Skip to content

Instantly share code, notes, and snippets.

@jparbros
Created November 4, 2015 17:17
Show Gist options
  • Select an option

  • Save jparbros/ab03c2e9e80ddf0d1f8b to your computer and use it in GitHub Desktop.

Select an option

Save jparbros/ab03c2e9e80ddf0d1f8b to your computer and use it in GitHub Desktop.
simple auth token rails
class Api::BaseController < ApplicationController
before_filter :authenticate_parent
private
def authenticate_parent
authenticate_parent_from_token || render_unauthorized
end
def authenticate_parent_from_token
authenticate_with_http_token do |token, options|
@parent = Parent.find_by(email: request.headers['UID'])
sign_in(@parent) if @parent && @parent.valid_token?(token)
end
end
def render_unauthorized
self.headers['WWW-Authenticate'] = 'Token realm="Application"'
render json: {error: 'Bad credentials'}, status: 401
end
end
class Parent < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
has_many :tokens, as: :tokenable
def valid_token?(token_to_validate)
tokens.where("expired_at > ?", Time.now).map do |token|
Devise::Encryptor.compare(self.class, token.encrypted_token, token_to_validate)
end.any?
end
def create_token
token = Devise.friendly_token
if tokens.create(encrypted_token: Devise::Encryptor.digest(self.class, token), expired_at: (Time.now + 15.days))
token
else
nil
end
end
end
class Api::SessionsController < Api::BaseController
protect_from_forgery except: [:create, :destroy]
before_filter :authenticate_parent, except: :create
def create
@parent = Parent.find_by(email: params[:email])
if @parent && @parent.valid_password?(params[:password])
render json: {token: @parent.create_token}
else
self.headers['WWW-Authenticate'] = 'Token realm="Application"'
render json: {error: 'Bad credentials'}, status: 401
end
end
def destroy
current_parent.tokens.where("expired_at > ?", Time.now).map do |token|
token.update_attribute :expired_at, Time.now
end
render json: {error: 'Bad credentials'}, status: 401
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment