diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
-rw-r--r-- | app/models/user.rb | 2 |
2 files changed, 12 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0174cae..c9d4e15 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb | |||
@@ -1,6 +1,16 @@ | |||
1 | class ApplicationController < ActionController::Base | 1 | class ApplicationController < ActionController::Base |
2 | protect_from_forgery with: :exception | 2 | protect_from_forgery with: :exception |
3 | 3 | ||
4 | protected | ||
5 | |||
6 | def authenticate_pokeviewer(login, token) | ||
7 | user = login && User.find_by_login(login) | ||
8 | |||
9 | ActiveSupport::SecurityUtils.secure_compare( | ||
10 | ::Digest::SHA256.hexdigest(user.pokeviewer_token), | ||
11 | ::Digest::SHA256.hexdigest(token)) | ||
12 | end | ||
13 | |||
4 | private | 14 | private |
5 | 15 | ||
6 | def after_sign_out_path_for(resource) | 16 | def after_sign_out_path_for(resource) |
diff --git a/app/models/user.rb b/app/models/user.rb index b8bdae1..555729a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb | |||
@@ -3,4 +3,6 @@ class User < ApplicationRecord | |||
3 | # :confirmable, :lockable, :timeoutable and :omniauthable | 3 | # :confirmable, :lockable, :timeoutable and :omniauthable |
4 | devise :database_authenticatable, | 4 | devise :database_authenticatable, |
5 | :recoverable, :rememberable, :trackable, :validatable | 5 | :recoverable, :rememberable, :trackable, :validatable |
6 | |||
7 | has_secure_token :pokeviewer_token | ||
6 | end | 8 | end |