ApiController: check token validity for a given admin

app/controllers/api_controller.rb

@@ -16,6 +16,10 @@ class APIController < ApplicationController
 
   protected
 
+  def valid_token_for_administrateur?(administrateur)
+    administrateur.valid_api_token?(token)
+  end
+
   def default_format_json
     request.format = "json" if !request.params[:format]
   end
@@ -26,6 +30,10 @@ class APIController < ApplicationController
     end
   end
 
+  def token
+    params_token.presence || header_token
+  end
+
   def header_token
     received_token = nil
     authenticate_with_http_token do |token, _options|
@@ -33,4 +41,8 @@ class APIController < ApplicationController
     end
     received_token
   end
+
+  def params_token
+    params[:token]
+  end
 end

app/models/administrateur.rb

@@ -43,6 +43,12 @@ class Administrateur < ApplicationRecord
     api_token
   end
 
+  def valid_api_token?(api_token)
+    BCrypt::Password.new(encrypted_token) == api_token
+  rescue BCrypt::Errors::InvalidHash
+    false
+  end
+
   def registration_state
     if active?
       'Actif'