Class: UserManagement::AuthenticationController

Inherits:
ApplicationController show all
Defined in:
app/controllers/user_management/authentication_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

authorized, decode_token, #encode_token, logged_in?, logged_in_user

Instance Method Details

#authenticate_locallyObject 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'app/controllers/user_management/authentication_controller.rb', line 45

def authenticate_locally
  if @user && (@user.authenticate(params[:password]) rescue false)
     token = encode_token({user_id: @user.id, kid: SETTINGS['gateway_key']})
     person = Person.find(@user.person_id)
     render json: {
                    "access_token":token,
                    "token_type":"bearer",
                    "expires_in":28800,
                    "username": @user.username,
                    "firstname": person.first_name,
                    "surname": person.surname,
                    "gender": person.sex
                  }
  else
     render json: {error: "Invalid username or password",status: 401}, status: :unauthorized
  end
end

#auto_loginObject 



63
64
65
 
# File 'app/controllers/user_management/authentication_controller.rb', line 63

def 
    render json: @user
end

#createObject 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/controllers/user_management/authentication_controller.rb', line 8

def create
    #Contact sss
    @user = User.find_by(username: params[:username])
    begin
        response = JSON.parse(RestClient.post("#{SETTINGS['sss_url']}/authenticate",{'username' => params[:username],'password' => params[:password]}.to_json, {content_type: :json, accept: :json}))
    rescue => e
        return authenticate_locally
    end
    response.symbolize_keys!
    if response[:isValid] ==  true
        if @user.blank?
          ActiveRecord::Base.transaction do
            #Remove hard coding
            person = Person.create!(first_name: (response[:first_name] || 'N/A'),surname: (response[:last_name] || 'N/A'), sex: (response[:gender] || 'N'))
            user = User.create!(username: params[:username], email: '[email protected]', person_id:person.id, password:params[:password],password_confirmation: params[:password_confirmation])
            @user = User.find_by(username: params[:username])
          end
        else
          ActiveRecord::Base.transaction do
            #Remove hard coding
            Person.find_by(person_id: @user.person_id).update(first_name: (response[:first_name] || 'N/A'),surname: (response[:last_name] || 'N'), sex: (response[:gender] || 'N'))
            @user.update!(email: '[email protected]', password:params[:password],password_confirmation: params[:password_confirmation])
          end
        end
        authenticate_locally
    elsif response[:isValid] ==  false
      if @user
        ActiveRecord::Base.connection.execute("UPDATE user set password='password',password_digest='digest' WHERE user_id = #{@user.id}") unless @user
        render json: {error: "Invalid username or password", status: 403}, status: :forbidden
      else
        authenticate_locally
      end
    elsif response['error']
      authenticate_locally
    end
end