Merge pull request #37 from ZeusWPI/api_token

Add user API token
This commit is contained in:
redfast00 2018-07-11 19:35:27 +02:00 committed by GitHub
commit 8c76018f96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 51 additions and 6 deletions

View file

@ -49,3 +49,7 @@ table.pure-table-striped {
#s2id_transaction_creditor {
min-width: 150px;
}
.reset_key {
display: inline;
}

View file

@ -11,7 +11,7 @@ class ApplicationController < ActionController::Base
end
def authenticate_user_or_client!
current_user || current_client || redirect_to(root_path, flash: { notice: "You have been redirected." })
current_user || current_client || user_token || redirect_to(root_path, flash: { notice: "You have been redirected." })
end
def current_client
@ -23,7 +23,13 @@ class ApplicationController < ActionController::Base
def current_ability
@current_ability ||=
current_client.try { |c| ClientAbility.new(c) } ||
UserAbility.new(current_user)
UserAbility.new(current_user || user_token)
end
def user_token
@user_token ||= authenticate_with_http_token do |token, options|
User.find_by key: token
end
end
def after_sign_in_path_for(resource)

View file

@ -1,10 +1,10 @@
class UsersController < ApplicationController
skip_before_action :verify_authenticity_token, only: :create, find_by: :name
skip_before_action :verify_authenticity_token, only: :create
before_action :authenticate_user!, except: :show
before_action :authenticate_user_or_client!, only: :show
load_and_authorize_resource except: :show
load_and_authorize_resource except: :show, find_by: :name
def show
@user = User.find_by(name: params[:id]) || User.new
@ -18,4 +18,9 @@ class UsersController < ApplicationController
def index
@users = User.all
end
def reset_key
@user.generate_key!
redirect_to @user
end
end

View file

@ -50,4 +50,17 @@ class User < ActiveRecord::Base
@@zeus ||= find_or_create_by name: 'Zeus'
end
def generate_key
set_key unless self.key
end
def generate_key!
set_key
self.save
end
private
def set_key
self.key = SecureRandom.base64(16)
end
end

View file

@ -5,7 +5,7 @@ class UserAbility
return unless user
can :manage, :all if user.penning?
can :read, user, id: user.id
can :manage, user, id: user.id
can :manage, Request, creditor_id: user.id
can :manage, Notification, user_id: user.id
can :create, Transaction do |t|

View file

@ -65,3 +65,8 @@
%th Message
%tbody
%h3="Zeus account number: BE32 9799 9370 6502"
="API key: #{@user.key}"
= button_to "reset", reset_key_user_path(@user), {form_class: 'reset_key', class: 'btn btn-small'}
%br
Example:
%code="curl -H \"Accept: application/json\" -H \"Authorization: Token token=#{@user.key}\" #{user_url(@user)}"

View file

@ -22,6 +22,7 @@ Rails.application.routes.draw do
resources :notifications, only: [:index], shallow: true do
post :read
end
post :reset_key, on: :member
end
get 'datatables/:id' => 'datatables#transactions_for_user', as: "user_transactions"

View file

@ -0,0 +1,10 @@
class AddTokenToUser < ActiveRecord::Migration[5.2]
def change
add_column :users, :key, :string
User.all.each do |user|
user.generate_key
user.save
end
end
end

View file

@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2017_01_23_151219) do
ActiveRecord::Schema.define(version: 2018_06_20_161021) do
create_table "clients", force: :cascade do |t|
t.string "name", null: false
@ -86,6 +86,7 @@ ActiveRecord::Schema.define(version: 2017_01_23_151219) do
t.boolean "penning", default: false, null: false
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "key"
t.index ["balance"], name: "index_users_on_balance"
t.index ["name"], name: "index_users_on_name"
end