Actually authenticate now

2019-05-07 22:45:05 +02:00 · 2019-05-07 22:45:05 +02:00 · 02929551ee
commit 02929551ee
parent 3cebd229c9
3 changed files with 49 additions and 12 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,5 +1,13 @@
 class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
+  skip_before_action :verify_authenticity_token, if: :api_request?
+  before_filter :authenticate_user_from_token!
+  before_filter :authenticate_user!
+  before_filter :set_user!
+
+  def api_request?
+    (user_token.present?) && request.format.json?
+  end

  rescue_from CanCan::AccessDenied do |exception|
    respond_to do |format|
@ -25,4 +33,27 @@ class ApplicationController < ActionController::Base
      exception.message
    end
  end
+
+  def authenticate_user_from_token!
+    user = user_token
+
+    if user
+      # Notice we are passing store false, so the user is not
+      # actually stored in the session and a token is needed
+      # for every request. If you want the token to work as a
+      # sign in token, you can simply remove store: false.
+      sign_in user, store: false
+    end
+  end
+
+  def set_user!
+    @user = current_user
+  end
+
+  def user_token
+    @user_token ||= authenticate_with_http_token do |token, options|
+      User.find_by userkey: token
+    end
+  end
+
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -21,8 +21,7 @@
 #

 class UsersController < ApplicationController
-  load_and_authorize_resource except: :show
-  before_action :init, only: :show
+  load_and_authorize_resource

  def show
      respond_to do |format|
@ -43,6 +42,7 @@ class UsersController < ApplicationController
            redirect_to @user
          end
          format.js { head :ok  }
+          format.json { render json: @user }
        end
      else
        respond_to do |format|
@ -52,6 +52,7 @@ class UsersController < ApplicationController
            render 'show'
          end
          format.js { head :bad_request }
+          format.json { "Update failed!"}
        end
      end
    end
@ -84,16 +85,6 @@ class UsersController < ApplicationController
    params.fetch(:user, {}).permit(:avatar, :private, :dagschotel_id, :quickpay_hidden)
  end

-  def init
-    @user ||= current_user || user_token || User.new
-  end
-
-  def user_token
-    @user_token ||= authenticate_with_http_token do |token, options|
-      User.find_by userkey: token
-    end
-  end
-
  def reset_key
    @user.generate_key!
    redirect_to @user
--- a/python_api_example/dagschotel.py
+++ b/python_api_example/dagschotel.py
@ -0,0 +1,15 @@
+import requests
+
+
+base_url = 'http://localhost:3000'
+user = 'j'
+user_token = 'uiUTrjuD3ZSft6s8JD9S4g=='
+
+headers = {'Authorization': f'Token token={user_token}'}
+dagschotel_id = 1
+
+r = requests.put(f'{base_url}/users/{user}.json', headers=headers, json={'dagschotel_id': 20})
+print(r.text)
+
+r = requests.get(f'{base_url}/users/{user}.json', headers=headers)
+print(r.text)