From: yasushiito Date: Thu, 9 Jul 2015 23:49:46 +0000 (+0900) Subject: fix: token generator X-Git-Url: http://git.osdn.net/view?p=pettanr%2Fpettanr.git;a=commitdiff_plain;h=6ece5276fedeadfef00b556a0658792d44927d81 fix: token generator --- diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 14c8e8cd..634b9c38 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,6 +3,7 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :null_session, if: Proc.new {|c| c.request.format == 'application/json'} layout :devise_layout before_action :bf + before_action :authenticate_user_from_token!, if: -> {params[:email].present?} def devise_layout if devise_controller? @@ -29,7 +30,6 @@ class ApplicationController < ActionController::Base else nil end - p user author = if user user.author else @@ -53,6 +53,14 @@ class ApplicationController < ActionController::Base @operators = Operator.new [user, author, artist, admin, demand_user] end + def authenticate_user_from_token! + user = User.find_by(email: params[:email]) + if Devise.secure_compare(user.try(:authentication_token), params[:auth_token]) + sign_in user, store: false + self.bf + end + end + def authenticate_reader authenticate_user! unless @operators.reader? end diff --git a/app/models/user.rb b/app/models/user.rb index f6b0cdfc..d9872caa 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -9,9 +9,19 @@ class User < ActiveRecord::Base :omniauthable#, :confirmable def create_token - self.ensure_authentication_token + loop do + token = Devise.friendly_token + if token_suitable?(token) + self.authentication_token = token + break + end + end self.save end + + def token_suitable?(token) + !self.class.exists?(authentication_token: token) + end def delete_token self.authentication_token = nil