Last active
August 24, 2017 09:41
-
-
Save gonzalo-bulnes/9001010 to your computer and use it in GitHub Desktop.
A SimpleTokenAuthentication-compatible JSON version of Devise::SessionsController. (UPDATE: For a discussion about this gist and a better version of it, please see https://github.com/gonzalo-bulnes/simple_token_authentication/issues/48#issuecomment-42133939)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # app/controllers/sessions_controller.rb | |
| class SessionsController < Devise::SessionsController | |
| # This controller provides a JSON version of the Devise::SessionsController and | |
| # is compatible with the use of SimpleTokenAuthentication. | |
| # See https://github.com/gonzalo-bulnes/simple_token_authentication/issues/27 | |
| def create | |
| # Fetch params | |
| email = params[:session][:email] if params[:session] | |
| password = params[:session][:password] if params[:session] | |
| id = User.find_by(email: email).try(:id) if email.presence | |
| # Validations | |
| if request.format != :json | |
| render status: 406, json: { message: 'The request must be JSON.' } | |
| return | |
| end | |
| if email.nil? or password.nil? | |
| render status: 400, json: { message: 'The request MUST contain the user email and password.' } | |
| return | |
| end | |
| # Authentication | |
| user = User.find_by(email: email) | |
| if user | |
| if user.valid_password? password | |
| user.reset_authentication_token! | |
| # Note that the data which should be returned depends heavily of the API client needs. | |
| render status: 200, json: { email: user.email, authentication_token: user.authentication_token, id: id } | |
| else | |
| render status: 401, json: { message: 'Invalid email or password.' } | |
| end | |
| else | |
| render status: 401, json: { message: 'Invalid email or password.' } | |
| end | |
| end | |
| def destroy | |
| # Fetch params | |
| user = User.find_by(authentication_token: params[:user_token]) | |
| if user.nil? | |
| render status: 404, json: { message: 'Invalid token.' } | |
| else | |
| user.authentication_token = nil | |
| user.save! | |
| render status: 204, json: nil | |
| end | |
| end | |
| end |
@gonzalo-bulnes , btw thanks for SimpleToken
why is this code in the gist needed... can't you just check the current_user
PS I tried to check current user but it always return a user (whether i singed in with valid or invalid token) ?
I just write an article about how to add JSON API login based on Devise and simple token authentication. But I don't know how to test sign_out api with python code now. @gonzalo-bulnes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Gonzalo (@gonzalo-bulnes),
If we are doing all the ground work, there is nothing in Devise SessionController that is required, should this class still extend Devise SessionController.