From bc1c960c20545b6ae1679b79761e4a13c69f92ee Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Wed, 12 Dec 2012 17:11:25 +0100
Subject: [PATCH] add travis_token scope

---
 Gemfile.lock                                 |  2 +-
 lib/travis/api/app/access_token.rb           |  6 +++++
 lib/travis/api/app/middleware/scope_check.rb |  7 +++++-
 spec/unit/middleware/scope_check_spec.rb     | 23 ++++++++++++++++++++
 4 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index cd136e23..65d46c96 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -45,7 +45,7 @@ GIT
 
 GIT
   remote: git://github.com/travis-ci/travis-core.git
-  revision: 751da684a3c44b2c493ebc41e9b38ff8edd5cef8
+  revision: 500daa4a822d09783f5e64dbc196275770f2570e
   specs:
     travis-core (0.0.1)
       actionmailer (~> 3.2.3)
diff --git a/lib/travis/api/app/access_token.rb b/lib/travis/api/app/access_token.rb
index bae8436d..a8e324b9 100644
--- a/lib/travis/api/app/access_token.rb
+++ b/lib/travis/api/app/access_token.rb
@@ -10,7 +10,13 @@ class Travis::Api::App
       new(options).tap(&:save)
     end
 
+    def self.for_travis_token(travis_token, options = {})
+      travis_token = Token.find_by_token(travis_token) unless travis_token.respond_to? :user
+      new(scope: :travis_token, app_id: 1, user: travis_token.user).tap(&:save) if travis_token
+    end
+
     def self.find_by_token(token)
+      return token if token.is_a? self
       user_id, app_id, *scopes = redis.lrange(key(token), 0, -1)
       new(token: token, scopes: scopes, user_id: user_id, app_id: app_id) if user_id
     end
diff --git a/lib/travis/api/app/middleware/scope_check.rb b/lib/travis/api/app/middleware/scope_check.rb
index 94b2f13a..4cbf503a 100644
--- a/lib/travis/api/app/middleware/scope_check.rb
+++ b/lib/travis/api/app/middleware/scope_check.rb
@@ -19,11 +19,16 @@ class Travis::Api::App
       end
 
       def token
-        @token ||= header_token || query_token
+        @token ||= header_token || query_token || travis_token
       end
 
       private
 
+        def travis_token
+          return unless token = params[:token]
+          AccessToken.for_travis_token(token) || ""
+        end
+
         def query_token
           params[:access_token] if params[:access_token] and not params[:access_token].empty?
         end
diff --git a/spec/unit/middleware/scope_check_spec.rb b/spec/unit/middleware/scope_check_spec.rb
index 1eb820c7..f8307ee3 100644
--- a/spec/unit/middleware/scope_check_spec.rb
+++ b/spec/unit/middleware/scope_check_spec.rb
@@ -41,6 +41,29 @@ describe Travis::Api::App::Middleware::ScopeCheck do
     end
   end
 
+  describe 'with travis token' do
+    let(:travis_token) { stub_travis_token(user: user) }
+    let(:token) { travis_token.token }
+
+    before do
+      Token.stubs(:find_by_token).with(travis_token.token).returns(travis_token)
+      Token.stubs(:find_by_token).with("invalid").returns(nil)
+    end
+
+    it 'accepts a valid travis token' do
+      get('/', token: token).should be_ok
+    end
+
+    it 'rejects an invalid travis token' do
+      get('/', token: token)
+      headers['X-OAuth-Scopes'].should == 'travis_token'
+    end
+
+    it 'sets the scope to travis_token' do
+      get('/', token: "invalid").should_not be_ok
+    end
+  end
+
   describe 'reject requests with an invalide token' do
     it 'rejects Authorization token header' do
       get('/', {}, 'HTTP_AUTHORIZATION' => "token foo").should_not be_ok