Added User API and userkey

This commit is contained in:
Robbe Van Herck 2019-04-08 16:41:19 +02:00
parent 9f3de720c8
commit a57848b3a6
No known key found for this signature in database
GPG key ID: 4D1C8E8FBD1C7188
6 changed files with 58 additions and 4 deletions

View file

@ -2,7 +2,10 @@ class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_path, flash: { error: message_for(exception) }
respond_to do |format|
format.json { render json: [ "Diefstal is een misdrijf." ], status: :forbidden }
format.html { redirect_to root_path, flash: { error: message_for(exception) } }
end
end
def after_sign_in_path_for(resource)

View file

@ -23,8 +23,21 @@
class UsersController < ApplicationController
load_and_authorize_resource
before_action :init, only: :show
skip_load_and_authorize_resource :only => :show
def show
# TODO fix this with `authorize!`
if params[:id] && (@user.name != params[:id] && !@user.admin?)
respond_to do |format|
format.json { render json: ["Mind your own business"] }
format.html { redirect_to root_url }
end
else
respond_to do |format|
format.json { render json: @user }
format.html {}
end
end
end
def update
@ -81,6 +94,17 @@ class UsersController < ApplicationController
end
def init
@user ||= current_user
@user ||= current_user || user_token || User.new
end
def user_token
@user_token ||= authenticate_with_http_token do |token, options|
User.find_by userkey: token
end
end
def reset_key
@user.generate_key!
redirect_to @user
end
end

View file

@ -37,6 +37,7 @@ class User < ActiveRecord::Base
where(name: auth.uid).first_or_create do |user|
user.name = auth.uid
user.avatar = Identicon.data_url_for auth.uid
user.generate_key!
end
end
@ -89,4 +90,18 @@ class User < ActiveRecord::Base
user.koelkast = true
end
end
def generate_key
set_key unless self.userkey
end
def generate_key!
set_key
self.save
end
private
def set_key
self.userkey = SecureRandom.base64(16)
end
end

View file

@ -22,6 +22,7 @@ Rails.application.routes.draw do
member do
get 'quickpay' => 'users#quickpay'
get 'dagschotel/edit' => 'users#edit_dagschotel', as: 'edit_dagschotel'
post :reset_key
end
end

View file

@ -0,0 +1,10 @@
class AddApiToken < ActiveRecord::Migration
def change
add_column :users, :userkey, :string
User.all.each do |user|
user.generate_key
user.save
end
end
end

View file

@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160304192839) do
ActiveRecord::Schema.define(version: 20190408122720) do
create_table "barcodes", force: :cascade do |t|
t.integer "product_id"
@ -86,7 +86,8 @@ ActiveRecord::Schema.define(version: 20160304192839) do
t.string "name"
t.boolean "private", default: false
t.integer "frecency", default: 0, null: false
t.boolean "quickpay_hidden"
t.boolean "quickpay_hidden", default: false
t.string "userkey"
end
add_index "users", ["koelkast"], name: "index_users_on_koelkast"