Created
November 4, 2015 17:17
-
-
Save jparbros/ab03c2e9e80ddf0d1f8b to your computer and use it in GitHub Desktop.
simple auth token rails
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Api::BaseController < ApplicationController | |
| before_filter :authenticate_parent | |
| private | |
| def authenticate_parent | |
| authenticate_parent_from_token || render_unauthorized | |
| end | |
| def authenticate_parent_from_token | |
| authenticate_with_http_token do |token, options| | |
| @parent = Parent.find_by(email: request.headers['UID']) | |
| sign_in(@parent) if @parent && @parent.valid_token?(token) | |
| end | |
| end | |
| def render_unauthorized | |
| self.headers['WWW-Authenticate'] = 'Token realm="Application"' | |
| render json: {error: 'Bad credentials'}, status: 401 | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Parent < ActiveRecord::Base | |
| # Include default devise modules. Others available are: | |
| # :confirmable, :lockable, :timeoutable and :omniauthable | |
| devise :database_authenticatable, | |
| :recoverable, :rememberable, :trackable, :validatable | |
| has_many :tokens, as: :tokenable | |
| def valid_token?(token_to_validate) | |
| tokens.where("expired_at > ?", Time.now).map do |token| | |
| Devise::Encryptor.compare(self.class, token.encrypted_token, token_to_validate) | |
| end.any? | |
| end | |
| def create_token | |
| token = Devise.friendly_token | |
| if tokens.create(encrypted_token: Devise::Encryptor.digest(self.class, token), expired_at: (Time.now + 15.days)) | |
| token | |
| else | |
| nil | |
| end | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Api::SessionsController < Api::BaseController | |
| protect_from_forgery except: [:create, :destroy] | |
| before_filter :authenticate_parent, except: :create | |
| def create | |
| @parent = Parent.find_by(email: params[:email]) | |
| if @parent && @parent.valid_password?(params[:password]) | |
| render json: {token: @parent.create_token} | |
| else | |
| self.headers['WWW-Authenticate'] = 'Token realm="Application"' | |
| render json: {error: 'Bad credentials'}, status: 401 | |
| end | |
| end | |
| def destroy | |
| current_parent.tokens.where("expired_at > ?", Time.now).map do |token| | |
| token.update_attribute :expired_at, Time.now | |
| end | |
| render json: {error: 'Bad credentials'}, status: 401 | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment