about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorKelly Rauchenberger <fefferburbia@gmail.com>2017-10-15 13:06:13 -0400
committerKelly Rauchenberger <fefferburbia@gmail.com>2017-10-15 13:06:13 -0400
commitb68f6cb66ec30f9e9ddd2724592e40ba0a3b22fb (patch)
tree84693064d9c183efd2f35f4bd2609e21b419f4c6
parente0562c5de8bcc2fb29d0b22a2537f55bd1fc8bd7 (diff)
downloadpokeviewer-b68f6cb66ec30f9e9ddd2724592e40ba0a3b22fb.tar.gz
pokeviewer-b68f6cb66ec30f9e9ddd2724592e40ba0a3b22fb.tar.bz2
pokeviewer-b68f6cb66ec30f9e9ddd2724592e40ba0a3b22fb.zip
Integrated auth into main app
Pokeviewer now expects the main app's ApplicationController to contain a
method called "authenticate_pokeviewer" which will return true iff the
username and token passed to it are valid. An example stub is present in
the test dummy ApplicationController.
-rw-r--r--app/controllers/pokeviewer/application_controller.rb2
-rw-r--r--app/controllers/pokeviewer/uploader_controller.rb13
-rw-r--r--test/dummy/app/controllers/application_controller.rb6
3 files changed, 20 insertions, 1 deletions
diff --git a/app/controllers/pokeviewer/application_controller.rb b/app/controllers/pokeviewer/application_controller.rb index 7f6b42c..e342b11 100644 --- a/app/controllers/pokeviewer/application_controller.rb +++ b/app/controllers/pokeviewer/application_controller.rb
@@ -1,5 +1,5 @@
1module Pokeviewer 1module Pokeviewer
2 class ApplicationController < ActionController::Base 2 class ApplicationController < ::ApplicationController
3 protect_from_forgery with: :exception 3 protect_from_forgery with: :exception
4 end 4 end
5end 5end
diff --git a/app/controllers/pokeviewer/uploader_controller.rb b/app/controllers/pokeviewer/uploader_controller.rb index dbef241..d72dd9a 100644 --- a/app/controllers/pokeviewer/uploader_controller.rb +++ b/app/controllers/pokeviewer/uploader_controller.rb
@@ -3,11 +3,24 @@ require_dependency "pokeviewer/application_controller"
3module Pokeviewer 3module Pokeviewer
4 class UploaderController < ApplicationController 4 class UploaderController < ApplicationController
5 skip_before_action :verify_authenticity_token 5 skip_before_action :verify_authenticity_token
6 before_action :authenticate_user_from_token!
6 7
7 def submit 8 def submit
8 ExtractSaveDataJob.perform_later params[:game].as_json 9 ExtractSaveDataJob.perform_later params[:game].as_json
9 10
10 render json: { message: "Data submitted for processing." } 11 render json: { message: "Data submitted for processing." }
11 end 12 end
13
14 private
15
16 def authenticate_user_from_token!
17 login = request.headers["X-User-Login"].presence
18 token = request.headers["X-User-Token"].presence
19
20 unless authenticate_pokeviewer(login, token)
21 head :unauthorized
22 end
23 end
24
12 end 25 end
13end 26end
diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb index 1c07694..95f36f8 100644 --- a/test/dummy/app/controllers/application_controller.rb +++ b/test/dummy/app/controllers/application_controller.rb
@@ -1,3 +1,9 @@
1class ApplicationController < ActionController::Base 1class ApplicationController < ActionController::Base
2 protect_from_forgery with: :exception 2 protect_from_forgery with: :exception
3
4 protected
5
6 def authenticate_pokeviewer(login, token)
7 login == "testuser" and token == "testpass"
8 end
3end 9end