about summary refs log tree commit diff stats
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/application_controller.rb10
-rw-r--r--app/models/user.rb2
2 files changed, 12 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0174cae..c9d4e15 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb
@@ -1,6 +1,16 @@
1class ApplicationController < ActionController::Base 1class ApplicationController < ActionController::Base
2 protect_from_forgery with: :exception 2 protect_from_forgery with: :exception
3 3
4 protected
5
6 def authenticate_pokeviewer(login, token)
7 user = login && User.find_by_login(login)
8
9 ActiveSupport::SecurityUtils.secure_compare(
10 ::Digest::SHA256.hexdigest(user.pokeviewer_token),
11 ::Digest::SHA256.hexdigest(token))
12 end
13
4 private 14 private
5 15
6 def after_sign_out_path_for(resource) 16 def after_sign_out_path_for(resource)
diff --git a/app/models/user.rb b/app/models/user.rb index b8bdae1..555729a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb
@@ -3,4 +3,6 @@ class User < ApplicationRecord
3 # :confirmable, :lockable, :timeoutable and :omniauthable 3 # :confirmable, :lockable, :timeoutable and :omniauthable
4 devise :database_authenticatable, 4 devise :database_authenticatable,
5 :recoverable, :rememberable, :trackable, :validatable 5 :recoverable, :rememberable, :trackable, :validatable
6
7 has_secure_token :pokeviewer_token
6end 8end