demarches-normaliennes/app/controllers/api_controller.rb

43 lines
945 B
Ruby
Raw Normal View History

2015-12-21 17:51:49 +01:00
class APIController < ApplicationController
2018-03-16 10:10:43 +01:00
AUTHENTICATION_TOKEN_DESCRIPTION = <<-EOS
L'authentification de l'API se fait via un header HTTP :
2015-12-21 17:51:49 +01:00
2018-03-16 10:10:43 +01:00
```
Authorization: Bearer &lt;Token administrateur&gt;
```
EOS
2018-03-08 17:41:54 +01:00
2018-03-16 10:10:43 +01:00
before_action :authenticate_user
before_action :default_format_json
2018-03-08 17:41:54 +01:00
2015-12-21 17:51:49 +01:00
def authenticate_user
2018-03-08 17:41:54 +01:00
if !valid_token?
request_http_token_authentication
end
2015-12-21 17:51:49 +01:00
end
protected
def valid_token?
2018-01-11 19:08:04 +01:00
current_administrateur.present?
2015-12-21 17:51:49 +01:00
end
def current_administrateur
2018-03-08 17:41:54 +01:00
@administrateur ||= (authenticate_with_bearer_token || authenticate_with_param_token)
end
def authenticate_with_bearer_token
authenticate_with_http_token do |token, options|
Administrateur.find_by(api_token: token)
end
end
def authenticate_with_param_token
Administrateur.find_by(api_token: params[:token])
2015-12-21 17:51:49 +01:00
end
2016-02-19 16:59:18 +01:00
def default_format_json
2018-01-11 19:04:39 +01:00
request.format = "json" if !request.params[:format]
2016-02-19 16:59:18 +01:00
end
2017-04-04 15:27:04 +02:00
end