opro 0.4.3 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.travis.yml +15 -1
- data/CHANGELOG.md +10 -2
- data/Gemfile +25 -7
- data/README.md +96 -58
- data/VERSION +1 -1
- data/app/controllers/opro/oauth/auth_controller.rb +19 -25
- data/app/controllers/opro/oauth/client_app_controller.rb +4 -4
- data/app/controllers/opro/oauth/tests_controller.rb +12 -23
- data/app/controllers/opro/oauth/token_controller.rb +29 -22
- data/app/models/opro/oauth/auth_grant.rb +25 -11
- data/app/models/opro/oauth/client_app.rb +11 -2
- data/app/views/opro/oauth/auth/new.html.erb +1 -1
- data/app/views/opro/oauth/docs/index.html.erb +1 -1
- data/app/views/opro/oauth/docs/markdown/curl.md.erb +5 -3
- data/app/views/opro/oauth/docs/markdown/permissions.md.erb +1 -1
- data/app/views/opro/oauth/docs/markdown/quick_start.md.erb +9 -5
- data/app/views/opro/oauth/docs/markdown/refresh_tokens.md.erb +1 -1
- data/lib/opro.rb +22 -22
- data/lib/opro/auth_provider/devise.rb +37 -0
- data/lib/opro/controllers/concerns/rate_limits.rb +1 -2
- data/lib/opro/rails/routes.rb +3 -3
- data/opro.gemspec +10 -16
- data/test/controllers/permissions_test.rb +2 -2
- data/test/dummy/app/models/user.rb +3 -1
- data/test/dummy/config/initializers/devise.rb +1 -1
- data/test/integration/action_dispatch/oauth_flow_test.rb +1 -1
- data/test/integration/action_dispatch/rate_limits_test.rb +1 -1
- data/test/test_helper.rb +12 -3
- metadata +78 -45
- data/Gemfile.lock +0 -156
@@ -7,19 +7,19 @@ class Opro::Oauth::ClientAppController < OproController
|
|
7
7
|
|
8
8
|
# Show all client applications belonging to the current user
|
9
9
|
def index
|
10
|
-
@client_apps = Opro::Oauth::ClientApp.where(:
|
10
|
+
@client_apps = Opro::Oauth::ClientApp.where(user_id: current_user.id)
|
11
11
|
end
|
12
12
|
|
13
13
|
def show
|
14
|
-
@client_app = Opro::Oauth::ClientApp.where(:
|
14
|
+
@client_app = Opro::Oauth::ClientApp.where(id: params[:id], user_id: current_user.id).first
|
15
15
|
end
|
16
16
|
|
17
17
|
def edit
|
18
|
-
@client_app = Opro::Oauth::ClientApp.where(:
|
18
|
+
@client_app = Opro::Oauth::ClientApp.where(id: params[:id], user_id: current_user.id).first
|
19
19
|
end
|
20
20
|
|
21
21
|
def update
|
22
|
-
@client_app = Opro::Oauth::ClientApp.where(:
|
22
|
+
@client_app = Opro::Oauth::ClientApp.where(id: params[:id], user_id: current_user.id).first
|
23
23
|
@client_app.name = params[:opro_oauth_client_app][:name]
|
24
24
|
if @client_app.save
|
25
25
|
redirect_to oauth_client_app_path(@client_app)
|
@@ -8,38 +8,29 @@ class Opro::Oauth::TestsController < OproController
|
|
8
8
|
|
9
9
|
def show
|
10
10
|
result = oauth_result(params)
|
11
|
-
|
12
|
-
format.html do
|
13
|
-
render :text => result.to_json, :status => result[:status], :layout => true
|
14
|
-
end
|
15
|
-
format.json do
|
16
|
-
render :json => result, :status => result[:status]
|
17
|
-
end
|
18
|
-
end
|
11
|
+
render_result(result)
|
19
12
|
end
|
20
13
|
|
21
14
|
def create
|
22
15
|
result = oauth_result(params)
|
23
|
-
|
24
|
-
format.html do
|
25
|
-
render :text => result.to_json, :status => result[:status], :layout => true
|
26
|
-
end
|
27
|
-
format.json do
|
28
|
-
render :json => result, :status => result[:status]
|
29
|
-
end
|
30
|
-
end
|
16
|
+
render_result(result)
|
31
17
|
end
|
32
18
|
|
33
19
|
def destroy
|
34
20
|
result = if valid_oauth?
