Module: Concerns::AuthApi

Extended by:

ActiveSupport::Concern

Included in:

Api::V1::BaseController

Defined in:

app/controllers/concerns/auth_api.rb

Overview

Controller concern for authentication methods

Split off from main ApplicationController to allow e.g. Doorkeeper to use it too.

Instance Method Summary

• #authenticate ⇒ Object protected
• #current_user ⇒ User protected

  Current user, or nil if no valid token.

• #doorkeeper_authorize!(*scopes) ⇒ Object protected

Instance Method Details

#authenticate ⇒ Object (protected)

# File 'app/controllers/concerns/auth_api.rb', line 10

def authenticate
  # authenticate does not look at scopes, we just want to know if there's a valid token
  # @see https://github.com/doorkeeper-gem/doorkeeper/blob/v5.0.1/lib/doorkeeper/models/access_token_mixin.rb#L218
  doorkeeper_render_error unless doorkeeper_token && doorkeeper_token.accessible?
  super if current_user
end

#current_user ⇒ User (protected)

Returns Current user, or nil if no valid token.

Returns:

• (User) —

  Current user, or nil if no valid token.

# File 'app/controllers/concerns/auth_api.rb', line 18

def current_user
  @current_user ||= User.undeleted.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
end

#doorkeeper_authorize!(*scopes) ⇒ Object (protected)

# File 'app/controllers/concerns/auth_api.rb', line 22

def doorkeeper_authorize!(*scopes)
  super(*scopes)
  # In addition to Doorkeeper's authorization and scope check, we also verify
  # that the user has permissions for the scope (through its workgroups).
  # Unless no scopes were supplied, which means we only want to make sure there
  # is a valid user.
  #
  # If Doorkeeper's +handle_auth_errors+ is set to +:raise+, we don't get here,
  # but otherwise we need to check whether +super+ rendered an error.
  doorkeeper_authorize_roles!(*scopes) if scopes.present? && !performed?
end