Module: Agilib::TokenAuthenticationHandlerMethods
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/agilib/token_authenticatable/token_authentication_handler.rb
Instance Method Summary collapse
-
#authenticate_user_from_token! ⇒ Object
For this example, we are simply using token authentication via parameters.
Instance Method Details
#authenticate_user_from_token! ⇒ Object
For this example, we are simply using token authentication via parameters. However, anyone could use Rails’s token authentication features to get the token from a header.
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/agilib/token_authenticatable/token_authentication_handler.rb', line 19 def authenticate_user_from_token! param_user_token = params[Agilib::TokenAuthenticatable.auth_params[:user_token]] param_email_token = params[Agilib::TokenAuthenticatable.auth_params[:user_email]] # Set the authentication token params if not already present, # see http://stackoverflow.com/questions/11017348/rails-api-authentication-by-headers-token if user_token = param_user_token.blank? && request.headers["X-User-Token"] param_user_token = user_token end if user_email = params[Agilib::TokenAuthenticatable.auth_params[:user_email]].blank? && request.headers["X-User-Email"] param_email_token = user_email end user_email = param_email_token.presence # See https://github.com/ryanb/cancan/blob/1.6.10/lib/cancan/controller_resource.rb#L108-L111 if User.respond_to? "find_by" user = user_email && User.find_by(email: user_email) elsif User.respond_to? "find_by_email" user = user_email && User.find_by_email(user_email) end # Notice how we use Devise.secure_compare to compare the token # in the database with the token given in the params, mitigating # timing attacks. if user && Devise.secure_compare(user.authentication_token, param_user_token) # Notice we are passing store false, so the user is not # actually stored in the session and a token is needed # for every request. If you want the token to work as a # sign in token, you can simply remove store: false. sign_in user, store: false end end |