From 71659e246d2ab2acdd4ec9d390d29b519da95835 Mon Sep 17 00:00:00 2001
From: benji <benj_cous@hotmail.com>
Date: Tue, 22 Sep 2015 07:13:35 +0200
Subject: [PATCH] Change koelkast login to login with token

---
 app/controllers/application_controller.rb | 1 -
 app/controllers/callbacks_controller.rb   | 2 --
 app/controllers/sessions_controller.rb    | 3 ---
 app/controllers/welcome_controller.rb     | 8 +++++++-
 app/models/user.rb                        | 2 +-
 config/routes.rb                          | 7 +++----
 config/secrets.yml                        | 2 ++
 7 files changed, 13 insertions(+), 12 deletions(-)
 delete mode 100644 app/controllers/sessions_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 726cf50..bee3a7b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,6 +1,5 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
-  check_authorization
 
   rescue_from CanCan::AccessDenied do |exception|
     redirect_to root_path, flash: { error: exception.message }
diff --git a/app/controllers/callbacks_controller.rb b/app/controllers/callbacks_controller.rb
index 9f8b2cc..dcd8663 100644
--- a/app/controllers/callbacks_controller.rb
+++ b/app/controllers/callbacks_controller.rb
@@ -1,6 +1,4 @@
 class CallbacksController < Devise::OmniauthCallbacksController
-  skip_authorization_check
-
   def zeuswpi
     @user = User.from_omniauth(request.env["omniauth.auth"])
     sign_in_and_redirect @user
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
deleted file mode 100644
index a50a3b3..0000000
--- a/app/controllers/sessions_controller.rb
+++ /dev/null
@@ -1,3 +0,0 @@
-class SessionsController < Devise::SessionsController
-  skip_authorization_check
-end
diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb
index 381b748..b351b34 100644
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -1,6 +1,12 @@
 class WelcomeController < ApplicationController
-  skip_authorization_check
+  skip_before_filter :verify_authenticity_token, only: :token_sign_in
 
   def index
   end
+
+  def token_sign_in
+    return head(:unauthorized) unless params[:token] == Rails.application.secrets.koelkast_token
+    koelkast = User.find_by(name: "koelkast")
+    sign_in_and_redirect koelkast
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 609c531..a4c89c2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -23,7 +23,7 @@ class User < ActiveRecord::Base
   include Statistics, Avatarable, FriendlyId
   friendly_id :name, use: :finders
 
-  devise :database_authenticatable, :omniauthable, :omniauth_providers => [:zeuswpi]
+  devise :omniauthable, :omniauth_providers => [:zeuswpi]
 
   has_many :orders, -> { includes :products }
   has_many :products, through: :orders
diff --git a/config/routes.rb b/config/routes.rb
index 1a978ba..c0d8efe 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,10 +1,9 @@
 Rails.application.routes.draw do
-  devise_for :users, controllers: {
-    omniauth_callbacks: "callbacks",
-    sessions: "sessions"
-  }
+  devise_for :users, controllers: { omniauth_callbacks: "callbacks" }
 
   devise_scope :user do
+    get 'sign_out', to: 'devise/sessions#destroy', as: :destroy_user_session
+    post 'sign_in', to: 'welcome#token_sign_in'
     unauthenticated :user do
       root to: 'welcome#index'
     end
diff --git a/config/secrets.yml b/config/secrets.yml
index 4340ef3..2c88896 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -16,6 +16,7 @@ development:
   omniauth_client_secret: blargh
   access_token: "token"
   tab_api_key: "HriaktSIhRaB5CJzD71uLQ=="
+  koelkast_token: ""
 
 test:
   secret_key_base: 961437e28e7d6055ffaad9cf1f8d614354f57f10cb2d7601c9d6ede72a03b9c9535ad9e63507e3eb31252c4895970a63117493408f2e9a46c7a0c4a5a7836b81
@@ -29,3 +30,4 @@ production:
   omniauth_client_secret: ""
   access_token: ""
   tab_api_key: ""
+  koelkast_token: ""