Authenticate api requests without needing a session

This commit is contained in:
David Heinemeier Hansson
2025-12-02 12:15:34 +01:00
committed by Stanko K.R.
parent 073d1af862
commit 660fcff558
2 changed files with 16 additions and 6 deletions
+7 -5
View File
@@ -32,7 +32,7 @@ module Authentication
private
def authenticated?
Current.session.present?
Current.identity.present?
end
def require_account
@@ -42,11 +42,11 @@ module Authentication
end
def require_authentication
resume_session || request_authentication
resume_session || authenticate_by_bearer_token || request_authentication
end
def resume_session
if session = find_session_by_cookie || find_session_by_bearer_token
if session = find_session_by_cookie
set_current_session session
end
end
@@ -55,9 +55,11 @@ module Authentication
Session.find_signed(cookies.signed[:session_token])
end
def find_session_by_bearer_token
def authenticate_by_bearer_token
if request_authorized_by_bearer_token?
Identity::AccessToken.find_by(token: authorization_bearer_token)&.session
if access_token = Identity::AccessToken.find_by(token: authorization_bearer_token)
Current.identity = access_token.identity
end
end
end
+9 -1
View File
@@ -1,5 +1,5 @@
class Current < ActiveSupport::CurrentAttributes
attribute :session, :user, :account
attribute :session, :user, :identity, :account
attribute :http_method, :request_id, :user_agent, :ip_address, :referrer
delegate :identity, to: :session, allow_nil: true
@@ -8,6 +8,14 @@ class Current < ActiveSupport::CurrentAttributes
super(value)
if value.present? && account.present?
self.identity = session.identity
end
end
def identity=(identity)
super(identity)
if identity.present?
self.user = identity.users.find_by(account: account)
end
end