|
35
|
-
{:
|
21
|
+
{status: 200, message: 'OH NO!!! OAuth is disabled on this action; this is bad', params: params}
|
36
22
|
else
|
37
|
-
{:
|
23
|
+
{status: :unauthorized, message: "OAuth is disabled on this action; this is the correct result!", params: params}
|
38
24
|
end
|
25
|
+
render_result(result)
|
26
|
+
end
|
39
27
|
|
28
|
+
private
|
29
|
+
|
30
|
+
def render_result(result)
|
40
31
|
respond_to do |format|
|
41
32
|
format.html do
|
42
|
-
render :text => result.to_json,
|
33
|
+
render :text => result.to_json, :status => result[:status], :layout => true
|
43
34
|
end
|
44
35
|
format.json do
|
45
36
|
render :json => result, :status => result[:status]
|
@@ -47,13 +38,11 @@ class Opro::Oauth::TestsController < OproController
|
|
47
38
|
end
|
48
39
|
end
|
49
40
|
|
50
|
-
private
|
51
|
-
|
52
41
|
def oauth_result(options)
|
53
42
|
if valid_oauth?
|
54
|
-
{:
|
43
|
+
{status: 200, message: 'OAuth worked!', params: options, user_id: oauth_user.id }
|
55
44
|
else
|
56
|
-
{:
|
45
|
+
{status: :unauthorized, message: "OAuth did not work :( #{generate_oauth_error_message!}", params: params}
|
57
46
|
end
|
58
47
|
end
|
59
48
|
end
|
@@ -9,42 +9,49 @@ class Opro::Oauth::TokenController < OproController
|
|
9
9
|
def create
|
10
10
|
# Find the client application
|
11
11
|
application = Opro::Oauth::ClientApp.authenticate(params[:client_id], params[:client_secret])
|
12
|
-
|
13
|
-
|
14
|
-
|
12
|
+
auth_grant = auth_grant_for(application, params)
|
13
|
+
|
14
|
+
if auth_grant.present?
|
15
|
+
auth_grant.refresh!
|
16
|
+
render :json => { access_token: auth_grant.access_token,
|
17
|
+
# http://tools.ietf.org/html/rfc6749#section-5.1
|
18
|
+
token_type: Opro.token_type || 'bearer',
|
19
|
+
refresh_token: auth_grant.refresh_token,
|
20
|
+
expires_in: auth_grant.expires_in }
|
21
|
+
else
|
22
|
+
render_error debug_msg(params, application)
|
15
23
|
end
|
24
|
+
end
|
16
25
|
|
26
|
+
private
|
27
|
+
|
28
|
+
def auth_grant_for(application, params)
|
17
29
|
if params[:code]
|
18
|
-
|
30
|
+
Opro::Oauth::AuthGrant.find_by_code_app(params[:code], application)
|
19
31
|
elsif params[:refresh_token]
|
20
|
-
|
32
|
+
Opro::Oauth::AuthGrant.find_by_refresh_app(params[:refresh_token], application)
|
21
33
|
elsif params[:password].present? || params[:grant_type] == "password"|| params[:grant_type] == "bearer"
|
22
|
-
|
23
|
-
|
34
|
+
return false unless Opro.password_exchange_enabled?
|
35
|
+
return false unless oauth_valid_password_auth?(params[:client_id], params[:client_secret])
|
36
|
+
user = ::Opro.find_user_for_all_auths!(self, params)
|
37
|
+
return false unless user.present?
|
38
|
+
auth_grant = Opro::Oauth::AuthGrant.find_or_create_by_user_app(user, application)
|
39
|
+
auth_grant.update_permissions if auth_grant.present?
|
40
|
+
auth_grant
|
24
41
|
end
|
25
|
-
|
26
|
-
if auth_grant.blank?
|
27
|
-
render :json => {:error => debug_error_msg(params) }, :status => :unauthorized and return
|
28
|
-
end
|
29
|
-
|
30
|
-
auth_grant.refresh!
|
31
|
-
render :json => { :access_token => auth_grant.access_token,
|
32
|
-
:refresh_token => auth_grant.refresh_token,
|
33
|
-
:expires_in => auth_grant.expires_in }
|
34
42
|
end
|
35
43
|
|
36
|
-
|
37
|
-
|
38
|
-
def debug_error_msg(options)
|
44
|
+
def debug_msg(options, app)
|
39
45
|
msg = "Could not find a user that belongs to this application"
|
46
|
+
msg << " based on client_id=#{options[:client_id]} and client_secret=#{options[:client_secret]}" if app.blank?
