diff options
| author | jessib <jessib@riseup.net> | 2014-02-10 10:27:52 -0800 |
|---|---|---|
| committer | jessib <jessib@riseup.net> | 2014-02-10 10:27:52 -0800 |
| commit | b6ef51277b4e6d65cfda15f0124ae4f222f7f241 (patch) | |
| tree | da7eb2d3a3a648be0be519aae23f997f248ba320 /users/app/controllers/controller_extension | |
| parent | bcdde2f6bfb4ed3a1535bd2e50ab47529a9141e2 (diff) | |
| parent | b4719619aabbe9ebf74563b62e1eb8e4fb248c21 (diff) | |
Merge pull request #138 from azul/feature/token-only-api-auth
Feature/token only api auth
Diffstat (limited to 'users/app/controllers/controller_extension')
| -rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 4 | ||||
| -rw-r--r-- | users/app/controllers/controller_extension/token_authentication.rb | 20 |
2 files changed, 14 insertions, 10 deletions
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index d831fbe..e83d6b2 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -15,7 +15,7 @@ module ControllerExtension::Authentication !!current_user end - def authorize + def require_login access_denied unless logged_in? end @@ -38,7 +38,7 @@ module ControllerExtension::Authentication current_user && current_user.is_admin? end - def authorize_admin + def require_admin access_denied unless admin? end diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 530294a..6e0a6ce 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -1,11 +1,18 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern - def token_authenticate - authenticate_with_http_token do |token_id, options| - @token = Token.find(token_id) + def token + @token ||= authenticate_with_http_token do |token_id, options| + Token.find(token_id) end - @token.authenticate if @token + end + + def token_authenticate + @token_authenticated ||= token.authenticate if token + end + + def require_token + access_denied unless token_authenticate end def logout @@ -14,10 +21,7 @@ module ControllerExtension::TokenAuthentication end def clear_token - authenticate_with_http_token do |token_id, options| - @token = Token.find(token_id) - @token.destroy if @token - end + token.destroy if token end end |