Actually authenticate now

This commit is contained in:
redfast00 2019-05-07 22:45:05 +02:00
parent 3cebd229c9
commit 02929551ee
No known key found for this signature in database
GPG key ID: 5946E0E34FD0553C
3 changed files with 49 additions and 12 deletions

View file

@ -1,5 +1,13 @@
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
protect_from_forgery with: :exception protect_from_forgery with: :exception
skip_before_action :verify_authenticity_token, if: :api_request?
before_filter :authenticate_user_from_token!
before_filter :authenticate_user!
before_filter :set_user!
def api_request?
(user_token.present?) && request.format.json?
end
rescue_from CanCan::AccessDenied do |exception| rescue_from CanCan::AccessDenied do |exception|
respond_to do |format| respond_to do |format|
@ -25,4 +33,27 @@ class ApplicationController < ActionController::Base
exception.message exception.message
end end
end end
def authenticate_user_from_token!
user = user_token
if user
# Notice we are passing store false, so the user is not
# actually stored in the session and a token is needed
# for every request. If you want the token to work as a
# sign in token, you can simply remove store: false.
sign_in user, store: false
end
end
def set_user!
@user = current_user
end
def user_token
@user_token ||= authenticate_with_http_token do |token, options|
User.find_by userkey: token
end
end
end end

View file

@ -21,8 +21,7 @@
# #
class UsersController < ApplicationController class UsersController < ApplicationController
load_and_authorize_resource except: :show load_and_authorize_resource
before_action :init, only: :show
def show def show
respond_to do |format| respond_to do |format|
@ -43,6 +42,7 @@ class UsersController < ApplicationController
redirect_to @user redirect_to @user
end end
format.js { head :ok } format.js { head :ok }
format.json { render json: @user }
end end
else else
respond_to do |format| respond_to do |format|
@ -52,6 +52,7 @@ class UsersController < ApplicationController
render 'show' render 'show'
end end
format.js { head :bad_request } format.js { head :bad_request }
format.json { "Update failed!"}
end end
end end
end end
@ -84,16 +85,6 @@ class UsersController < ApplicationController
params.fetch(:user, {}).permit(:avatar, :private, :dagschotel_id, :quickpay_hidden) params.fetch(:user, {}).permit(:avatar, :private, :dagschotel_id, :quickpay_hidden)
end end
def init
@user ||= current_user || user_token || User.new
end
def user_token
@user_token ||= authenticate_with_http_token do |token, options|
User.find_by userkey: token
end
end
def reset_key def reset_key
@user.generate_key! @user.generate_key!
redirect_to @user redirect_to @user

View file

@ -0,0 +1,15 @@
import requests
base_url = 'http://localhost:3000'
user = 'j'
user_token = 'uiUTrjuD3ZSft6s8JD9S4g=='
headers = {'Authorization': f'Token token={user_token}'}
dagschotel_id = 1
r = requests.put(f'{base_url}/users/{user}.json', headers=headers, json={'dagschotel_id': 20})
print(r.text)
r = requests.get(f'{base_url}/users/{user}.json', headers=headers)
print(r.text)