From 7ad6d054d72d3c76098f689e4e7890265a3604c8 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Aug 2013 10:59:18 +0200 Subject: first steps towards enabling token based auth --- .../controllers/controller_extension/token_authentication.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 users/app/controllers/controller_extension/token_authentication.rb (limited to 'users/app/controllers/controller_extension/token_authentication.rb') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb new file mode 100644 index 0000000..71dbc50 --- /dev/null +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -0,0 +1,12 @@ +module ControllerExtension::TokenAuthentication + extend ActiveSupport::Concern + + def token_authenticate + token = nil + authenticate_or_request_with_http_token do |token, options| + token = Token.find(token) + end + User.find(token.user_id) if token + end +end + -- cgit v1.2.3 From e60ee749cab0f80cf23ca57e28c7de6d1b3a395b Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 11:14:30 +0200 Subject: basic testing for token based auth in tests --- users/app/controllers/controller_extension/token_authentication.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'users/app/controllers/controller_extension/token_authentication.rb') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 71dbc50..06e9e04 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -2,11 +2,10 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern def token_authenticate - token = nil - authenticate_or_request_with_http_token do |token, options| - token = Token.find(token) + authenticate_or_request_with_http_token do |token_id, options| + @token = Token.find(token_id) end - User.find(token.user_id) if token + User.find_by_param(@token.user_id) if @token end end -- cgit v1.2.3 From 420bfb326f974eec14b04d6a170ed2d28c14180f Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 14:36:27 +0200 Subject: clear token on logout with test --- .../controllers/controller_extension/token_authentication.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'users/app/controllers/controller_extension/token_authentication.rb') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 06e9e04..e1c92e7 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -7,5 +7,17 @@ module ControllerExtension::TokenAuthentication end User.find_by_param(@token.user_id) if @token end + + def logout + super + clear_token + end + + def clear_token + authenticate_with_http_token do |token_id, options| + @token = Token.find(token_id) + @token.destroy if @token + end + end end -- cgit v1.2.3 From 147ccec989672f9b1314aa6dcc5ce8578e841370 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 14:53:35 +0200 Subject: do not redirect if no token present So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error. --- users/app/controllers/controller_extension/token_authentication.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers/controller_extension/token_authentication.rb') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index e1c92e7..82df314 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -2,7 +2,7 @@ module ControllerExtension::TokenAuthentication extend ActiveSupport::Concern def token_authenticate - authenticate_or_request_with_http_token do |token_id, options| + authenticate_with_http_token do |token_id, options| @token = Token.find(token_id) end User.find_by_param(@token.user_id) if @token -- cgit v1.2.3 From 5e6a2a2995598489372676bf8e045dc2dfda6c81 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 14:55:43 +0200 Subject: token.user will get you the right user This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail. --- users/app/controllers/controller_extension/token_authentication.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers/controller_extension/token_authentication.rb') diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 82df314..3e2816d 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -5,7 +5,7 @@ module ControllerExtension::TokenAuthentication authenticate_with_http_token do |token_id, options| @token = Token.find(token_id) end - User.find_by_param(@token.user_id) if @token + @token.user if @token end def logout -- cgit v1.2.3