|
40
47
|
msg << " & has a refresh_token=#{options[:refresh_token]}" if options[:refresh_token]
|
41
48
|
msg << " & has been granted a code=#{options[:code]}" if options[:code]
|
42
49
|
msg << " using username and password" if options[:password]
|
43
50
|
msg
|
44
51
|
end
|
45
52
|
|
46
|
-
def
|
47
|
-
|
53
|
+
def render_error(msg)
|
54
|
+
render :json => {:error => msg }, :status => :unauthorized
|
48
55
|
end
|
49
56
|
|
50
|
-
end
|
57
|
+
end
|
@@ -18,7 +18,7 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
|
|
18
18
|
|
19
19
|
serialize :permissions, Hash
|
20
20
|
|
21
|
-
attr_accessible :code, :access_token, :refresh_token, :access_token_expires_at, :permissions, :user_id, :user, :application_id, :application
|
21
|
+
# attr_accessible :code, :access_token, :refresh_token, :access_token_expires_at, :permissions, :user_id, :user, :application_id, :application
|
22
22
|
|
23
23
|
def can?(value)
|
24
24
|
HashWithIndifferentAccess.new(permissions)[value]
|
@@ -47,20 +47,34 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
|
|
47
47
|
find_app_for_token.try(:user)
|
48
48
|
end
|
49
49
|
|
50
|
-
def self.
|
51
|
-
|
50
|
+
def self.find_by_code_app(code, app)
|
51
|
+
app_id = app.is_a?(Integer) ? app : app.id
|
52
|
+
auth_grant = self.where("code = ? AND application_id = ?", code, app_id).first
|
52
53
|
end
|
53
54
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
auth_grant ||= self.create(:user_id => user.id, :application_id => applicaiton_id)
|
59
|
-
auth_grant.update_attributes(:permissions => permissions_hash)
|
60
|
-
auth_grant
|
55
|
+
# turns array of permissions into a hash
|
56
|
+
# [:write, :read] => {write: true, read: true}
|
57
|
+
def default_permissions
|
58
|
+
::Opro.request_permissions.each_with_object({}) {|element, hash| hash[element] = true }
|
61
59
|
end
|
62
60
|
|
63
|
-
def self.
|
61
|
+
def self.find_or_create_by_user_app(user, app)
|
62
|
+
app_id = app.is_a?(Integer) ? app : app.id
|
63
|
+
auth_grant = self.where(:user_id => user.id, :application_id => app_id).first
|
64
|
+
auth_grant ||= begin
|
65
|
+
auth_grant = self.new
|
66
|
+
auth_grant.user_id = user.id
|
67
|
+
auth_grant.application_id = app_id
|
68
|
+
auth_grant.save
|
69
|
+
auth_grant
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def update_permissions(permissions = default_permissions)
|
74
|
+
self.permissions = permissions and save if self.permissions != permissions
|
75
|
+
end
|
76
|
+
|
77
|
+
def self.find_by_refresh_app(refresh_token, application_id)
|
64
78
|
self.where("refresh_token = ? AND application_id = ?", refresh_token, application_id).first
|
65
79
|
end
|
66
80
|
|
@@ -12,15 +12,24 @@ class Opro::Oauth::ClientApp < ActiveRecord::Base
|
|
12
12
|
|
13
13
|
serialize :permissions, Hash
|
14
14
|
|
15
|
-
attr_accessible :user, :name, :app_id, :client_secret, :app_secret, :secret
|
15
|
+
# attr_accessible :user, :name, :app_id, :client_secret, :app_secret, :secret
|
16
16
|
|
17
|
+
def self.find_by_client_id(client_id)
|
18
|
+
where(app_id: client_id).first
|
19
|
+
end
|
17
20
|
|
18
21
|
def self.authenticate(app_id, app_secret)
|
19
22
|
where(["app_id = ? AND app_secret = ?", app_id, app_secret]).first
|
20
23
|
end
|
21
24
|
|
22
25
|
def self.create_with_user_and_name(user, name)
|
23
|
-
|
26
|
+
client_app = self.new
|
27
|
+
client_app.user = user
|
28
|
+
client_app.name = name
|
29
|
+
client_app.app_id = generate_unique_app_id
|
30
|
+
client_app.app_secret = SecureRandom.hex(16)
|
31
|
+
client_app.save
|
32
|
+
client_app
|
24
33
|
end
|
25
34
|
|
26
35
|
def self.generate_unique_app_id(app_id = SecureRandom.hex(16))
|
@@ -20,7 +20,7 @@
|
|
20
20
|
