From b68f6cb66ec30f9e9ddd2724592e40ba0a3b22fb Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Sun, 15 Oct 2017 13:06:13 -0400 Subject: Integrated auth into main app Pokeviewer now expects the main app's ApplicationController to contain a method called "authenticate_pokeviewer" which will return true iff the username and token passed to it are valid. An example stub is present in the test dummy ApplicationController. --- app/controllers/pokeviewer/application_controller.rb | 2 +- app/controllers/pokeviewer/uploader_controller.rb | 13 +++++++++++++ test/dummy/app/controllers/application_controller.rb | 6 ++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/app/controllers/pokeviewer/application_controller.rb b/app/controllers/pokeviewer/application_controller.rb index 7f6b42c..e342b11 100644 --- a/app/controllers/pokeviewer/application_controller.rb +++ b/app/controllers/pokeviewer/application_controller.rb @@ -1,5 +1,5 @@ module Pokeviewer - class ApplicationController < ActionController::Base + class ApplicationController < ::ApplicationController protect_from_forgery with: :exception end end diff --git a/app/controllers/pokeviewer/uploader_controller.rb b/app/controllers/pokeviewer/uploader_controller.rb index dbef241..d72dd9a 100644 --- a/app/controllers/pokeviewer/uploader_controller.rb +++ b/app/controllers/pokeviewer/uploader_controller.rb @@ -3,11 +3,24 @@ require_dependency "pokeviewer/application_controller" module Pokeviewer class UploaderController < ApplicationController skip_before_action :verify_authenticity_token + before_action :authenticate_user_from_token! def submit ExtractSaveDataJob.perform_later params[:game].as_json render json: { message: "Data submitted for processing." } end + + private + + def authenticate_user_from_token! + login = request.headers["X-User-Login"].presence + token = request.headers["X-User-Token"].presence + + unless authenticate_pokeviewer(login, token) + head :unauthorized + end + end + end end diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb index 1c07694..95f36f8 100644 --- a/test/dummy/app/controllers/application_controller.rb +++ b/test/dummy/app/controllers/application_controller.rb @@ -1,3 +1,9 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception + + protected + + def authenticate_pokeviewer(login, token) + login == "testuser" and token == "testpass" + end end -- cgit 1.4.1