From 24e17322560748e54d00d36e13a048fcd9a55cb1 Mon Sep 17 00:00:00 2001
From: Lukas Matt <lukas.matt@sophos.com>
Date: Thu, 13 Nov 2014 11:27:56 +0100
Subject: [PATCH] Implement token authentication

* create a new token on a new session
* delete the current token on session exit
---
 app/controllers/api/v1/tokens_controller.rb | 16 ++++++++++++++++
 app/controllers/sessions_controller.rb      |  6 ++++++
 app/models/user.rb                          |  2 +-
 config/routes.rb                            |  4 ++++
 4 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 app/controllers/api/v1/tokens_controller.rb

diff --git a/app/controllers/api/v1/tokens_controller.rb b/app/controllers/api/v1/tokens_controller.rb
new file mode 100644
index 0000000000..f59c2eac57
--- /dev/null
+++ b/app/controllers/api/v1/tokens_controller.rb
@@ -0,0 +1,16 @@
+class Api::V1::TokensController < ApplicationController
+  skip_before_filter :verify_authenticity_token
+  before_filter :authenticate_user!
+
+  respond_to :json
+
+  def create
+    current_user.ensure_authentication_token!
+    render :status => 200, :json => { :token => current_user.authentication_token }
+  end
+  
+  def destroy
+    current_user.reset_authentication_token!
+    render :json => true, :status => 200
+  end
+end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 5f11f48bfb..04a08241e0 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -7,4 +7,10 @@ class SessionsController < Devise::SessionsController
   layout ->(c) { request.format == :mobile ? "application" : "with_header_with_footer" }, :only => [:new]
   use_bootstrap_for :new
 
+  after_filter :reset_authentication_token, :only => [:create]
+  before_filter :reset_authentication_token, :only => [:destroy]
+
+  def reset_authentication_token
+    current_user.reset_authentication_token!
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 35fe032f9a..75cde7fa13 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -16,7 +16,7 @@ class User < ActiveRecord::Base
   scope :yearly_actives, ->(time = Time.now) { logged_in_since(time - 1.year) }
   scope :halfyear_actives, ->(time = Time.now) { logged_in_since(time - 6.month) }
 
-  devise :database_authenticatable, :registerable,
+  devise :token_authenticatable, :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :lockable, :lastseenable, :lock_strategy => :none, :unlock_strategy => :none
 
diff --git a/config/routes.rb b/config/routes.rb
index a92f119c16..3411804582 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -6,6 +6,7 @@ require 'sidekiq/web'
 require 'sidetiq/web'
 
 Diaspora::Application.routes.draw do
+
   resources :report, :except => [:edit, :new]
 
   if Rails.env.production?
@@ -209,6 +210,9 @@ Diaspora::Application.routes.draw do
       get "/users/:username" => 'users#show', :as => 'user'
       get "/tags/:name" => 'tags#show', :as => 'tag'
     end
+    namespace :v1 do
+      resources :tokens, :only => [:create, :destroy]
+    end
   end
 
   get 'community_spotlight' => "contacts#spotlight", :as => 'community_spotlight'
-- 
GitLab