<% end %>
|
21
21
|
</ul>
|
22
22
|
|
23
|
-
<%= f.submit 'Authorize This Application', :id => 'oauthAuthorize' %>
|
23
|
+
<%= f.submit 'Authorize This Application', :id => 'oauthAuthorize', :class => 'btn btn-primary' %>
|
24
24
|
<%- end -%>
|
25
25
|
|
26
26
|
<%= button_to 'Decline this Request', request.referrer||'/', :id => 'oauthNoAuthorize' %>
|
@@ -5,8 +5,8 @@
|
|
5
5
|
<h2>Quick Links</h2>
|
6
6
|
<ul>
|
7
7
|
<li><%= link_to 'Quick Start', oauth_doc_path(:quick_start) %></li>
|
8
|
-
<li><%= link_to 'Curl', oauth_doc_path(:curl) %></li>
|
9
8
|
<li><%= link_to 'OAuth', oauth_doc_path(:oauth) %></li>
|
9
|
+
<li><%= link_to 'Curl', oauth_doc_path(:curl) %></li>
|
10
10
|
|
11
11
|
<% if ::Opro.request_permissions.present? %>
|
12
12
|
<li><%= link_to 'Permisions', oauth_doc_path(:permissions) %></li>
|
@@ -6,9 +6,6 @@
|
|
6
6
|
|
7
7
|
With curl, we're able to arbitrarily add parameters to our requests and send using arbitrary HTTP verbs (GET/POST/DELETE) that are difficult to simulate in the browser. If you need to `POST` data to a url, doing so with curl is much easier than constructing a form for testing.
|
8
8
|
|
9
|
-
# Hurl
|
10
|
-
|
11
|
-
[Hurl](http://hurl.it/) is an open source browser-based `curl` implementation. If you're going to do quite a few curl requests, using it can be easier than the command line.
|
12
9
|
|
13
10
|
## How do I use it?
|
14
11
|
|
@@ -26,6 +23,9 @@ You can get the entire contents of a web document by simply calling curl with th
|
|
26
23
|
You can ask for the headers of a request by adding the `-I` flag to a curl command:
|
27
24
|
|
28
25
|
$ curl https://www.google.com -I
|
26
|
+
|
27
|
+
The response may look something like this:
|
28
|
+
|
29
29
|
HTTP/1.1 200 OK
|
30
30
|
Expires: -1
|
31
31
|
Cache-Control: private, max-age=0
|
@@ -48,4 +48,6 @@ You can specify the type of request you make in curl (GET, POST, PUT, DELETE, et
|
|
48
48
|
|
49
49
|
$ curl -X POST <%= root_url %>products
|
50
50
|
|
51
|
+
# Hurl
|
51
52
|
|
53
|
+
[Hurl](http://hurl.it/) is an open source browser-based `curl` implementation. If you're going to do quite a few curl requests, using it can be easier than the command line.
|
@@ -19,7 +19,7 @@ To perform any type of request other than a [GET](http://en.wikipedia.org/wiki/H
|
|
19
19
|
As a client application, you can request specific scopes while you are authorizing a user. If no scope is specified, all permissions will be requested. This is an example of an application with client id of `3234myClientId5678` specifying that they want `write` access for their app:
|
20
20
|
|
21
21
|
|
22
|
-
<%=
|
22
|
+
<%= oauth_new_url(:client_id => "3234myClientId5678", :protocol => @protocol) + "&scope[]=write" %>
|
23
23
|
|
24
24
|
|
25
25
|
While authorizing your application a user can choose to grant or reject individual permissions.
|
@@ -30,7 +30,7 @@ Once you've registered an app successfully we can start to build an OAuth applic
|
|
30
30
|
|
31
31
|
Now that you have a client application, you'll want to give it access to a user account. Open a new browser window and log in with a user account, then give your application permission by visiting the url below (swap out '3234myClientId5678' for your client id and '14321myClientSecret8765' for your client secret)
|
32
32
|
|
33
|
-
<%=
|
33
|
+
<%= oauth_new_url(:protocol => @protocol, :redirect_uri => "/", :client_id => "3234myClientId5678", :client_secret => "14321myClientSecret8765" ) %>
|
34
34
|
|
35
35
|
|
36
36
|
This should land you on a page asking if you would like to grant permission to the application. If not, make sure you're logged in and you put the correct client id in the url.
