Age | Commit message (Collapse) | Author |
|
|
|
authorize_admin -> require_admin
also add require_token which will ensure token has been used for auth.
|
|
|
|
This will return the user. But we can add timestamp validations and updates here.
|
|
This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail.
|
|
So far we allow two mechanisms of authentication:
* session based
* token based
If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error.
|
|
|
|
|
|
|