Implement token authentication

* create a new token on a new session
* delete the current token on session exit

app/controllers/api/v1/tokens_controller.rb

+class Api::V1::TokensController < ApplicationController
+  skip_before_filter :verify_authenticity_token
+  before_filter :authenticate_user!
+
+  respond_to :json
+
+  def create
+    current_user.ensure_authentication_token!
+    render :status => 200, :json => { :token => current_user.authentication_token }
+  end
+  
+  def destroy
+    current_user.reset_authentication_token!
+    render :json => true, :status => 200
+  end
+end

app/controllers/sessions_controller.rb

@@ -7,4 +7,10 @@ class SessionsController < Devise::SessionsController
   layout ->(c) { request.format == :mobile ? "application" : "with_header_with_footer" }, :only => [:new]
   use_bootstrap_for :new
 
+  after_filter :reset_authentication_token, :only => [:create]
+  before_filter :reset_authentication_token, :only => [:destroy]
+
+  def reset_authentication_token
+    current_user.reset_authentication_token!
+  end
 end

app/models/user.rb

@@ -16,7 +16,7 @@ class User < ActiveRecord::Base
   scope :yearly_actives, ->(time = Time.now) { logged_in_since(time - 1.year) }
   scope :halfyear_actives, ->(time = Time.now) { logged_in_since(time - 6.month) }
 
-  devise :database_authenticatable, :registerable,
+  devise :token_authenticatable, :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :lockable, :lastseenable, :lock_strategy => :none, :unlock_strategy => :none
 

config/routes.rb

@@ -6,6 +6,7 @@ require 'sidekiq/web'
 require 'sidetiq/web'
 
 Diaspora::Application.routes.draw do
+
   resources :report, :except => [:edit, :new]
 
   if Rails.env.production?
@@ -209,6 +210,9 @@ Diaspora::Application.routes.draw do
       get "/users/:username" => 'users#show', :as => 'user'
       get "/tags/:name" => 'tags#show', :as => 'tag'
     end
+    namespace :v1 do
+      resources :tokens, :only => [:create, :destroy]
+    end
   end
 
   get 'community_spotlight' => "contacts#spotlight", :as => 'community_spotlight'