|
@@ -53,10 +53,12 @@ We'll be using [Curl](<%= oauth_doc_path(:curl) %>) to go through the process of
|
|
53
53
|
You'll want to make sure to replace `client_id`, `client_secret`, and `code` with your values.
|
54
54
|
|
55
55
|
|
56
|
-
$ curl '<%= oauth_token_url(
|
56
|
+
$ curl -X POST -d '' '<%= oauth_token_url(
|
57
|
+
:protocol => @protocol,
|
57
58
|
:client_id => "3234myClientId5678",
|
58
59
|
:client_secret => "14321myClientSecret8765",
|
59
|
-
:code => "4857goldfish827423"
|
60
|
+
:code => "4857goldfish827423",
|
61
|
+
:format => "json") %>'
|
60
62
|
|
61
63
|
|
62
64
|
You should get back a response that looks like this:
|
@@ -73,7 +75,7 @@ Now that we've gone through all the hard work of getting an access token, you ca
|
|
73
75
|
|
74
76
|
Try it out for yourself. Replace the access token below with the one you received and run this curl command:
|
75
77
|
|
76
|
-
$ curl "<%= oauth_test_url(:show_me_the_money, :access_token => '9693accessTokena7ca570bbaf') %>"
|
78
|
+
$ curl "<%= oauth_test_url(:show_me_the_money, :access_token => '9693accessTokena7ca570bbaf', :format => 'json') %>"
|
77
79
|
|
78
80
|
|
79
81
|
|
@@ -81,7 +83,7 @@ You should see a successful result (again, don't forget to replace the example a
|
|
81
83
|
|
82
84
|
You can also use a header to pass the OAuth token:
|
83
85
|
|
84
|
-
$ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_test_url(:show_me_the_money) %>"
|
86
|
+
$ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_test_url(:show_me_the_money, :format => 'json') %>"
|
85
87
|
|
86
88
|
|
87
89
|
## Security
|
@@ -89,3 +91,5 @@ You can also use a header to pass the OAuth token:
|
|
89
91
|
Don't share your client application's secret or any user's access_token with unknown or untrusted parties. Always use https when available and don't write any of these values to your application's logs.
|
90
92
|
|
91
93
|
|
94
|
+
|
95
|
+
|
@@ -10,7 +10,7 @@ If a token has expired or you simply wish to receive a new `access_token` you ca
|
|
10
10
|
|
11
11
|
|
12
12
|
|
13
|
-
$ curl '<%= oauth_token_url(:protocol => @protocol,
|
13
|
+
$ curl -X POST -d '' '<%= oauth_token_url(:protocol => @protocol,
|
14
14
|
:client_id => "3234myClientId5678",
|
15
15
|
:client_secret => "14321myClientSecret8765",
|
16
16
|
:refresh_token => "4857goldfish827423") %>'
|
data/lib/opro.rb
CHANGED
@@ -19,29 +19,19 @@ module Opro
|
|
19
19
|
set_login_logout_methods
|
20
20
|
end
|
21
21
|
|
22
|
+
# sets up defaults for common auth providers
|
22
23
|
def self.set_login_logout_methods
|
23
|
-
case auth_strategy
|
24
|
+
klass = case auth_strategy
|
24
25
|
when :devise
|
25
|
-
|
26
|
-
logout_method { |controller, current_user| controller.sign_out(current_user) }
|
27
|
-
authenticate_user_method { |controller| controller.authenticate_user! }
|
28
|
-
|
29
|
-
find_user_for_auth do |controller, params|
|
30
|
-
return false if params[:password].blank?
|
31
|
-
find_params = params.each_with_object({}) {|(key,value), hash| hash[key] = value if Devise.authentication_keys.include?(key.to_sym) }
|
32
|
-
# Try to get fancy, some clients have :username hardcoded, if we have nothing in our find hash
|
33
|
-
# we can make an educated guess here
|
34
|
-
if find_params.blank? && params[:username].present?
|
35
|
-
find_params = { Devise.authentication_keys.first => params[:username] }
|
36
|
-
end
|
37
|
-
user = User.where(find_params).first if find_params.present?
