From aedfab27b9a03f41638fefb1b39857ca66a99257 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 2 Apr 2013 10:35:21 +0200 Subject: initial token model and unit test --- users/app/models/token.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 users/app/models/token.rb (limited to 'users/app') diff --git a/users/app/models/token.rb b/users/app/models/token.rb new file mode 100644 index 0000000..9de6850 --- /dev/null +++ b/users/app/models/token.rb @@ -0,0 +1,10 @@ +class Token < CouchRest::Model::Base + + use_database :tokens + + property :user_id, String, accessible: false + + validates :user_id, presence: true + +end + -- cgit v1.2.3 From 08ce330fd3676ba0b51d604a2aa653c680fffea5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 2 Apr 2013 10:58:13 +0200 Subject: let's use safe ids instead of the default couch ones Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe. --- users/app/models/token.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'users/app') diff --git a/users/app/models/token.rb b/users/app/models/token.rb index 9de6850..44a6dfe 100644 --- a/users/app/models/token.rb +++ b/users/app/models/token.rb @@ -6,5 +6,12 @@ class Token < CouchRest::Model::Base validates :user_id, presence: true + def initialize(*args) + super + self.id = SecureRandom.urlsafe_base64(32) + end + + design do + end end -- cgit v1.2.3 From 2bd36ec96d42f0b4585a15759f33ff7f89075dcc Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 2 Apr 2013 12:45:58 +0200 Subject: return token on successful login via api --- users/app/controllers/v1/sessions_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'users/app') diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb index 9365d76..e3459d6 100644 --- a/users/app/controllers/v1/sessions_controller.rb +++ b/users/app/controllers/v1/sessions_controller.rb @@ -23,6 +23,7 @@ module V1 def update authenticate! + @token = Token.create(:user_id => current_user.id) render :json => login_response end @@ -35,7 +36,7 @@ module V1 def login_response handshake = session.delete(:handshake) - handshake.to_hash.merge(:id => current_user.id) + handshake.to_hash.merge(:id => current_user.id, :token => @token.id) end end -- cgit v1.2.3