#345: updated authenticate_user!
This commit is contained in:
parent
237df48f94
commit
4adae8319b
|
@ -17,7 +17,11 @@ class Api::V1::BaseController < ApplicationController
|
|||
# via parameters. However, anyone could use Rails's token
|
||||
# authentication features to get the token from a header.
|
||||
def authenticate_user!
|
||||
user_token = params[:user_token].presence
|
||||
user_token = params[:authentication_token].presence
|
||||
unless user_token
|
||||
credentials = decode_credentials.select(&:present?)
|
||||
user_token = credentials.first if credentials.size == 1
|
||||
end
|
||||
user = user_token && User.find_by_authentication_token(user_token.to_s)
|
||||
|
||||
if user
|
||||
|
@ -31,6 +35,12 @@ class Api::V1::BaseController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
# Helper to decode credentials from HTTP.
|
||||
def decode_credentials
|
||||
return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m
|
||||
Base64.decode64($1).split(/:/, 2)
|
||||
end
|
||||
|
||||
def set_csv_file_headers(file_name)
|
||||
headers['Content-Type'] = 'text/csv'
|
||||
headers['Content-disposition'] = "attachment; filename=\"#{file_name}.csv\""
|
||||
|
|
Loading…
Reference in New Issue