-
-
Save randika/6621345 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Session controller provides a token | |
| #/controllers/api/sessions_controller.rb | |
| class Api::SessionsController < Devise::SessionsController | |
| before_filter :authenticate_user!, :except => [:create] | |
| before_filter :ensure_params_exist, :except => [:destroy] | |
| respond_to :json | |
| def create | |
| resource = User.find_for_database_authentication(:email => params[:user_login][:email]) | |
| return invalid_login_attempt unless resource | |
| if resource.valid_password?(params[:user_login][:password]) | |
| sign_in(:user, resource) | |
| resource.ensure_authentication_token! | |
| render :json=> {:auth_token=>resource.authentication_token, :email=>resource.email}, :status => :ok | |
| return | |
| end | |
| invalid_login_attempt | |
| end | |
| def destroy | |
| resource = User.find_by_authentication_token(params[:auth_token]||request.headers["X-AUTH-TOKEN"]) | |
| resource.authentication_token = nil | |
| resource.save | |
| sign_out(resource_name) | |
| render :json => {}.to_json, :status => :ok | |
| end | |
| protected | |
| def ensure_params_exist | |
| return unless params[:user_login].blank? | |
| render :json=>{:message=>"missing user_login parameter"}, :status=>422 | |
| end | |
| def invalid_login_attempt | |
| render :json=> {:message=>"Error with your login or password"}, :status=>401 | |
| end | |
| end | |
| #Base controller which inherited by every api controller | |
| #/controllers/api/base_controller.rb | |
| class Api::BaseController < InheritedResources::Base | |
| before_filter :authenticate_user! | |
| prepend_before_filter :get_auth_token | |
| respond_to :xml, :json | |
| private | |
| def get_auth_token | |
| if auth_token = params[:auth_token].blank? && request.headers["X-AUTH-TOKEN"] | |
| params[:auth_token] = auth_token | |
| end | |
| end | |
| end | |
| #Your resources controllers | |
| #/controllers/api/v1/products_controller.rb | |
| module Api | |
| module V1 | |
| class ProductsController < Api::BaseController | |
| end | |
| end | |
| end | |
| #Routes | |
| namespace :api, :defaults => {:format => 'json'} do | |
| devise_for :users | |
| namespace :v1 do | |
| resources :products | |
| end | |
| end | |
| #*** How to get a token: well, you have to provide email and password *** | |
| #with curl | |
| curl -d "user_login[email][email protected]&user_login[password]=yourpassword" http://localhost:3001/api/users/sign_in --noproxy localhost | |
| {"email":"[email protected]","success":true,"auth_token":"G3xbSrS4uqLU484eUw9h"} | |
| #with HTTPClient | |
| clnt = HTTPClient.new | |
| res = clnt.post("http://localhost:3001/api/users/sign_in", {"user_login[email]" => "[email protected]", "user_login[password]" => "yourpassword"}) | |
| auth_token = JSON(res.body)["auth_token"] | |
| => "G3xbSrS4uqLU484eUw9h" | |
| #*** How to get data using the token *** | |
| #with curl | |
| curl -H "X-AUTH-TOKEN: G3xbSrS4uqLU484eUw9h" http://localhost:3001/api/v1/products/1 --noproxy localhost --get | |
| #with HTTPClient gem | |
| clnt = HTTPClient.new | |
| clnt.get("http://localhost:3001/api/v1/products/1", nil, {"X-AUTH-TOKEN" => "G3xbSrS4uqLU484eUw9h"}).content | |
| #*** At the end, remove the access token *** | |
| #with curl | |
| curl -X DELETE -H "X-AUTH-TOKEN: G3xbSrS4uqLU484eUw9h" http://localhost:3001/api/users/sign_out | |
| #with HTTPClient gem | |
| clnt.delete("http://localhost:3001/api/users/sign_out", {"X-AUTH-TOKEN" => "G3xbSrS4uqLU484eUw9h"}) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment