vidpush/app/controllers/application_controller.rb

42 lines
1.3 KiB
Ruby
Raw Normal View History

2014-04-07 18:41:34 +00:00
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
2014-04-08 19:27:38 +00:00
protect_from_forgery with: :null_session
2014-04-24 19:17:23 +00:00
before_action :authenticate_user_from_token!, except: [:publish]
before_action :authenticate_user!, except: [:publish] #unless Rails.env.test?
2014-04-25 15:32:58 +00:00
def set_by_options(name, field)
what = params[field]
model = name.to_s.classify.constantize
if params[name]
object = model.find_by(field => params[name][field]) || not_found
else
object = model.find_by(field=>what) || not_found
end
end
2014-04-15 17:04:58 +00:00
private
2014-04-25 16:03:33 +00:00
def authenticate_user_from_token!
if request.headers["HTTP_AUTHORIZATION"]
authenticate_or_request_with_http_token do |token, options|
email = token.split[1].split("=")[1]
token = token.split[0]
user_email = email.presence
end
else
user_email = params[:user_email].presence
token = params[:user_token]
end
2014-04-25 16:03:33 +00:00
log_it_in(token, user_email)
end
2014-04-25 15:43:18 +00:00
2014-04-25 16:03:33 +00:00
def log_it_in(token, user_email)
user = user_email && User.find_by_email(user_email)
if user && Devise.secure_compare(user.authentication_token, token)
sign_in user, store: false
end
2014-04-15 17:04:58 +00:00
end
2014-04-07 18:41:34 +00:00
end