Secret Tokens, Device destroy action

2014-05-16 07:05:20 -07:00 · 2014-05-16 07:05:20 -07:00 · 116f640c35
parent 14d7d3e16b
commit 116f640c35
5 changed files with 39 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
+config/initializers/secret_token.rb
 *.gem
 *.rbc
 .bundle
--- a/app/controllers/api/devices_controller.rb
+++ b/app/controllers/api/devices_controller.rb
@ -1,4 +1,6 @@
 class Api::DevicesController < ApplicationController
+  respond_to :json
+
  before_action :ensure_logged_in

  def index
@ -6,6 +8,16 @@ class Api::DevicesController < ApplicationController
    render json: @devices
  end

+  def destroy
+    @device = Device.find(params[:id])
+    ensure_device_ownership
+    if @device.destroy
+      render nothing: true, status: :unauthorized
+    else
+      render @device.errors, status: :unprocessable_entity
+    end
+  end
+
  # def create # Not yet implemented - sit tight. Coming soon!
  #   @device = Device.new(device_params)
  #   if @device.save
@ -27,4 +39,11 @@ private
      render nothing: true, :status => :unauthorized
    end
  end
+
+  def ensure_device_ownership
+    if @device.user == current_user
+      render nothing: true, :status => :unauthorized
+    end
+  end
+
 end
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -4,8 +4,12 @@ Devise.setup do |config|
  # The secret key used by Devise. Devise uses this key to generate
  # random tokens. Changing this key will render invalid all existing
  # confirmation, reset password and unlock tokens in the database.
-  # config.secret_key = '8724ed1027eb2d2686a425033671014691e16d86de126d5a39a2106b900392c309d5facd9c8c89740d5e0a50862941e0c2aa3794c4588bebfd2d7e10da1be670'
-
+  if Rails.env == 'production'
+    config.secret_key = ENV['devise_secret']
+  else
+    config.secret_key = '8724ed1027eb2d2686a425033671014691e16d86de126d5a39a21'\
+   '06b900392c309d5facd9c8c89740d5e0a50862941e0c2aa3794c4588bebfd2d7e10da1be670'
+  end
  # ==> Mailer Configuration
  # Configure the e-mail address which will be shown in Devise::Mailer,
  # note that it will be overwritten if you use your own mailer class
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@ -9,4 +9,12 @@

 # Make sure your secret_key_base is kept private
 # if you're sharing your code publicly.
-Dss::Application.config.secret_key_base = '452b4491c1cdd7315a0d787be2f7668ea8307a64733488151a43b62bdd76a6eb819cf973a9261b1500ef5745faf54171c7015f5ab7fd43449a5e06e6c1215e4e'
+if Rails.env == 'production'
+  Dss::Application.config.secret_key_base = ENV['secret_key_base']
+else
+  # Going to keep a hard coded one here to make life easy for folks who want to
+  # run it in development / submit PRs. Less config. RC.
+  Dss::Application.config.secret_key_base = '452b4491c1cdd7315a0d787be2f7668ea'\
+  '8307a64733488151a43b62bdd76a6eb819cf973a9261b1500ef5745faf54171c7015f5ab7fd'\
+  '43449a5e06e6c1215e4e'
+end
--- a/spec/factories/devices.rb
+++ b/spec/factories/devices.rb
@ -1,6 +1,10 @@
 # Read about factories at https://github.com/thoughtbot/factory_girl
+require 'securerandom'

 FactoryGirl.define do
  factory :device do
+    name  Faker::Internet.user_name
+    uuid  SecureRandom.uuid
+    token SecureRandom.urlsafe_base64
  end
 end