Added reset token
This commit is contained in:
Robbe Van Herck
parent
1581a38026
commit
01b403c99e
6 changed files with 27 additions and 6 deletions
|
|
@ -49,3 +49,7 @@ table.pure-table-striped {
|
||||||
#s2id_transaction_creditor {
|
#s2id_transaction_creditor {
|
||||||
min-width: 150px;
|
min-width: 150px;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.reset_key {
|
||||||
|
display: inline;
|
||||||
|
}
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
class UsersController < ApplicationController
|
class UsersController < ApplicationController
|
||||||
skip_before_action :verify_authenticity_token, only: :create, find_by: :name
|
skip_before_action :verify_authenticity_token, only: :create
|
||||||
|
|
||||||
before_action :authenticate_user!, except: :show
|
before_action :authenticate_user!, except: :show
|
||||||
before_action :authenticate_user_or_client!, only: :show
|
before_action :authenticate_user_or_client!, only: :show
|
||||||
|
|
||||||
load_and_authorize_resource except: :show
|
load_and_authorize_resource except: :show, find_by: :name
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@user = User.find_by(name: params[:id]) || User.new
|
@user = User.find_by(name: params[:id]) || User.new
|
||||||
|
|
@ -18,4 +18,9 @@ class UsersController < ApplicationController
|
||||||
def index
|
def index
|
||||||
@users = User.all
|
@users = User.all
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def reset_key
|
||||||
|
@user.generate_key!
|
||||||
|
redirect_to @user
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,16 @@ class User < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def generate_key
|
def generate_key
|
||||||
self.key = SecureRandom.base64(16) unless self.key
|
set_key unless self.key
|
||||||
|
end
|
||||||
|
|
||||||
|
def generate_key!
|
||||||
|
set_key
|
||||||
|
self.save
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
def set_key
|
||||||
|
self.key = SecureRandom.base64(16)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ class UserAbility
|
||||||
return unless user
|
return unless user
|
||||||
|
|
||||||
can :manage, :all if user.penning?
|
can :manage, :all if user.penning?
|
||||||
can :read, user, id: user.id
|
can :manage, user, id: user.id
|
||||||
can :manage, Request, creditor_id: user.id
|
can :manage, Request, creditor_id: user.id
|
||||||
can :manage, Notification, user_id: user.id
|
can :manage, Notification, user_id: user.id
|
||||||
can :create, Transaction do |t|
|
can :create, Transaction do |t|
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,8 @@
|
||||||
%th Message
|
%th Message
|
||||||
%tbody
|
%tbody
|
||||||
%h3="Zeus account number: BE32 9799 9370 6502"
|
%h3="Zeus account number: BE32 9799 9370 6502"
|
||||||
="API token: #{@user.key}"
|
="API key: #{@user.key}"
|
||||||
|
= button_to "reset", reset_key_user_path(@user), {form_class: 'reset_key', class: 'btn btn-small'}
|
||||||
%br
|
%br
|
||||||
Example:
|
Example:
|
||||||
%code="curl -H \"Accept: application/json\" -H \"Authorization: Token token=#{@user.key}\" #{user_url(@user)}"
|
%code="curl -H \"Accept: application/json\" -H \"Authorization: Token token=#{@user.key}\" #{user_url(@user)}"
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ Rails.application.routes.draw do
|
||||||
resources :notifications, only: [:index], shallow: true do
|
resources :notifications, only: [:index], shallow: true do
|
||||||
post :read
|
post :read
|
||||||
end
|
end
|
||||||
|
post :reset_key, on: :member
|
||||||
end
|
end
|
||||||
|
|
||||||
get 'datatables/:id' => 'datatables#transactions_for_user', as: "user_transactions"
|
get 'datatables/:id' => 'datatables#transactions_for_user', as: "user_transactions"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue