Module: TokenAuthentication

Extended by:
ActiveSupport::Concern
Included in:
Api::AuthenticateProjectToken, Api::AuthenticateUserToken, Api::Intercept
Defined in:
app/controllers/concerns/token_authentication.rb

Overview

Methods for token authentication.

Do no add controller callbacks here, the methods need to apply to both “internal” and `/api/v<n>` routes.

Instance Method Summary collapse

Instance Method Details

#intercept_projectObject


47
48
49
50
51
52
# File 'app/controllers/concerns/token_authentication.rb', line 47

def intercept_project
  if not project_token_authenticate
    render(json: {success: false}, status: :unauthorized) && return
  end
  true
end

#intercept_userObject


20
21
22
23
24
25
# File 'app/controllers/concerns/token_authentication.rb', line 20

def intercept_user
  if not token_authenticate
    render(json: {success: false}, status: :unauthorized) && return
  end
  true
end

#intercept_user_or_projectObject


54
55
56
57
58
59
# File 'app/controllers/concerns/token_authentication.rb', line 54

def intercept_user_or_project
  if not (project_token_authenticate or token_authenticate)
    render(json: {success: false}, status: :unauthorized) && return
  end
  true
end

#project_token_authenticateObject


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# File 'app/controllers/concerns/token_authentication.rb', line 27

def project_token_authenticate
  t = params[:project_token]
  h = request.headers['Project token']

  unless t
    t = h
  end

  @sessions_current_project = Project.find_by_api_access_token(t) if t

  if @sessions_current_project
    # check for agreement between provided values
    return false if params[:project_id] && @sessions_current_project.id != params[:project_id]&.to_i
    return false if request.headers['project_id'] && @sessions_current_project.id != request.headers['project_id']&.to_i
    @sessions_current_project
  else
    false
  end
end

#token_authenticateObject


8
9
10
11
12
13
14
15
16
17
18
# File 'app/controllers/concerns/token_authentication.rb', line 8

def token_authenticate
  t = params[:token]

  unless t
    authenticate_with_http_token do |token, _options|
      t = token
    end
  end
  
  @sessions_current_user = User.find_by_api_access_token(t) if t
end