Commit a590ddfeaec31b81f788429b3aebb702bf7deaa2
1 parent
ea5cb22f
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Login captcha intial implementation
Showing
2 changed files
with
33 additions
and
0 deletions
Show diff stats
lib/noosfero/api/helpers.rb
| ... | ... | @@ -21,6 +21,17 @@ require 'grape' |
| 21 | 21 | plugins |
| 22 | 22 | end |
| 23 | 23 | |
| 24 | + def current_tmp_user | |
| 25 | + private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s | |
| 26 | + @current_tmp_user ||= User.find_by_private_token(private_token) | |
| 27 | + @current_tmp_user = nil if !@current_tmp_user.nil? && @current_tmp_user.private_token_expired? | |
| 28 | + @current_tmp_user | |
| 29 | + end | |
| 30 | + | |
| 31 | + def logout_tmp_user | |
| 32 | + @current_tmp_user = nil | |
| 33 | + end | |
| 34 | + | |
| 24 | 35 | def current_user |
| 25 | 36 | private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s |
| 26 | 37 | @current_user ||= User.find_by_private_token(private_token) |
| ... | ... | @@ -307,6 +318,8 @@ require 'grape' |
| 307 | 318 | |
| 308 | 319 | def set_session_cookie |
| 309 | 320 | cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present? |
| 321 | + # Set also the private_token for the current_tmp_user | |
| 322 | + cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present? | |
| 310 | 323 | end |
| 311 | 324 | |
| 312 | 325 | def setup_multitenancy | ... | ... |
lib/noosfero/api/session.rb
| ... | ... | @@ -4,6 +4,26 @@ module Noosfero |
| 4 | 4 | module API |
| 5 | 5 | class Session < Grape::API |
| 6 | 6 | |
| 7 | + ################################ | |
| 8 | + # => Login with captcha only | |
| 9 | + # This method will attempt to login the user using only the captcha. | |
| 10 | + # To do this, we generate a temporary in-memory user and generate a private | |
| 11 | + # token to it. | |
| 12 | + ################################ | |
| 13 | + post "/login-captcha" do | |
| 14 | + remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) | |
| 15 | + # test_captcha will render_api_error! and exit in case of any problem | |
| 16 | + # this return is just to improve the clarity of the execution path | |
| 17 | + return unless test_captcha(remote_ip, params, environment) | |
| 18 | + | |
| 19 | + name = "tmp_user_#{remote_ip}" | |
| 20 | + user = User.new(:name => name) | |
| 21 | + user.generate_private_token! | |
| 22 | + | |
| 23 | + @current_tmp_user = user | |
| 24 | + {:private_token => user.private_token} | |
| 25 | + end | |
| 26 | + | |
| 7 | 27 | # Login to get token |
| 8 | 28 | # |
| 9 | 29 | # Parameters: | ... | ... |