Commit 4024aa8e authored by Marin Jankovski's avatar Marin Jankovski

Try to keep token authenticable compatibility

parent 34cfd84e
require 'gon'
class ApplicationController < ActionController::Base
before_filter :authenticate_user_from_token!
before_filter :authenticate_user!
before_filter :reject_blocked!
before_filter :check_password_expiration
......@@ -28,6 +29,20 @@ class ApplicationController < ActionController::Base
protected
# From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
def authenticate_user_from_token!
user_token = params[:user_token].presence
user = user_token && User.find_by_authentication_token(user_token.to_s)
if user
# Notice we are passing store false, so the user is not
# actually stored in the session and a token is needed
# for every request. If you want the token to work as a
# sign in token, you can simply remove store: false.
sign_in user, store: false
end
end
def log_exception(exception)
application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace
application_trace.map!{ |t| " #{t}\n" }
......
module TokenAuthenticatable
extend ActiveSupport::Concern
module ClassMethods
def find_by_authentication_token(authentication_token = nil)
if authentication_token
where(authentication_token: authentication_token).first
end
end
end
def ensure_authentication_token
if authentication_token.blank?
self.authentication_token = generate_authentication_token
end
end
def reset_authentication_token!
self.authentication_token = generate_authentication_token
save
end
private
def generate_authentication_token
loop do
token = Devise.friendly_token
break token unless self.class.unscoped.where(authentication_token: token).first
end
end
end
......@@ -52,6 +52,7 @@ require 'file_size_validator'
class User < ActiveRecord::Base
include Gitlab::ConfigHelper
extend Gitlab::ConfigHelper
include TokenAuthenticatable
default_value_for :admin, false
default_value_for :can_create_group, gitlab_config.default_can_create_group
......@@ -60,7 +61,7 @@ class User < ActiveRecord::Base
default_value_for :projects_limit, gitlab_config.default_projects_limit
default_value_for :theme_id, gitlab_config.default_theme
devise :database_authenticatable, :token_authenticatable, :lockable, :async,
devise :database_authenticatable, :lockable, :async,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
attr_accessor :force_random_password
......
......@@ -155,10 +155,6 @@ Devise.setup do |config|
# REST_AUTH_SITE_KEY to pepper)
# config.encryptor = :sha512
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
config.token_authentication_key = :private_token
# Authentication through token does not store user in session and needs
# to be supplied on each request. Useful if you are using the token as API token.
config.skip_session_storage << :token_auth
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment