From 6ece5276fedeadfef00b556a0658792d44927d81 Mon Sep 17 00:00:00 2001 From: yasushiito Date: Fri, 10 Jul 2015 08:49:46 +0900 Subject: [PATCH] fix: token generator --- app/controllers/application_controller.rb | 10 +++++++++- app/models/user.rb | 12 +++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 14c8e8cd..634b9c38 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,6 +3,7 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :null_session, if: Proc.new {|c| c.request.format == 'application/json'} layout :devise_layout before_action :bf + before_action :authenticate_user_from_token!, if: -> {params[:email].present?} def devise_layout if devise_controller? @@ -29,7 +30,6 @@ class ApplicationController < ActionController::Base else nil end - p user author = if user user.author else @@ -53,6 +53,14 @@ class ApplicationController < ActionController::Base @operators = Operator.new [user, author, artist, admin, demand_user] end + def authenticate_user_from_token! + user = User.find_by(email: params[:email]) + if Devise.secure_compare(user.try(:authentication_token), params[:auth_token]) + sign_in user, store: false + self.bf + end + end + def authenticate_reader authenticate_user! unless @operators.reader? end diff --git a/app/models/user.rb b/app/models/user.rb index f6b0cdfc..d9872caa 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -9,9 +9,19 @@ class User < ActiveRecord::Base :omniauthable#, :confirmable def create_token - self.ensure_authentication_token + loop do + token = Devise.friendly_token + if token_suitable?(token) + self.authentication_token = token + break + end + end self.save end + + def token_suitable?(token) + !self.class.exists?(authentication_token: token) + end def delete_token self.authentication_token = nil -- 2.11.0