Change koelkast login to login with token

2015-09-22 07:13:35 +02:00 · 2015-09-22 07:13:35 +02:00 · 71659e246d
commit 71659e246d
parent 046b2c382c
7 changed files with 13 additions and 12 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,6 +1,5 @@
 class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
-  check_authorization

  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_path, flash: { error: exception.message }
--- a/app/controllers/callbacks_controller.rb
+++ b/app/controllers/callbacks_controller.rb
@ -1,6 +1,4 @@
 class CallbacksController < Devise::OmniauthCallbacksController
-  skip_authorization_check
-
  def zeuswpi
    @user = User.from_omniauth(request.env["omniauth.auth"])
    sign_in_and_redirect @user
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -1,3 +0,0 @@
-class SessionsController < Devise::SessionsController
-  skip_authorization_check
-end
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@ -1,6 +1,12 @@
 class WelcomeController < ApplicationController
-  skip_authorization_check
+  skip_before_filter :verify_authenticity_token, only: :token_sign_in

  def index
  end
+
+  def token_sign_in
+    return head(:unauthorized) unless params[:token] == Rails.application.secrets.koelkast_token
+    koelkast = User.find_by(name: "koelkast")
+    sign_in_and_redirect koelkast
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -23,7 +23,7 @@ class User < ActiveRecord::Base
  include Statistics, Avatarable, FriendlyId
  friendly_id :name, use: :finders

-  devise :database_authenticatable, :omniauthable, :omniauth_providers => [:zeuswpi]
+  devise :omniauthable, :omniauth_providers => [:zeuswpi]

  has_many :orders, -> { includes :products }
  has_many :products, through: :orders
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,10 +1,9 @@
 Rails.application.routes.draw do
-  devise_for :users, controllers: {
-    omniauth_callbacks: "callbacks",
-    sessions: "sessions"
-  }
+  devise_for :users, controllers: { omniauth_callbacks: "callbacks" }

  devise_scope :user do
+    get 'sign_out', to: 'devise/sessions#destroy', as: :destroy_user_session
+    post 'sign_in', to: 'welcome#token_sign_in'
    unauthenticated :user do
      root to: 'welcome#index'
    end
--- a/config/secrets.yml
+++ b/config/secrets.yml
@ -16,6 +16,7 @@ development:
  omniauth_client_secret: blargh
  access_token: "token"
  tab_api_key: "HriaktSIhRaB5CJzD71uLQ=="
+  koelkast_token: ""

 test:
  secret_key_base: 961437e28e7d6055ffaad9cf1f8d614354f57f10cb2d7601c9d6ede72a03b9c9535ad9e63507e3eb31252c4895970a63117493408f2e9a46c7a0c4a5a7836b81
@ -29,3 +30,4 @@ production:
  omniauth_client_secret: ""
  access_token: ""
  tab_api_key: ""
+  koelkast_token: ""