-
-
Save johnjohndoe/6248746 to your computer and use it in GitHub Desktop.
| class Api::RegistrationsController < Api::BaseController | |
| respond_to :json | |
| def create | |
| user = User.new(params[:user]) | |
| if user.save | |
| render json: user.as_json(auth_token: user.authentication_token, email: user.email), status: :created | |
| return | |
| else | |
| warden.custom_failure! | |
| render json: user.errors, status: :unprocessable_entity | |
| end | |
| end | |
| end |
| class Api::SessionsController < Api::BaseController | |
| before_filter :authenticate_user!, except: [:create] | |
| before_filter :ensure_user_login_param_exists, only: [:create] | |
| before_filter :ensure_email_param_exists, only: [:create] | |
| before_filter :ensure_password_param_exists, only: [:create] | |
| respond_to :json | |
| def create | |
| resource = User.find_for_database_authentication(email: params[:user_login][:email]) | |
| return invalid_login_attempt unless resource | |
| if resource.valid_password?(params[:user_login][:password]) | |
| sign_in(:user, resource) | |
| resource.ensure_authentication_token! | |
| render json: { success: true, auth_token: resource.authentication_token, email: resource.email }, status: :created | |
| return | |
| end | |
| invalid_login_attempt | |
| end | |
| def destroy | |
| current_user.reset_authentication_token | |
| render json: { success: true }, status: :ok | |
| end | |
| protected | |
| def ensure_user_login_param_exists | |
| ensure_param_exists :user_login | |
| end | |
| def ensure_email_param_exists | |
| ensure_param_exists :email | |
| end | |
| def ensure_password_param_exists | |
| ensure_param_exists :password | |
| end | |
| def ensure_param_exists(param) | |
| return unless params[param].blank? | |
| render json:{ success: false, message: "Missing #{param} parameter"}, status: :unprocessable_entity | |
| end | |
| def invalid_login_attempt | |
| render json: { success: false, message: "Error with your login or password"}, status: :unauthorized | |
| end | |
| end |
I believe is something like this:
namespace :api do
namespace :v1 do
devise_for :users, controller: { sessions: 'api/v1/sessions' }
end
end
what exactly does sign_in(:user, resource) do here? I read some other codes without this line. Essentially API just need a authentication code..what's the need for sign_in?
Maybe I'm wrong but the ensure_params it's a bit complex. As long as user_login have the email and password nested inside the hash params[:email].blank? will not pass the bf.
The ensure_params_exists have to check the second level params.
I am struggling to make this work, I think because I have omniauth and devise all working together. Now adding the API & devise is causing hard times. Any help would be really appreciated. My routes looks like this:
require 'api_constraints'
Rails.application.routes.draw do
resources :pictures
namespace :api, defaults: {format: 'json'} do
scope module: :v1, constraints: ApiConstraints.new(version: 1, default: :true) do
resources :users
resources :equipment
resources :pictures
resources :bookings
devise_for :users, controller: { sessions: 'api/v1/sessions' }
end
end
devise_for :users, path_names: {sign_in: "login", sign_out: "logout"}, :controllers => { :registrations => "user/registrations", omniauth_callbacks: "omniauth_callbacks" }
resources :equipment
resources :equipment_types
resources :users
get 'search' => 'search#search'
post 'search' => 'search#executeSearch'
get '/home' => 'pages#home'
get '/about' => 'pages#about'
get '/contact' => 'pages#contact'
root 'pages#home'
end
Maybe I'm wrong but the ensure_params it's a bit complex. As long as user_login have the email and password nested inside the hash params[:email].blank? will not pass the bf.
The ensure_params_exists have to check the second level params.
You're right, validation fails!
{
"success": false,
"message": "Missing email parameter"
}
How are the routes for that?