用户部分完成

app/controllers/application_controller.rb

@@ -3,9 +3,14 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 
-  def current_user
-    @current_user ||= User.find(session[:user_id]) if session[:user_id]
+  def authenticate
+    render status: :unauthorized, nothing: true unless session['user_id']
   end
 
+  private
+    def current_user
+      @current_user ||= User.find(session[:user_id]) if session[:user_id]
+    end
+
   helper_method :current_user
 end

app/controllers/sessions_controller.rb

@@ -1,5 +1,8 @@
 class SessionsController < ApplicationController
 
+  # 除登录之外，其余接口必须在登录状态下访问
+  before_action :authenticate, except: [ :create ]
+
   def create
     user = User.find_by(email: params[:email])
     if user && user.authenticate(params[:password])
@@ -11,8 +14,12 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    session[:user_id] = nil
+    session.delete :user_id
     @current_user &&= nil
     render status: :ok, nothing: true
   end
+
+  def show
+    render 'show'
+  end
 end

app/controllers/users_controller.rb

@@ -1,5 +1,7 @@
 class UsersController < ApplicationController
 
+  before_action :authenticate, except: [ :emailExist, :usernameExist, :create ]
+
   def emailExist
     if checkExist?(:email, params[:email])
       render :text => 'exist'
@@ -26,8 +28,12 @@ class UsersController < ApplicationController
   end
 
   def update
-    @test = 1
-    render 'show.json.jbuilder'
+    @user = current_user
+    if @user.update(user_params)
+      render 'show'
+    else
+      render json:current_user.errors, status: :unprocessable_entity
+    end
   end
 
   private

app/views/sessions/show.json.jbuilder

@@ -0,0 +1 @@
+json.extract! current_user, :id, :name, :email, :created_at

app/views/users/show.json.jbuilder

@@ -1 +1 @@
-json.test @test
+json.extract! @user, :id, :name, :email, :created_at

config/routes.rb

@@ -56,9 +56,10 @@ Rails.application.routes.draw do
 
   get 'users/emailExist' => 'users#emailExist'
   get 'users/usernameExist' => 'users#usernameExist'
-  post 'user/create' => 'users#create'
-  get 'user/update' => 'users#update'
+  post 'users' => 'users#create'
+  patch 'user/current' => 'users#update'
 
-  post 'sessions/create' => 'sessions#create'
+  post 'sessions' => 'sessions#create'
   delete 'session' => 'sessions#destroy'
+  get 'session' => 'sessions#show'
 end

spec/controllers/sessions_controller_spec.rb

@@ -67,5 +67,34 @@ RSpec.describe SessionsController, type: :controller do
       delete :destroy
       expect(controller.session[:user_id].nil?).to be true
     end
+
+    it 'should return 401 without login' do
+      delete :destroy
+      expect(response).to have_http_status :unauthorized
+    end
+  end
+
+  describe 'GET #show' do
+
+    context 'after login' do
+      before :each do
+        post :create, email:@user1.email, password: @user1.password
+        get :show, format: 'json'
+      end
+
+      it 'should render show template' do
+        expect(response).to render_template 'show'
+      end
+
+      it 'should return user in json' do
+        userInfo = assigns[:current_user]
+        expect(userInfo.id).to eq @user1.id
+      end
+    end
+
+    it 'should renturn 401 without login' do
+      get :show, format: 'json'
+      expect(response).to have_http_status :unauthorized
+    end
   end
 end

spec/controllers/users_controller_spec.rb

@@ -2,6 +2,7 @@ require 'rails_helper'
 
 RSpec.describe UsersController, type: :controller do
   let(:user) { build(:user_with_sequence_number) }
+  let(:user_with_fixed_info){ create(:user)}
   let(:valid_attributes){ attributes_for(:user) }
   let(:invalid_attributes){ attributes_for(:user, email: nil, name: 'username2000') }
 
@@ -99,4 +100,51 @@ RSpec.describe UsersController, type: :controller do
       end
     end
   end
+
+  describe 'PATCH #update' do
+
+    context 'with valid attributes' do
+
+      before :each do
+        # 假设已经登录了
+        allow(controller).to receive(:authenticate){ true }
+        allow(controller).to receive(:current_user).and_return(User.find user_with_fixed_info.id)
+        patch :update, user: valid_attributes, format: 'json'
+      end
+
+      it 'should located current user' do
+        expect(assigns[:user]).to eq user_with_fixed_info
+      end
+
+      it 'should render show' do
+        expect(response).to render_template 'show'
+      end
+
+    end
+
+    context 'with invalid attributes' do
+      before :each do
+        # 假设已经登录了
+        allow(controller).to receive(:authenticate){ true }
+        allow(controller).to receive(:current_user).and_return(User.find user_with_fixed_info.id)
+        patch :update, user: invalid_attributes, format: 'json'
+      end
+
+      it 'does not change current user' do
+        expect(assigns[:user]).to eq user_with_fixed_info
+      end
+
+      it 'should return error messages and error status' do
+        error_message = JSON.parse response.body
+        expect(error_message['email'].nil?).to be false
+        expect(error_message['email']).not_to be_empty
+      end
+
+    end
+
+    it 'should login first' do
+      patch :update, user:valid_attributes, format: 'json'
+      expect(response).to have_http_status :unauthorized
+    end
+  end
 end

spec/spec_helper.rb

@@ -125,7 +125,13 @@ RSpec.configure do |config|
   config.after(:each) do
       DatabaseCleaner.clean
   end
-  
+
+  # 使rsepc测试中可以获取jbuilder的结果
+  config.render_views = true
+
+  # 在rspec中可以使用url_helper
+  config.include Rails.application.routes.url_helpers
+
   # Include Factory Girl syntax to simplify calls to factories
   config.include FactoryGirl::Syntax::Methods