diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
| -rw-r--r-- | app/models/user.rb | 2 |
2 files changed, 12 insertions, 0 deletions
| diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0174cae..c9d4e15 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb | |||
| @@ -1,6 +1,16 @@ | |||
| 1 | class ApplicationController < ActionController::Base | 1 | class ApplicationController < ActionController::Base |
| 2 | protect_from_forgery with: :exception | 2 | protect_from_forgery with: :exception |
| 3 | 3 | ||
| 4 | protected | ||
| 5 | |||
| 6 | def authenticate_pokeviewer(login, token) | ||
| 7 | user = login && User.find_by_login(login) | ||
| 8 | |||
| 9 | ActiveSupport::SecurityUtils.secure_compare( | ||
| 10 | ::Digest::SHA256.hexdigest(user.pokeviewer_token), | ||
| 11 | ::Digest::SHA256.hexdigest(token)) | ||
| 12 | end | ||
| 13 | |||
| 4 | private | 14 | private |
| 5 | 15 | ||
| 6 | def after_sign_out_path_for(resource) | 16 | def after_sign_out_path_for(resource) |
| diff --git a/app/models/user.rb b/app/models/user.rb index b8bdae1..555729a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb | |||
| @@ -3,4 +3,6 @@ class User < ApplicationRecord | |||
| 3 | # :confirmable, :lockable, :timeoutable and :omniauthable | 3 | # :confirmable, :lockable, :timeoutable and :omniauthable |
| 4 | devise :database_authenticatable, | 4 | devise :database_authenticatable, |
| 5 | :recoverable, :rememberable, :trackable, :validatable | 5 | :recoverable, :rememberable, :trackable, :validatable |
| 6 | |||
| 7 | has_secure_token :pokeviewer_token | ||
| 6 | end | 8 | end |