From 9d6d876c62408c69c654aab1a664f1294ec668b7 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Sun, 15 Oct 2017 13:49:03 -0400 Subject: Added pokeviewer --- app/controllers/application_controller.rb | 10 ++++++++++ app/models/user.rb | 2 ++ 2 files changed, 12 insertions(+) (limited to 'app') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0174cae..c9d4e15 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,16 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception + protected + + def authenticate_pokeviewer(login, token) + user = login && User.find_by_login(login) + + ActiveSupport::SecurityUtils.secure_compare( + ::Digest::SHA256.hexdigest(user.pokeviewer_token), + ::Digest::SHA256.hexdigest(token)) + end + private def after_sign_out_path_for(resource) diff --git a/app/models/user.rb b/app/models/user.rb index b8bdae1..555729a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -3,4 +3,6 @@ class User < ApplicationRecord # :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable + + has_secure_token :pokeviewer_token end -- cgit 1.4.1