2014-04-07 18:41:34 +00:00
|
|
|
class ApplicationController < ActionController::Base
|
|
|
|
# Prevent CSRF attacks by raising an exception.
|
|
|
|
# For APIs, you may want to use :null_session instead.
|
2014-04-08 19:27:38 +00:00
|
|
|
protect_from_forgery with: :null_session
|
2014-04-15 17:04:58 +00:00
|
|
|
before_action :authenticate_user_from_token!
|
2014-04-14 18:41:53 +00:00
|
|
|
before_action :authenticate_user! #unless Rails.env.test?
|
|
|
|
|
2014-04-15 17:04:58 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
def authenticate_user_from_token!
|
2014-04-15 17:19:30 +00:00
|
|
|
user_email = params[:user_email].presence
|
|
|
|
user = user_email && User.find_by_email(user_email)
|
2014-04-15 17:04:58 +00:00
|
|
|
|
2014-04-15 17:19:30 +00:00
|
|
|
if user && Devise.secure_compare(user.authentication_token, params[:user_token])
|
|
|
|
sign_in user, store:false
|
2014-04-15 17:04:58 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
2014-04-07 18:41:34 +00:00
|
|
|
end
|