 0000000..309f8b2 --- /dev/null +++ b/app/helpers/sessions_helper.rb @@ -0,0 +1,2 @@ +module SessionsHelper +end diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb new file mode 100644 index 0000000..2310a24 --- /dev/null +++ b/app/helpers/users_helper.rb @@ -0,0 +1,2 @@ +module UsersHelper +end diff --git a/app/views/users/show.json.jbuilder b/app/views/users/show.json.jbuilder new file mode 100644 index 0000000..dfd0400 --- /dev/null +++ b/app/views/users/show.json.jbuilder @@ -0,0 +1 @@ +json.test @test \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 3f66539..3db3441 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -53,4 +53,12 @@ Rails.application.routes.draw do # # (app/controllers/admin/products_controller.rb) # resources :products # end + + get 'users/emailExist' => 'users#emailExist' + get 'users/usernameExist' => 'users#usernameExist' + post 'user/create' => 'users#create' + get 'user/update' => 'users#update' + + post 'sessions/create' => 'sessions#create' + delete 'session' => 'sessions#destroy' end diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb new file mode 100644 index 0000000..a5835b2 --- /dev/null +++ b/spec/controllers/sessions_controller_spec.rb @@ -0,0 +1,71 @@ +require 'rails_helper' + +RSpec.describe SessionsController, type: :controller do + + before :each do + @user1 = create(:user) + end + + describe 'POST #create' do + + # 合法流程校验 + context 'with legal account' do + + before :each do + post :create, email: @user1.email, password: @user1.password + end + + it 'should get correct email and password' do + actual_email = @user1.email + actual_password = @user1.password + expect(controller.params[:email]).to eq(actual_email) + expect(controller.params[:password]).to eq(actual_password) + end + + it 'should authenticate success' do + expect(controller.session[:user_id]).to eq @user1.id + end + + it 'should get ok and text: login success' do + expect(response).to have_http_status :ok + expect(response.body).to eq 'login success' + end + end + + # 非法参数测试 + context 'with illegal account' do + + before :each do + post :create, email: @user1.email, password: 'wrong_password' + end + + it 'does not authenticate success' do + expect(controller.session[:user_id].nil?).to be true + end + + it 'return with 200 and text: account or password is not correct' do + expect(response).to have_http_status :ok + expect(response.body).to eq 'account or password is not correct' + end + + it 'should not raise error without param email or password' do + expect { + post :create, email: @user1.email + }.not_to raise_error + expect { + post :create, password: 'wrong_password' + }.not_to raise_error + end + + end + end + + describe 'DELETE #destroy' do + it 'should destroy user id in session' do + post :create, email:@user1.email, password: @user1.password + expect(controller.session[:user_id].nil?).to be false + delete :destroy + expect(controller.session[:user_id].nil?).to be true + end + end +end diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb new file mode 100644 index 0000000..48d2a89 --- /dev/null +++ b/spec/controllers/users_controller_spec.rb @@ -0,0 +1,102 @@ +require 'rails_helper' + +RSpec.describe UsersController, type: :controller do + let(:user) { build(:user_with_sequence_number) } + let(:valid_attributes){ attributes_for(:user) } + let(:invalid_attributes){ attributes_for(:user, email: nil, name: 'username2000') } + + describe 'GET #emailExist' do + it 'valid email' do + get :emailExist, email: user.email + expect(response.body).to eq 'not exist' + end + + it 'duplicated email' do + user = create(:user_with_sequence_number) + get :emailExist, email: user.email + expect(response.body).to eq 'exist' + end + + it 'should not throw exception with no email param' do + get :emailExist # 不会失败,则证明没有异常 + get :emailExist, other_param: 'test' + end + end + + describe 'GET #usernameExist' do + it 'valid username' do + get :usernameExist, username: user.name + expect(response.body).to eq 'not exist' + end + + it 'duplicated username' do + user = create(:user_with_sequence_number) + get :usernameExist, username: user.name + expect(response.body).to eq 'exist' + end + + it 'should not throw exception with no username param' do + get :usernameExist + get :usernameExist, other_param: 'test' + end + end + + describe 'POST #create' do + context 'success with valid attributes' do + before :each do + post :create, user: valid_attributes + end + + it 'should create user' do + expect(User.exists?(assigns[:user].id)).to be true + end + + it 'should response with 201' do + expect(response).to have_http_status :created + end + + end + + context 'fail with invalid attributes' do + # 已经在model测试中充分验证校对条件,所以这里只对使用电子邮箱为空的非法条件 + before :each do + post :create, user: invalid_attributes + end + + it 'does not save the new user' do + expect(User.exists? name: 'username2000').to be false + end + + it 'should return errors' do + error_message = JSON.parse response.body + expect(error_message['email'].nil?).to be false + expect(error_message['email']).not_to be_empty + end + end + + context 'deal with params more or less than required' do + + let(:data_to_send) { { :name => 'username', :email => '1261138729@qq.com', + :password => 'secret', :password_confirmation => 'secret', + :more_field => 'test'} } + + it 'should throw exception without param[:user]' do + expect { + post :create + }.to raise_error ActionController::ParameterMissing + end + + it 'should not throw exception' do + expect { + post :create, user: data_to_send, other_param: 'test' + }.to_not raise_error + end + + it 'should not accept other params' do + post :create, user: data_to_send + user = assigns(:user) + expect(user.has_attribute? :more_field).to eq false + end + end + end +end diff --git a/spec/factories/projects.rb b/spec/factories/projects.rb index 0e3486c..bb517eb 100644 --- a/spec/factories/projects.rb +++ b/spec/factories/projects.rb @@ -1,3 +1,4 @@ +require 'faker' FactoryGirl.define do factory :project do name { Faker::Name.title } diff --git a/spec/factories/users.rb b/spec/factories/users.rb index 641503b..b8e9ecc 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -1,3 +1,4 @@ +require 'faker' FactoryGirl.define do factory :user do name { Faker::Name.name }