module GrapeTokenAuth::SessionsAPICore
Public Class Methods
included(base)
click to toggle source
# File lib/grape_token_auth/apis/session_api.rb, line 4 def self.included(base) base.helpers do def find_resource(data, mapping) token_authorizer = TokenAuthorizer.new(data) token_authorizer.find_resource(mapping) end end base.post '/sign_in' do start_time = Time.now resource = ResourceFinder.find(base.resource_scope, params) unless resource && resource.valid_password?(params[:password]) message = 'Invalid login credentials. Please try again.' throw(:warden, errors: { errors: [message], status: 'error' }) end unless resource.confirmed? error_message = 'A confirmation email was sent to your account at ' + "#{resource.email}. You must follow the " + 'instructions in the email before your account can be ' + 'activated' throw(:warden, errors: { errors: [error_message], status: 'error' }) end data = AuthorizerData.load_from_env_or_create(env) env['rack.session'] ||= {} data.store_resource(resource, base.resource_scope) data.authed_with_token = false status 200 present data: resource end base.delete '/sign_out' do data = AuthorizerData.load_from_env_or_create(env) resource = find_resource(data, base.resource_scope) if resource # Rails prepends 'CLIENT' header with 'HTTP_' prefix, so to make sure we address to # proper header, better use normalized version stored at <tt>data</tt> # See more: http://stackoverflow.com/a/26936364/1592582 resource.tokens.delete(data.client_id) data.skip_auth_headers = true resource.save status 200 else status 404 end end end
Public Instance Methods
find_resource(data, mapping)
click to toggle source
# File lib/grape_token_auth/apis/session_api.rb, line 6 def find_resource(data, mapping) token_authorizer = TokenAuthorizer.new(data) token_authorizer.find_resource(mapping) end