21 lines
598 B
Ruby
21 lines
598 B
Ruby
class ApplicationController < ActionController::Base
|
|
# Prevent CSRF attacks by raising an exception.
|
|
# For APIs, you may want to use :null_session instead.
|
|
protect_from_forgery with: :null_session
|
|
before_action :authenticate_user_from_token!
|
|
before_action :authenticate_user! #unless Rails.env.test?
|
|
|
|
private
|
|
|
|
def authenticate_user_from_token!
|
|
user_email = params[:user_email].presence
|
|
user = user_email && User.find_by_email(user_email)
|
|
|
|
if user && Devise.secure_compare(user.authentication_token, params[:user_token])
|
|
sign_in user, store:false
|
|
end
|
|
end
|
|
|
|
|
|
end
|