session.rb
7.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
require "uri"
module Api
module V1
class Session < Grape::API
################################
# => Login with captcha only
# This method will attempt to login the user using only the captcha.
# To do this, we generate a temporary in-memory user and generate a private
# token to it.
################################
post "/login-captcha" do
remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
# verify_captcha will render_api_error! and exit in case of any problem
# this return is just to improve the clarity of the execution path
return unless verify_captcha(remote_ip, params, environment)
## Creates and caches a captcha session store
store = Noosfero::API::SessionStore.create("captcha")
## Initialize the data for the session store
store.data = []
## Put it back in cache
store.store
{ "private_token" => "#{store.private_token}" }
end
# Login to get token
#
# Parameters:
# login (*required) - user login or email
# password (required) - user password
#
# Example Request:
# POST http://localhost:3000/api/v1/login?login=adminuser&password=admin
post "/login" do
begin
user ||= User.authenticate(params[:login], params[:password], environment)
rescue User::UserNotActivated => e
render_api_error!(e.message, 401)
end
return unauthorized! unless user
@current_user = user
present user, :with => Entities::UserLogin, :current_person => current_person
end
post "/login_from_cookie" do
return unauthorized! if cookies[:auth_token].blank?
user = User.where(remember_token: cookies[:auth_token]).first
return unauthorized! unless user && user.activated?
@current_user = user
present user, :with => Entities::UserLogin, :current_person => current_person
end
# Create user.
#
# Parameters:
# email (required) - Email
# password (required) - Password
# login - login
# Example Request:
# POST /register?email=some@mail.com&password=pas&password_confirmation=pas&login=some
params do
requires :email, type: String, desc: _("Email")
requires :login, type: String, desc: _("Login")
#requires :password, type: String, desc: _("Password")
#requires :password_confirmation, type: String, desc: _("Password confirmation")
end
post "/register" do
attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
# verify_captcha will render_api_error! and exit in case of any problem
# this return is just to improve the clarity of the execution path
return unless verify_captcha(remote_ip, params, environment)
name = params[:name].present? ? params[:name] : attrs[:email]
attrs[:password_confirmation] = attrs[:password] if !attrs.has_key?(:password_confirmation)
user = User.new(attrs.merge(:name => name))
begin
user.signup!
user.generate_private_token! if user.activated?
present user, :with => Entities::UserLogin, :current_person => user.person
rescue ActiveRecord::RecordInvalid
message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json
render_api_error!(message, 400)
end
end
params do
requires :activation_code, type: String, desc: _("Activation token")
end
# Activate a user.
#
# Parameter:
# activation_code (required) - Activation token
# Example Request:
# PATCH /activate?activation_code=28259abd12cc6a64ef9399cf3286cb998b96aeaf
patch "/activate" do
user = User.find_by activation_code: params[:activation_code]
if user
unless user.environment.enabled?('admin_must_approve_new_users')
if user.activate
user.generate_private_token!
present user, :with => Entities::UserLogin, :current_person => current_person
end
else
if user.create_moderate_task
user.activation_code = nil
user.save!
# Waiting for admin moderate user registration
status 202
body({
:message => 'Waiting for admin moderate user registration'
})
end
end
else
# Token not found in database
render_api_error!(_('Token is invalid'), 412)
end
end
# Request a new password.
#
# Parameters:
# value (required) - Email or login
# Example Request:
# POST /forgot_password?value=some@mail.com
post "/forgot_password" do
requestors = fetch_requestors(params[:value])
not_found! if requestors.blank?
remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
# verify_captcha will render_api_error! and exit in case of any problem
# this return is just to improve the clarity of the execution path
return unless verify_captcha(remote_ip, params, environment)
requestors.each do |requestor|
ChangePassword.create!(:requestor => requestor)
end
end
# Resend activation code.
#
# Parameters:
# value (required) - Email or login
# Example Request:
# POST /resend_activation_code?value=some@mail.com
post "/resend_activation_code" do
requestors = fetch_requestors(params[:value])
not_found! if requestors.blank?
remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
# verify_captcha will render_api_error! and exit in case of any problem
# this return is just to improve the clarity of the execution path
return unless verify_captcha(remote_ip, params, environment)
requestors.each do |requestor|
requestor.user.resend_activation_code
end
present requestors.map(&:user), :with => Entities::UserLogin
end
params do
requires :code, type: String, desc: _("Forgot password code")
end
# Change password
#
# Parameters:
# code (required) - Change password code
# password (required)
# password_confirmation (required)
# Example Request:
# PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
patch "/new_password" do
begin
change_password = ChangePassword.find_by! code: params[:code]
change_password.update_attributes!(:password => params[:password], :password_confirmation => params[:password_confirmation])
change_password.finish
present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
rescue Exception => ex
render_api_error!(ex.message, 400)
end
end
end
end
end