Authenticate api requests without needing a session
This commit is contained in:
committed by
Stanko K.R.
parent
073d1af862
commit
660fcff558
@@ -32,7 +32,7 @@ module Authentication
|
||||
|
||||
private
|
||||
def authenticated?
|
||||
Current.session.present?
|
||||
Current.identity.present?
|
||||
end
|
||||
|
||||
def require_account
|
||||
@@ -42,11 +42,11 @@ module Authentication
|
||||
end
|
||||
|
||||
def require_authentication
|
||||
resume_session || request_authentication
|
||||
resume_session || authenticate_by_bearer_token || request_authentication
|
||||
end
|
||||
|
||||
def resume_session
|
||||
if session = find_session_by_cookie || find_session_by_bearer_token
|
||||
if session = find_session_by_cookie
|
||||
set_current_session session
|
||||
end
|
||||
end
|
||||
@@ -55,9 +55,11 @@ module Authentication
|
||||
Session.find_signed(cookies.signed[:session_token])
|
||||
end
|
||||
|
||||
def find_session_by_bearer_token
|
||||
def authenticate_by_bearer_token
|
||||
if request_authorized_by_bearer_token?
|
||||
Identity::AccessToken.find_by(token: authorization_bearer_token)&.session
|
||||
if access_token = Identity::AccessToken.find_by(token: authorization_bearer_token)
|
||||
Current.identity = access_token.identity
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
class Current < ActiveSupport::CurrentAttributes
|
||||
attribute :session, :user, :account
|
||||
attribute :session, :user, :identity, :account
|
||||
attribute :http_method, :request_id, :user_agent, :ip_address, :referrer
|
||||
|
||||
delegate :identity, to: :session, allow_nil: true
|
||||
@@ -8,6 +8,14 @@ class Current < ActiveSupport::CurrentAttributes
|
||||
super(value)
|
||||
|
||||
if value.present? && account.present?
|
||||
self.identity = session.identity
|
||||
end
|
||||
end
|
||||
|
||||
def identity=(identity)
|
||||
super(identity)
|
||||
|
||||
if identity.present?
|
||||
self.user = identity.users.find_by(account: account)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user