diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb index 5dc3fb866..398f71b03 100644 --- a/app/controllers/concerns/authentication.rb +++ b/app/controllers/concerns/authentication.rb @@ -56,15 +56,9 @@ module Authentication end def authenticate_by_bearer_token - authorization_scheme, bearer_token = request.authorization.to_s.split(" ", 2) - - if authorization_scheme == "Bearer" && bearer_token.present? - access_token = Identity::AccessToken.find_by(token: bearer_token) - - if access_token && access_token.allows?(request.method) - Current.identity = access_token.identity - else - head :unauthorized + authenticate_or_request_with_http_token do |token| + if identity = Identity.find_by_permissable_access_token(token, method: request.method) + Current.identity = identity end end end diff --git a/app/models/identity.rb b/app/models/identity.rb index 43466bd30..7495e37c3 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -14,8 +14,10 @@ class Identity < ApplicationRecord validates :email_address, format: { with: URI::MailTo::EMAIL_REGEXP } normalizes :email_address, with: ->(value) { value.strip.downcase.presence } - def self.find_by_access_token(token) - AccessToken.find_by(token: token)&.identity + def self.find_by_permissable_access_token(token, method:) + if (access_token = AccessToken.find_by(token: token)) && access_token.allows?(method) + access_token.identity + end end def send_magic_link(**attributes)