|
38
|
-
return false unless user.present?
|
39
|
-
return false unless user.valid_password?(params[:password])
|
40
|
-
user
|
41
|
-
end
|
26
|
+
AuthProvider::Devise
|
42
27
|
else
|
43
|
-
|
28
|
+
auth_strategy if auth_strategy.is_a? Class
|
44
29
|
end
|
30
|
+
return false unless klass.present?
|
31
|
+
login_method { |controller, current_user| klass.new(controller).login_method(current_user) }
|
32
|
+
logout_method { |controller, current_user| klass.new(controller).logout_method(current_user) }
|
33
|
+
find_user_for_auth { |controller, params| klass.new(controller).find_user_for_auth(params) }
|
34
|
+
authenticate_user_method { |controller| klass.new(controller).authenticate_user_method }
|
45
35
|
end
|
46
36
|
|
47
37
|
# Used by application controller to log user in
|
@@ -120,13 +110,21 @@ module Opro
|
|
120
110
|
@user
|
121
111
|
end
|
122
112
|
|
123
|
-
|
124
113
|
# default to no match
|
125
114
|
def self.header_auth_regex
|
126
115
|
@header_auth_regex || /$^/
|
127
116
|
end
|
128
117
|
|
129
|
-
|
118
|
+
|
119
|
+
def self.token_type=(token_type)
|
120
|
+
@token_type = token_type
|
121
|
+
end
|
122
|
+
|
123
|
+
def self.token_type
|
124
|
+
@token_type
|
125
|
+
end
|
126
|
+
|
127
|
+
# Allows a user to define a custom authorization regular expression
|
130
128
|
def self.header_auth_regex=(regexstring)
|
131
129
|
raise "not a regex" unless regexstring.is_a? Regexp
|
132
130
|
@header_auth_regex = regexstring
|
@@ -152,7 +150,7 @@ module Opro
|
|
152
150
|
@find_for_authentication ||= []
|
153
151
|
@find_for_authentication << convert_to_lambda(&block)
|
154
152
|
else
|
155
|
-
@find_for_authentication or raise '
|
153
|
+
@find_for_authentication or raise 'find_user_for_auth not set, please specify an oPRO auth_strategy in config/initializers/opro.rb'
|
156
154
|
end
|
157
155
|
end
|
158
156
|
|
@@ -165,8 +163,10 @@ module Opro
|
|
165
163
|
end
|
166
164
|
end
|
167
165
|
|
166
|
+
|
168
167
|
require 'opro/controllers/concerns/rate_limits'
|
169
168
|
require 'opro/controllers/concerns/error_messages'
|
170
169
|
require 'opro/controllers/concerns/permissions'
|
171
170
|
require 'opro/controllers/application_controller_helper'
|
171
|
+
require 'opro/auth_provider/devise'
|
172
172
|
require 'opro/engine'
|
@@ -0,0 +1,37 @@
|
|
1
|
+
module Opro
|
2
|
+
module AuthProvider
|
3
|
+
class Devise
|
4
|
+
attr_reader :controller
|
5
|
+
|
6
|
+
def initialize(controller)
|
7
|
+
@controller = controller
|
8
|
+
end
|
9
|
+
|
10
|
+
def login_method(current_user)
|
11
|
+
controller.sign_in(current_user, :bypass => true)
|
12
|
+
end
|
13
|
+
|
14
|
+
def logout_method(current_user)
|
15
|
+
controller.sign_out(current_user)
|
16
|
+
end
|
17
|
+
|
18
|
+
def authenticate_user_method
|
19
|
+
controller.authenticate_user!
|
20
|
+
end
|
21
|
+
|
22
|
+
def find_user_for_auth(params)
|
23
|
+
return false if params[:password].blank?
|
24
|
+
find_params = params.each_with_object({}) {|(key,value), hash| hash[key] = value if ::Devise.authentication_keys.include?(key.to_sym) }
|
25
|
+
# Try to get fancy, some clients have :username hardcoded, if we have nothing in our find hash
|
26
|
+
# we can make an educated guess here
|
27
|
+
if find_params.blank? && params[:username].present?
|
28
|
+
find_params = { ::Devise.authentication_keys.first => params[:username] }
|
29
|
+
end
|
30
|
+
user = User.where(find_params).first if find_params.present?
|
31
|
+
return false unless user.present?
|
32
|
+
return false unless user.valid_password?(params[:password])
|
33
|
+
user
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|