Commit 9aafe77e authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

I want be able to get token via api. Used for mobile applications

parent 37817cc3
...@@ -30,6 +30,7 @@ When listing resources you can pass the following parameters: ...@@ -30,6 +30,7 @@ When listing resources you can pass the following parameters:
## Contents ## Contents
+ [Users](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/users.md) + [Users](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/users.md)
+ [Session](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/session.md)
+ [Projects](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/projects.md) + [Projects](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/projects.md)
+ [Snippets](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/snippets.md) + [Snippets](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/snippets.md)
+ [Issues](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/issues.md) + [Issues](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/issues.md)
......
Login to get private token
```
POST /session
```
Parameters:
+ `email` (required) - The email of user
+ `password` (required) - Valid password
```json
{
"id": 1,
"email": "john@example.com",
"name": "John Smith",
"private_token": "dd34asd13as",
"created_at": "2012-05-23T08:00:58Z",
"blocked": true
}
```
...@@ -18,5 +18,6 @@ module Gitlab ...@@ -18,5 +18,6 @@ module Gitlab
mount Issues mount Issues
mount Milestones mount Milestones
mount Keys mount Keys
mount Session
end end
end end
...@@ -9,6 +9,10 @@ module Gitlab ...@@ -9,6 +9,10 @@ module Gitlab
expose :id, :email, :name, :blocked, :created_at expose :id, :email, :name, :blocked, :created_at
end end
class UserLogin < Grape::Entity
expose :id, :email, :name, :private_token, :blocked, :created_at
end
class Hook < Grape::Entity class Hook < Grape::Entity
expose :id, :url expose :id, :url
end end
......
module Gitlab
# Users API
class Session < Grape::API
# Login to get token
#
# Example Request:
# POST /session
post "/session" do
resource = User.find_for_database_authentication(email: params[:email])
return forbidden! unless resource
if resource.valid_password?(params[:password])
present resource, with: Entities::UserLogin
else
forbidden!
end
end
end
end
require 'spec_helper'
describe Gitlab::API do
include ApiHelpers
let(:user) { Factory :user }
describe "POST /session" do
context "when valid password" do
it "should return private token" do
post api("/session"), email: user.email, password: '123456'
response.status.should == 201
json_response['email'].should == user.email
json_response['private_token'].should == user.private_token
end
end
context "when invalid password" do
it "should return authentication error" do
post api("/session"), email: user.email, password: '123'
response.status.should == 403
json_response['email'].should be_nil
json_response['private_token'].should be_nil
end
end
context "when empty password" do
it "should return authentication error" do
post api("/session"), email: user.email
response.status.should == 403
json_response['email'].should be_nil
json_response['private_token'].should be_nil
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment