vidpush/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :null_session
  before_action :authenticate_user_from_token!, except: [:publish]
  before_action :authenticate_user!, except: [:publish] #unless Rails.env.test?


  def set_by_options(name, field)
    what = params[field]
    model = name.to_s.classify.constantize
    if params[name]
      object =  model.find_by(field => params[name][field]) || not_found
    else
      object = model.find_by(field=>what) || not_found
    end
  end


  private
    def authenticate_user_from_token!
      if request.headers["HTTP_AUTHORIZATION"]
        authenticate_or_request_with_http_token do |token, options|
          email = token.split[1].split("=")[1]
          token = token.split[0]
          user_email = email.presence
        end
      else
        user_email = params[:user_email].presence
        token = params[:user_token]
      end
      log_it_in(token, user_email)
    end

    def log_it_in(token, user_email)
      user = user_email && User.find_by_email(user_email)
      if user && Devise.secure_compare(user.authentication_token, token)
        sign_in user, store: false
      end
    end
end