Class: AuthController
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- AuthController
- Defined in:
- app/controllers/auth_controller.rb
Overview
This class defines the API methods related to authentication management
Instance Method Summary (collapse)
-
- (Object) authenticate
Check credentials the owner of the account_token.
-
- (Object) session_auth
Gets a token in order to perform account management operations.
-
- (Object) sync
Returns the server time.
Instance Method Details
- (Object) authenticate
Check credentials the owner of the account_token
This is the main API method for 3rd party apps and therefore will need to be optimized.
Return values:
-
On success: 200 OK => true (credentials accepted)
-
On failure: 401 UNAUTHORIZED => false (credential refused)
URL params:
-
<format>: Output format wanted
POST params:
-
credentials:
-
account_token: The account_token the user provided (string)
-
token: The time-based token the user provided (string, length == 8)
-
Query URLs:
-
POST /authenticate
-
POST /authenticate.<format>
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'app/controllers/auth_controller.rb', line 26 def authenticate credentials = params[:credentials] token = credentials[:token] account_token = AccountToken.active.find_by_account_token(credentials[:account_token]) user_id = account_token.user_id generated_token = OaUtils.generate_token PersonalKey.current.find_by_user_id(user_id).personal_key = generated_token == token ? true : false account_token.auth_logs.create!({ :outcome => }) @response.body = @response.status = ? :ok : :unauthorized respond end |
- (Object) session_auth
Gets a token in order to perform account management operations.
This method can be used only by the administration website and the mobile apps. A token is valid for 10 minutes.
Return values:
-
On success: 200 OK => cookie (credentials accepted)
-
On failure: 401 UNAUTHORIZED => false (credential refused)
URL params:
-
<format>: Output format wanted
POST params:
-
credentials:
-
personal_key: The account_token the user provided (string)
-
token: The time-based token the user provided (string, length == 8)
-
Query URLs:
-
POST /session_auth
-
POST /session_auth.<format>
82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'app/controllers/auth_controller.rb', line 82 def session_auth credentials = params[:credentials] token = credentials[:token] personal_key = credentials[:personal_key] user_id = PersonalKey.current.find_by_personal_key(personal_key).user_id = OaUtils.generate_token(personal_key) == token ? true : false @response.body = ? PseudoCookie.(user_id) : false @response.status = ? :ok : :unauthorized respond end |
- (Object) sync
Returns the server time
This method will be used by mobile apps to synchronize with the server
Return values:
-
On success: 200 OK => unix timestamp
-
On failure: Cannot fail.
URL params:
-
<format>: Output format wanted
Query URLs:
-
GET /sync
-
GET /sync.<format>
56 57 58 59 60 |
# File 'app/controllers/auth_controller.rb', line 56 def sync @response.body = Time.new.to_i.to_s @response.status = :ok respond end |
