Merge pull request #72 from bengler/feature/add-fingerprints

Feature/add fingerprints

api/v1/fingerprints.rb

@@ -15,4 +15,27 @@ class CheckpointV1 < Sinatra::Base
       where(["fingerprints @@ ?", fingerprints.split(',').join('|')])
     pg :identities, :locals => { :identities => identities }
   end
+
+  # @apidoc
+  # Post a new fingerprint to an identity
+  #
+  # @category Checkpoint/Fingerprints
+  # @path /api/checkpoint/v1/identities/:identity_id/fingerprints
+  # @example /api/checkpoint/v1/identities/1337/fingerprints
+  # @http POST
+  # @required [Array] fingerprints An array of strings to add as fingerprints
+  # @status 200 [JSON] The identity object containing the complete list of fingerprints, including the newly added ones
+
+  post '/identities/:identity_id/fingerprints' do |identity_id|
+    require_god
+
+    identity = Identity.find(identity_id)
+
+    unless current_identity.realm.id == identity.realm.id
+      halt 403, 'You must be god in the same realm as the identity you are adding fingerprints to' 
+    end  
+
+    identity.add_fingerprints!(request['fingerprints'])
+    pg :identity, :locals => { :identity => identity }
+  end
 end

lib/checkpoint/models/identity.rb

@@ -112,10 +112,14 @@ def invalidate_cache
     $memcached.delete(self.cache_key)
   end
 
+  def add_fingerprints!(fingerprints)
+    self.send(:fingerprints=, self.fingerprints | fingerprints)
+    save(validate: false) unless new_record?
+  end
+
   def update_fingerprints_from_account!(account)
     if account and (fingerprints = account.fingerprints)
-      self.send(:fingerprints=, fingerprints | self.fingerprints)
-      save(validate: false) unless new_record?
+      self.add_fingerprints!(fingerprints)
     end
   end
 

spec/api/v1/fingerprints_spec.rb

@@ -15,6 +15,34 @@ def app
     realm
   end
 
+  let :other_realm do
+    realm = Realm.create!(:label => "area54")
+    Domain.create!(:realm => realm, :name => 'example2.org')
+    realm
+  end
+
+  let :somegod do
+    Identity.create!(:god => true, :realm => realm)
+  end
+
+  let :somegod_session do
+    Session.create!(:identity => somegod).key
+  end
+
+  let :someone do
+    Identity.create!(:realm => realm)
+  end
+
+  let :someone_session do
+    Session.create!(:identity => someone).key
+  end
+
+  let :realm do
+    realm = Realm.create!(:label => "area51")
+    Domain.create!(:realm => realm, :name => 'example.org')
+    realm
+  end
+
   it "returns a list of identities by their fingerprints" do
     identity = Identity.new(:realm => realm)
     identity.send(:fingerprints=, 'abcd123')
@@ -25,4 +53,34 @@ def app
     response['identities'].first['identity']['id'].should eq identity.id
   end
 
+  describe "Adding fingerprints to existing identities" do
+    context "when user is not god" do
+      it "is *not* allowed to add new fingerprints" do
+        identity = Identity.new(:realm => realm)
+        identity.save!
+        post "identities/#{identity.id}/fingerprints", fingerprints: ['23foo', '42bar'], :session => someone_session
+        last_response.status.should eq 403
+      end
+    end
+
+    context "when user is god, but in another realm than the target identity" do
+      it "is *not* allowed to add new fingerprints" do
+        identity = Identity.new(:realm => other_realm)
+        identity.save!
+        post "identities/#{identity.id}/fingerprints", fingerprints: ['23foo', '42bar'], :session => somegod_session
+        last_response.status.should eq 403
+      end
+    end
+
+    context "when user is god" do
+      it "is allowed to add fingerprints to an existing identity" do
+        identity = Identity.new(:realm => realm)
+        identity.save!
+        post "identities/#{identity.id}/fingerprints", fingerprints: ['23foo', '42bar'], :session => somegod_session
+        response = JSON.parse(last_response.body)
+        response['identity']['fingerprints'].should include '23foo'
+        response['identity']['fingerprints'].should include '42bar'
+      end
+    end
+  end
 end