Class: DeviseTokenAuth::SessionsController

Inherits:

ApplicationController

• Object
• DeviseController
• ApplicationController
• DeviseTokenAuth::SessionsController

Defined in:

app/controllers/devise_token_auth/sessions_controller.rb

Instance Method Summary

• #create ⇒ Object
• #destroy ⇒ Object
• #get_auth_params ⇒ Object
• #new ⇒ Object
• #resource_params ⇒ Object
• #valid_params?(key, val) ⇒ Boolean

Methods inherited from ApplicationController

#resource_class

Instance Method Details

#create ⇒ Object

# File 'app/controllers/devise_token_auth/sessions_controller.rb', line 13

def create
  # Check
  field = (resource_params.keys.map(&:to_sym) & resource_class.authentication_keys).first

  @resource = nil
  if field
    q_value = resource_params[field]

    if resource_class.case_insensitive_keys.include?(field)
      q_value.downcase!
    end

    q = "#{field.to_s} = ? AND provider='email'"

    if ActiveRecord::Base.connection.adapter_name.downcase.starts_with? 'mysql'
      q = "BINARY " + q
    end

    @resource = resource_class.where(q, q_value).first
  end

  if @resource and valid_params?(field, q_value) and @resource.valid_password?(resource_params[:password]) and (!@resource.respond_to?(:active_for_authentication?) or @resource.active_for_authentication?)
    # create client id
    @client_id = SecureRandom.urlsafe_base64(nil, false)
    @token     = SecureRandom.urlsafe_base64(nil, false)

    @resource.tokens[@client_id] = {
      token: BCrypt::Password.create(@token),
      expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i
    }
    @resource.save

    sign_in(:user, @resource, store: false, bypass: false)

    yield if block_given?

    render json: {
      data: @resource.token_validation_response
    }

  elsif @resource and not (!@resource.respond_to?(:active_for_authentication?) or @resource.active_for_authentication?)
    render json: {
      success: false,
      errors: [ I18n.t("devise_token_auth.sessions.not_confirmed", email: @resource.email) ]
    }, status: 401

  else
    render json: {
      errors: [I18n.t("devise_token_auth.sessions.bad_credentials")]
    }, status: 401
  end
end

#destroy ⇒ Object

# File 'app/controllers/devise_token_auth/sessions_controller.rb', line 66

def destroy
  # remove auth instance variables so that after_filter does not run
  user = remove_instance_variable(:@resource) if @resource
  client_id = remove_instance_variable(:@client_id) if @client_id
  remove_instance_variable(:@token) if @token

  if user and client_id and user.tokens[client_id]
    user.tokens.delete(client_id)
    user.save!

    yield if block_given?

    render json: {
      success:true
    }, status: 200

  else
    render json: {
      errors: [I18n.t("devise_token_auth.sessions.user_not_found")]
    }, status: 404
  end
end

#get_auth_params ⇒ Object

# File 'app/controllers/devise_token_auth/sessions_controller.rb', line 97

def get_auth_params
  auth_key = nil
  auth_val = nil

  # iterate thru allowed auth keys, use first found
  resource_class.authentication_keys.each do |k|
    if resource_params[k]
      auth_val = resource_params[k]
      auth_key = k
      break
    end
  end

  # honor devise configuration for case_insensitive_keys
  if resource_class.case_insensitive_keys.include?(auth_key)
    auth_val.downcase!
  end

  return {
    key: auth_key,
    val: auth_val
  }
end

#new ⇒ Object

# File 'app/controllers/devise_token_auth/sessions_controller.rb', line 7

def new
  render json: {
    errors: [ I18n.t("devise_token_auth.sessions.not_supported")]
  }, status: 405
end

#resource_params ⇒ Object

# File 'app/controllers/devise_token_auth/sessions_controller.rb', line 93

def resource_params
  params.permit(devise_parameter_sanitizer.for(:sign_in))
end

#valid_params?(key, val) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/devise_token_auth/sessions_controller.rb', line 89

def valid_params?(key, val)
  resource_params[:password] && key && val
end