class Api::V3::SessionsController

Authenticates user before accessing the api

Information returns in <user_info>:

{
  "status": "success",
  "user": {
    "name": "Isuru Akalanka",
    "id": 143,
    "email": "isuru@venturit.com",
    "bio": "### My Profile\r\nThis is my profile details",
    "institute": "Venturit",
    "profile_url": "http://localhost:3000/users/isuru-akalanka",
    "contributions": 2,
    "projects": 1,
    "collaborations": 1,
    "avatar": {
      "original": "http://localhost:3000/uploads/user/avatar/143/at_t.png",
      "thumb": "http://localhost:3000/uploads/user/avatar/143/at_t.png",
      "medium": "http://localhost:3000/uploads/user/avatar/143/medium_at_t.png"
    },
    "latest_activity": "2015-09-01T05:53:48.581Z",
    "home_screen": "recent_activity",
    "badges": [
      {
        "name": "",
        "url": ""
      }
    ],
    "auth_token": "Jhj5w6r...R3ybKq2qs-"
  }
}

Public Instance Methods

create() click to toggle source

User sign in

/api/v3/sign_in.json

Input params;

{:user => {:email => “???”, :password => “???”}}

Ex;

post "create", {:user => {:email=>foo@bar.com, :password => "xxxxxxx"}, :format=>:json}

Output;

On success - {:status => "success", :user => <user_info>}
On failed - {:status => "failed", :notice => "..."}
# File app/controllers/api/v3/sessions_controller.rb, line 60
def create
  #warden.authenticate! is throwing a failure even if the password and email is correct.
  #the following code is doing a direct authentication via database.
  #this will not be competible if we change database authenticatable devise strategy.
  @resource = User.find_by_email(params[:user][:email])
  redirect_to  api_v3_failure_path and return if !@resource.present? || @resource.encrypted_password.blank?
  bt = BCrypt::Password.new(@resource.encrypted_password)
  pw = BCrypt::Engine.hash_secret("#{params[:user][:password]}#{@resource.class.pepper}", bt.salt)
  @resource
  if Devise.secure_compare(pw, @resource.encrypted_password)
    # sign_in(@resource)
  else
    redirect_to api_v3_failure_path and return
  end
end
destroy() click to toggle source

User sign out

/api/v3/sign_out.json

Input params:

:user_email, :user_token

Ex:

post "destroy", {:user_email => foo@bar.com, :user_token => "xxxxxxx", :format => :json}

Output:

On success - HTTP Response 204
On failed - {:status => "failed", :notice => "..."}
# File app/controllers/api/v3/sessions_controller.rb, line 94
def destroy
  user = User.find_by_authentication_token(params[:user_token])
  sign_out(user)

rescue Exception => e
    logger.error(e.message)
    render json: {status: "failed", notice: "Error: Logout failed"}
end
failure() click to toggle source
# File app/controllers/api/v3/sessions_controller.rb, line 103
def failure

end