protect_from_forgery with: :null_session, if: Proc.new {|c| c.request.format == 'application/json'}
layout :devise_layout
before_action :bf
+ before_action :authenticate_user_from_token!, if: -> {params[:email].present?}
def devise_layout
if devise_controller?
else
nil
end
- p user
author = if user
user.author
else
@operators = Operator.new [user, author, artist, admin, demand_user]
end
+ def authenticate_user_from_token!
+ user = User.find_by(email: params[:email])
+ if Devise.secure_compare(user.try(:authentication_token), params[:auth_token])
+ sign_in user, store: false
+ self.bf
+ end
+ end
+
def authenticate_reader
authenticate_user! unless @operators.reader?
end
:omniauthable#, :confirmable
def create_token
- self.ensure_authentication_token
+ loop do
+ token = Devise.friendly_token
+ if token_suitable?(token)
+ self.authentication_token = token
+ break
+ end
+ end
self.save
end
+
+ def token_suitable?(token)
+ !self.class.exists?(authentication_token: token)
+ end
def delete_token
self.authentication_token = nil