midgard/tab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #37 from ZeusWPI/api_token

Browse source 
Add user API token
This commit is contained in:
redfast00 2018-07-11 19:35:27 +02:00 committed by GitHub
commit 8c76018f96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 51 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/assets/stylesheets/users.css.scss
View file

@ -49,3 +49,7 @@ table.pure-table-striped {
#s2id_transaction_creditor { #s2id_transaction_creditor {
min-width: 150px; min-width: 150px;
} }
.reset_key {
display: inline;
}

10
app/controllers/application_controller.rb
View file

@ -11,7 +11,7 @@ class ApplicationController < ActionController::Base
end end
def authenticate_user_or_client! def authenticate_user_or_client!
current_user || current_client || redirect_to(root_path, flash: { notice: "You have been redirected." }) current_user || current_client || user_token || redirect_to(root_path, flash: { notice: "You have been redirected." })
end end
def current_client def current_client
@ -23,7 +23,13 @@ class ApplicationController < ActionController::Base
def current_ability def current_ability
@current_ability ||= @current_ability ||=
current_client.try { |c| ClientAbility.new(c) } || current_client.try { |c| ClientAbility.new(c) } ||
UserAbility.new(current_user) UserAbility.new(current_user || user_token)
end
def user_token
@user_token ||= authenticate_with_http_token do |token, options|
User.find_by key: token
end
end end
def after_sign_in_path_for(resource) def after_sign_in_path_for(resource)

9
app/controllers/users_controller.rb
View file

@ -1,10 +1,10 @@
class UsersController < ApplicationController class UsersController < ApplicationController
skip_before_action :verify_authenticity_token, only: :create, find_by: :name skip_before_action :verify_authenticity_token, only: :create
before_action :authenticate_user!, except: :show before_action :authenticate_user!, except: :show
before_action :authenticate_user_or_client!, only: :show before_action :authenticate_user_or_client!, only: :show
load_and_authorize_resource except: :show load_and_authorize_resource except: :show, find_by: :name
def show def show
@user = User.find_by(name: params[:id]) || User.new @user = User.find_by(name: params[:id]) || User.new
@ -18,4 +18,9 @@ class UsersController < ApplicationController
def index def index
@users = User.all @users = User.all
end end
def reset_key
@user.generate_key!
redirect_to @user
end
end end

13
app/models/user.rb
View file

@ -50,4 +50,17 @@ class User < ActiveRecord::Base
@@zeus ||= find_or_create_by name: 'Zeus' @@zeus ||= find_or_create_by name: 'Zeus'
end end
def generate_key
set_key unless self.key
end
def generate_key!
set_key
self.save
end
private
def set_key
self.key = SecureRandom.base64(16)
end
end end

2
app/models/user_ability.rb
View file

@ -5,7 +5,7 @@ class UserAbility
return unless user return unless user
can :manage, :all if user.penning? can :manage, :all if user.penning?
can :read, user, id: user.id can :manage, user, id: user.id
can :manage, Request, creditor_id: user.id can :manage, Request, creditor_id: user.id
can :manage, Notification, user_id: user.id can :manage, Notification, user_id: user.id
can :create, Transaction do |t| can :create, Transaction do |t|

5
app/views/users/show.html.haml
View file

@ -65,3 +65,8 @@
%th Message %th Message
%tbody %tbody
%h3="Zeus account number: BE32 9799 9370 6502" %h3="Zeus account number: BE32 9799 9370 6502"
="API key: #{@user.key}"
= button_to "reset", reset_key_user_path(@user), {form_class: 'reset_key', class: 'btn btn-small'}
%br
Example:
%code="curl -H \"Accept: application/json\" -H \"Authorization: Token token=#{@user.key}\" #{user_url(@user)}"

1
config/routes.rb
View file

@ -22,6 +22,7 @@ Rails.application.routes.draw do
resources :notifications, only: [:index], shallow: true do resources :notifications, only: [:index], shallow: true do
post :read post :read
end end
post :reset_key, on: :member
end end
get 'datatables/:id' => 'datatables#transactions_for_user', as: "user_transactions" get 'datatables/:id' => 'datatables#transactions_for_user', as: "user_transactions"

10
db/migrate/20180620161021_add_token_to_user.rb Normal file
View file

@ -0,0 +1,10 @@
class AddTokenToUser < ActiveRecord::Migration[5.2]
def change
add_column :users, :key, :string
User.all.each do |user|
user.generate_key
user.save
end
end
end

3
db/schema.rb
View file

@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2017_01_23_151219) do ActiveRecord::Schema.define(version: 2018_06_20_161021) do
create_table "clients", force: :cascade do |t| create_table "clients", force: :cascade do |t|
t.string "name", null: false t.string "name", null: false
@ -86,6 +86,7 @@ ActiveRecord::Schema.define(version: 2017_01_23_151219) do
t.boolean "penning", default: false, null: false t.boolean "penning", default: false, null: false
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.string "key"
t.index ["balance"], name: "index_users_on_balance" t.index ["balance"], name: "index_users_on_balance"
t.index ["name"], name: "index_users_on_name" t.index ["name"], name: "index_users_on_name"
end end