bterkuile/mozo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor security system

Browse Source
This commit is contained in:
Benjamin ter Kuile
2012-12-11 11:27:41 +01:00
parent f19044ae6a
commit 009b84f7cd
10 changed files with 151 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/user_controller.rb
+14 -6
View File
@@ -1,6 +1,6 @@
class UserController < ApplicationController
before_filter :allow_mobile
before_filter :user_authentication #, except: :obtain_token
before_filter :user_authentication, except: :obtain_token
layout 'phone'
def user_authentication
@@ -19,12 +19,20 @@ class UserController < ApplicationController
end
end
def authenticate_user_wrapper!
authenticate_user! unless request.format.html?
authenticate_user! if params[:action] == 'obtain_token'
end
def obtain_token
respond_to do |format|
format.html
format.json do
render json: json_response(ok: false, status: 401) and return unless params[:user].present? && params[:user][:email].present? && params[:user][:password].present?
user = User.find_by_email(params[:user][:email])
render json: json_response(ok: false, status: 401) and return unless user
render json: json_response(ok: false, status: 401) and return unless user.valid_password?(params[:user][:password])
user.ensure_authentication_token
sign_in user
render json: json_response(ok: true, auth_token: user.authentication_token, user_id: user.id)
end
end
end
alias :list :active_list