2014-04-07 18:41:34 +00:00
|
|
|
class ApplicationController < ActionController::Base
|
|
|
|
|
# Prevent CSRF attacks by raising an exception.
|
|
|
|
|
# For APIs, you may want to use :null_session instead.
|
2014-04-08 19:27:38 +00:00
|
|
|
protect_from_forgery with: :null_session
|
2014-04-24 19:17:23 +00:00
|
|
|
before_action :authenticate_user_from_token!, except: [:publish]
|
|
|
|
|
before_action :authenticate_user!, except: [:publish] #unless Rails.env.test?
|
2014-04-14 18:41:53 +00:00
|
|
|
|
2014-04-15 17:04:58 +00:00
|
|
|
private
|
|
|
|
|
|
2014-04-15 20:59:07 +00:00
|
|
|
|
2014-04-15 17:04:58 +00:00
|
|
|
def authenticate_user_from_token!
|
2014-04-15 20:59:07 +00:00
|
|
|
if request.headers["HTTP_AUTHORIZATION"]
|
|
|
|
|
authenticate_or_request_with_http_token do |token, options|
|
|
|
|
|
email = token.split[1].split("=")[1]
|
|
|
|
|
token = token.split[0]
|
|
|
|
|
user_email = email.presence
|
2014-04-15 17:04:58 +00:00
|
|
|
|
2014-04-15 20:59:07 +00:00
|
|
|
user = user_email && User.find_by_email(user_email)
|
|
|
|
|
if user && Devise.secure_compare(user.authentication_token, token)
|
|
|
|
|
sign_in user, store:false
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
else
|
|
|
|
|
user_email = params[:user_email].presence
|
|
|
|
|
token = params[:user_token]
|
|
|
|
|
user = user_email && User.find_by_email(user_email)
|
|
|
|
|
if user && Devise.secure_compare(user.authentication_token, token)
|
|
|
|
|
sign_in user, store:false
|
|
|
|
|
end
|
2014-04-15 17:04:58 +00:00
|
|
|
end
|
|
|
|
|
end
|
2014-04-07 18:41:34 +00:00
|
|
|
end
|
