class Api::V3::SessionsController
Authenticates user before accessing the api
Information returns in <user_info>:
{ "status": "success", "user": { "name": "Isuru Akalanka", "id": 143, "email": "isuru@venturit.com", "bio": "### My Profile\r\nThis is my profile details", "institute": "Venturit", "profile_url": "http://localhost:3000/users/isuru-akalanka", "contributions": 2, "projects": 1, "collaborations": 1, "avatar": { "original": "http://localhost:3000/uploads/user/avatar/143/at_t.png", "thumb": "http://localhost:3000/uploads/user/avatar/143/at_t.png", "medium": "http://localhost:3000/uploads/user/avatar/143/medium_at_t.png" }, "latest_activity": "2015-09-01T05:53:48.581Z", "home_screen": "recent_activity", "badges": [ { "name": "", "url": "" } ], "auth_token": "Jhj5w6r...R3ybKq2qs-" } }
Public Instance Methods
create()
click to toggle source
User sign in
/api/v3/sign_in.json
Input params;
{:user => {:email => “???”, :password => “???”}}
Ex;
post "create", {:user => {:email=>foo@bar.com, :password => "xxxxxxx"}, :format=>:json}
Output;
On success - {:status => "success", :user => <user_info>} On failed - {:status => "failed", :notice => "..."}
# File app/controllers/api/v3/sessions_controller.rb, line 60 def create #warden.authenticate! is throwing a failure even if the password and email is correct. #the following code is doing a direct authentication via database. #this will not be competible if we change database authenticatable devise strategy. @resource = User.find_by_email(params[:user][:email]) redirect_to api_v3_failure_path and return if !@resource.present? || @resource.encrypted_password.blank? bt = BCrypt::Password.new(@resource.encrypted_password) pw = BCrypt::Engine.hash_secret("#{params[:user][:password]}#{@resource.class.pepper}", bt.salt) @resource if Devise.secure_compare(pw, @resource.encrypted_password) # sign_in(@resource) else redirect_to api_v3_failure_path and return end end
destroy()
click to toggle source
User sign out
/api/v3/sign_out.json
Input params:
:user_email, :user_token
Ex:
post "destroy", {:user_email => foo@bar.com, :user_token => "xxxxxxx", :format => :json}
Output:
On success - HTTP Response 204 On failed - {:status => "failed", :notice => "..."}
# File app/controllers/api/v3/sessions_controller.rb, line 94 def destroy user = User.find_by_authentication_token(params[:user_token]) sign_out(user) rescue Exception => e logger.error(e.message) render json: {status: "failed", notice: "Error: Logout failed"} end
failure()
click to toggle source
# File app/controllers/api/v3/sessions_controller.rb, line 103 def failure end