mirror of
https://github.com/Growstuff/growstuff.git
synced 2026-04-11 18:38:50 -04:00
02db5b8130
* feat: Add API token generation and authentication This commit introduces API token generation and authentication for write operations. - Adds a section to the user's profile edit page to generate and display an API token. - Reuses the `authentications` table to store the API token, avoiding the need for a database migration. - Implements token-based authentication for the API using the `Authorization: Token token=...` header. - Enables write operations for all API resources and ensures they are protected by the new authentication mechanism. - Adds feature and request specs to test the new functionality. * feat: Add API token generation and authentication This commit introduces API token generation and authentication for write operations. - Adds a section to the user's profile edit page to generate and display an API token. - Reuses the `authentications` table to store the API token, avoiding the need for a database migration. - Implements token-based authentication for the API using the `Authorization: Token token=...` header. - Enables write operations for all API resources and ensures they are protected by the new authentication mechanism. - Adds feature and request specs to test the new functionality. * Mark as editable * Refactor * WIP - Authentication * Implement more test coverage * Split 401 and 403 * Before Create hooks * Update harvest specs, defaulting to the first plant part - this may not be right * Update coverage * Update coverage * Rubocop * Rubocop * Rubocop * Fix coverage * For now, mark photos immutable again * Fix specs * Fix specs * Rubocop * Fix specs --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Daniel O'Connor <daniel.oconnor@gmail.com>
82 lines
2.7 KiB
Ruby
82 lines
2.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class RegistrationsController < Devise::RegistrationsController
|
|
respond_to :json
|
|
|
|
prepend_before_action :check_captcha, only: [:create] # Change this to be any actions you want to protect with recaptcha.
|
|
|
|
def edit
|
|
@flickr_auth = current_member.auth('flickr')
|
|
render "edit"
|
|
end
|
|
|
|
# we need this subclassed method so that Devise doesn't force people to
|
|
# change their password every time they want to edit their settings.
|
|
# we also check that they give their current password to change their password.
|
|
# Code copied from
|
|
# https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
|
|
|
|
def update
|
|
@member = Member.find(current_member.id)
|
|
|
|
if needs_password?(@member, params)
|
|
successfully_updated = @member.update_with_password(devise_parameter_sanitizer.sanitize(:account_update))
|
|
else
|
|
# remove the virtual current_password attribute
|
|
# update_without_password doesn't know how to ignore it
|
|
params[:member].delete(:current_password)
|
|
successfully_updated = @member.update_without_password(devise_parameter_sanitizer.sanitize(:account_update))
|
|
end
|
|
|
|
if successfully_updated
|
|
set_flash_message :notice, :updated
|
|
# Sign in the member bypassing validation in case their password changed
|
|
sign_in @member, bypass: true
|
|
redirect_to edit_member_registration_path
|
|
else
|
|
render "edit"
|
|
end
|
|
end
|
|
|
|
def regenerate_api_token
|
|
current_member.regenerate_api_token
|
|
set_flash_message :notice, :api_token_regenerated
|
|
redirect_to edit_member_registration_path + '#apps'
|
|
end
|
|
|
|
def destroy
|
|
if @member.valid_password?(params.require(:member)[:current_password])
|
|
@member.discard
|
|
redirect_to root_path
|
|
else
|
|
@member.errors.add(:current_password, 'Incorrect password')
|
|
render "edit"
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def sign_up_params
|
|
params.require(:member).permit(:login_name, :email, :tos_agreement, :newsletter, :password, :password_confirmation)
|
|
end
|
|
|
|
def check_captcha
|
|
return if verify_recaptcha # verify_recaptcha(action: 'signup') for v3
|
|
|
|
self.resource = resource_class.new sign_up_params
|
|
resource.validate # Look for any other validation errors besides reCAPTCHA
|
|
set_minimum_password_length
|
|
|
|
respond_with_navigational(resource) do
|
|
flash.discard(:recaptcha_error) # We need to discard flash to avoid showing it on the next page reload
|
|
render :new
|
|
end
|
|
end
|
|
end
|
|
|
|
# check if we need the current password to update fields
|
|
def needs_password?(_member, params)
|
|
params[:member][:password].present? ||
|
|
params[:member][:password_confirmation].present?
|
|
end
|