#345: updated authenticate_user!

This commit is contained in:
Vokhmin Alexey V 2014-03-25 22:32:46 +04:00
parent 237df48f94
commit 4adae8319b
1 changed files with 12 additions and 2 deletions

View File

@ -17,8 +17,12 @@ class Api::V1::BaseController < ApplicationController
# via parameters. However, anyone could use Rails's token # via parameters. However, anyone could use Rails's token
# authentication features to get the token from a header. # authentication features to get the token from a header.
def authenticate_user! def authenticate_user!
user_token = params[:user_token].presence user_token = params[:authentication_token].presence
user = user_token && User.find_by_authentication_token(user_token.to_s) unless user_token
credentials = decode_credentials.select(&:present?)
user_token = credentials.first if credentials.size == 1
end
user = user_token && User.find_by_authentication_token(user_token.to_s)
if user if user
# Notice we are passing store false, so the user is not # Notice we are passing store false, so the user is not
@ -31,6 +35,12 @@ class Api::V1::BaseController < ApplicationController
end end
end end
# Helper to decode credentials from HTTP.
def decode_credentials
return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m
Base64.decode64($1).split(/:/, 2)
end
def set_csv_file_headers(file_name) def set_csv_file_headers(file_name)
headers['Content-Type'] = 'text/csv' headers['Content-Type'] = 'text/csv'
headers['Content-disposition'] = "attachment; filename=\"#{file_name}.csv\"" headers['Content-disposition'] = "attachment; filename=\"#{file_name}.csv\""