model_driven_api 2.3.17 → 2.4.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3acd8a7365111aab30d8ff8d2b99b42205e30d379c8a3e1d4ed67afed159058c
|
|
4
|
+
data.tar.gz: 73d6cca889e4bf7aa08816567e52f274576f1e67cefb1e233c3f2e820c389086
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4cc64b956182b5dbfcc7c0778c18da6e94b5f52525868595f4a8fdfd2c1bc3149b4d9b667ba89d21549ae7668d4251c95e0b57bbfe6a6b71319fc0de06793749
|
|
7
|
+
data.tar.gz: 4d175e1264cc0db245fe67e80bee381dcf05ee1402ee3ce6c42717a6db8abe852294b6608c2a10f4569a31c2337695ae5038760b661a9d3078748cbf1e7fceb6
|
|
@@ -23,7 +23,7 @@ class AuthenticateUser
|
|
|
23
23
|
# Since this is a new login and I don't care from where it comes, new logins always
|
|
24
24
|
# Invalidate older tokens
|
|
25
25
|
UsedToken.where(user_id: api_user.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
|
|
26
|
-
return result
|
|
26
|
+
return {jwt: result, user: current_u}
|
|
27
27
|
end
|
|
28
28
|
nil
|
|
29
29
|
end
|
|
@@ -84,7 +84,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
84
84
|
return render json: result, status: 200 if status == true
|
|
85
85
|
|
|
86
86
|
# Normal Update Action
|
|
87
|
-
|
|
87
|
+
# Raisl 6 vs Rails 6.1
|
|
88
|
+
@record.respond_to?('update_attributes!') ? @record.update_attributes!(@body) : @record.update!(@body)
|
|
88
89
|
render json: @record.to_json(json_attrs), status: 200
|
|
89
90
|
end
|
|
90
91
|
|
|
@@ -5,8 +5,9 @@ class Api::V2::AuthenticationController < ActionController::API
|
|
|
5
5
|
command = !params[:atoken].blank? && User.column_names.include?("access_token") ? AuthenticateUser.call(access_token: params[:atoken]) : AuthenticateUser.call(email: params[:auth][:email], password: params[:auth][:password])
|
|
6
6
|
|
|
7
7
|
if command.success?
|
|
8
|
-
response.headers['Token'] = command.result
|
|
9
|
-
head :ok
|
|
8
|
+
response.headers['Token'] = command.result[:jwt]
|
|
9
|
+
# head :ok
|
|
10
|
+
render json: command.result[:user].to_json(User.json_attrs), status: 200
|
|
10
11
|
end
|
|
11
12
|
end
|
|
12
13
|
end
|
data/lib/json_web_token.rb
CHANGED
|
@@ -3,13 +3,14 @@ class JsonWebToken
|
|
|
3
3
|
def encode(payload, expiry = 15.minutes.from_now.to_i)
|
|
4
4
|
result = ::JWT.encode(payload.merge(exp: expiry), ::Rails.application.credentials.dig(:secret_key_base).presence||ENV["SECRET_KEY_BASE"])
|
|
5
5
|
# Store the created token into the DB for later checks if is invalid
|
|
6
|
-
|
|
6
|
+
# In a public environment management, without login, it has no interest, so I don't pollute the DB
|
|
7
|
+
UsedToken.find_or_create_by(token: result, user_id: payload[:user_id]) if ENV["ALLOW_MULTISESSIONS"] == "false"
|
|
7
8
|
result
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
def decode(token)
|
|
11
12
|
# Check if the passed token is present and valid into the UsedToken
|
|
12
|
-
raise "Token is invalidated by new login" unless UsedToken.exists?(token: token, is_valid: true)
|
|
13
|
+
raise "Token is invalidated by new login" unless UsedToken.exists?(token: token, is_valid: true) if ENV["ALLOW_MULTISESSIONS"] == "false"
|
|
13
14
|
body = ::JWT.decode(token, ::Rails.application.credentials.dig(:secret_key_base).presence||ENV["SECRET_KEY_BASE"])[0]
|
|
14
15
|
::HashWithIndifferentAccess.new body
|
|
15
16
|
rescue
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: model_driven_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thecore_backend_commons
|