diff --git a/app/controllers/habits_controller.rb b/app/controllers/habits_controller.rb index d61eaf18b4..957713984d 100644 --- a/app/controllers/habits_controller.rb +++ b/app/controllers/habits_controller.rb @@ -6,7 +6,7 @@ class HabitsController < ApplicationController @user = current_user respond_to do |format| format.html # index.html.erb - format.json { render json: @user } + format.json { render json: { habits: @user.habits, user: @user } } end end diff --git a/app/controllers/tokens_controller.rb b/app/controllers/tokens_controller.rb new file mode 100644 index 0000000000..68d7946973 --- /dev/null +++ b/app/controllers/tokens_controller.rb @@ -0,0 +1,48 @@ +class TokensController < ApplicationController + skip_before_filter :verify_authenticity_token + respond_to :json + def create + email = params[:email] + password = params[:password] + if request.format != :json + render :status=>406, :json=>{:message=>"The request must be json"} + return + end + + if email.nil? or password.nil? + render :status=>400, + :json=>{:message=>"The request must contain the user email and password."} + return + end + + @user=User.find_by_email(email.downcase) + + if @user.nil? + logger.info("User #{email} failed signin, user cannot be found.") + render :status=>401, :json=>{:message=>"Invalid email or passoword."} + return + end + + # http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable + @user.ensure_authentication_token! + + if not @user.valid_password?(password) + logger.info("User #{email} failed signin, password \"#{password}\" is invalid") + render :status=>401, :json=>{:message=>"Invalid email or passoword."} + else + render :status=>200, :json=>{:token=>@user.authentication_token} + end + end + + def destroy + @user=User.find_by_authentication_token(params[:id]) + if @user.nil? + logger.info("Token not found.") + render :status=>404, :json=>{:message=>"Invalid token."} + else + @user.reset_authentication_token! + render :status=>200, :json=>{:token=>params[:id]} + end + end + +end diff --git a/app/models/user.rb b/app/models/user.rb index ff20afa025..c629abe1ea 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -2,7 +2,8 @@ class User < ActiveRecord::Base # Include default devise modules. Others available are: # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :trackable, :validatable + :recoverable, :rememberable, :trackable, :validatable, + :token_authenticatable # Setup accessible (or protected) attributes for your model attr_accessible :email, :password, :password_confirmation, :remember_me, :lvl, :exp, :money diff --git a/config/routes.rb b/config/routes.rb index ee0c84f508..59081e58e9 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -9,6 +9,7 @@ HabitTracker::Application.routes.draw do end devise_for :users + resources :tokens,:only => [:create, :destroy] # The priority is based upon order of creation: # first created -> highest priority. diff --git a/db/migrate/20120214033038_add_token_authentication.rb b/db/migrate/20120214033038_add_token_authentication.rb new file mode 100644 index 0000000000..4f6538c027 --- /dev/null +++ b/db/migrate/20120214033038_add_token_authentication.rb @@ -0,0 +1,9 @@ +class AddTokenAuthentication < ActiveRecord::Migration + def up + add_column :users, :authentication_token, :string + end + + def down + remove_column :users, :authentication_token + end +end