From 8549f3e9b4fc069f00b49f75d3421a6a3afd3245 Mon Sep 17 00:00:00 2001 From: Thorsten Eckel Date: Mon, 22 Jun 2015 13:19:56 +0200 Subject: [PATCH] Reworked token auth - now using the Rails framework implementation. --- app/controllers/application_controller.rb | 64 ++++++++++++++-------- app/controllers/ical_tickets_controller.rb | 2 +- 2 files changed, 42 insertions(+), 24 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ef83ebc5d..86a7e35a6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,7 +5,6 @@ class ApplicationController < ActionController::Base helper_method :current_user, :authentication_check, - :authentication_check_action_token, :config_frontend, :role?, :model_create_render, @@ -96,7 +95,7 @@ class ApplicationController < ActionController::Base session[:user_agent] = request.env['HTTP_USER_AGENT'] end - def authentication_check_only + def authentication_check_only(auth_param) logger.debug 'authentication_check' session[:request_type] = 1 @@ -162,6 +161,43 @@ class ApplicationController < ActionController::Base end end + # check token + if auth_param[:token_action] + authenticate_with_http_token do |token, options| + logger.debug 'token auth check' + session[:request_type] = 4 + + userdata = Token.check( + action: auth_param[:token_action], + name: token, + ) + + message = '' + if !userdata + message = 'authentication failed' + end + + # return auth ok + if message == '' + + # remember user + session[:user_id] = userdata.id + + # set token user to current user + current_user_set(userdata) + return { + auth: true + } + end + + # return auth not ok + return { + auth: false, + message: message, + } + end + end + # return auth not ok (no session exists) if !session[:user_id] logger.debug 'no valid session, user_id' @@ -177,11 +213,11 @@ class ApplicationController < ActionController::Base } end - def authentication_check( params = { basic_auth_promt: false } ) - result = authentication_check_only + def authentication_check( auth_param = { basic_auth_promt: false } ) + result = authentication_check_only(auth_param) # check if basic_auth fallback is possible - if params[:basic_auth_promt] && result[:auth] == false + if auth_param[:basic_auth_promt] && result[:auth] == false return request_http_basic_authentication end @@ -201,24 +237,6 @@ class ApplicationController < ActionController::Base true end - def authentication_check_action_token(action) - - user = Token.check( - action: action, - name: params[:action_token], - ) - - if !user - logger.debug params.inspect - response_access_deny - return - end - - current_user_set( user ) - - true - end - def role?( role_name ) return false if !current_user current_user.role?( role_name ) diff --git a/app/controllers/ical_tickets_controller.rb b/app/controllers/ical_tickets_controller.rb index 49069fce5..f5eabfe20 100644 --- a/app/controllers/ical_tickets_controller.rb +++ b/app/controllers/ical_tickets_controller.rb @@ -3,7 +3,7 @@ require 'icalendar' class IcalTicketsController < ApplicationController - before_action { authentication_check( { basic_auth_promt: true } ) } + before_action { authentication_check( { basic_auth_promt: true, token_action: 'iCal' } ) } # @path [GET] /ical/tickets/:action_token #