Commit a590ddfeaec31b81f788429b3aebb702bf7deaa2
1 parent
ea5cb22f
Exists in
staging
and in
4 other branches
Login captcha intial implementation
Showing
2 changed files
with
33 additions
and
0 deletions
Show diff stats
lib/noosfero/api/helpers.rb
... | ... | @@ -21,6 +21,17 @@ require 'grape' |
21 | 21 | plugins |
22 | 22 | end |
23 | 23 | |
24 | + def current_tmp_user | |
25 | + private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s | |
26 | + @current_tmp_user ||= User.find_by_private_token(private_token) | |
27 | + @current_tmp_user = nil if !@current_tmp_user.nil? && @current_tmp_user.private_token_expired? | |
28 | + @current_tmp_user | |
29 | + end | |
30 | + | |
31 | + def logout_tmp_user | |
32 | + @current_tmp_user = nil | |
33 | + end | |
34 | + | |
24 | 35 | def current_user |
25 | 36 | private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s |
26 | 37 | @current_user ||= User.find_by_private_token(private_token) |
... | ... | @@ -307,6 +318,8 @@ require 'grape' |
307 | 318 | |
308 | 319 | def set_session_cookie |
309 | 320 | cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present? |
321 | + # Set also the private_token for the current_tmp_user | |
322 | + cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present? | |
310 | 323 | end |
311 | 324 | |
312 | 325 | def setup_multitenancy | ... | ... |
lib/noosfero/api/session.rb
... | ... | @@ -4,6 +4,26 @@ module Noosfero |
4 | 4 | module API |
5 | 5 | class Session < Grape::API |
6 | 6 | |
7 | + ################################ | |
8 | + # => Login with captcha only | |
9 | + # This method will attempt to login the user using only the captcha. | |
10 | + # To do this, we generate a temporary in-memory user and generate a private | |
11 | + # token to it. | |
12 | + ################################ | |
13 | + post "/login-captcha" do | |
14 | + remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) | |
15 | + # test_captcha will render_api_error! and exit in case of any problem | |
16 | + # this return is just to improve the clarity of the execution path | |
17 | + return unless test_captcha(remote_ip, params, environment) | |
18 | + | |
19 | + name = "tmp_user_#{remote_ip}" | |
20 | + user = User.new(:name => name) | |
21 | + user.generate_private_token! | |
22 | + | |
23 | + @current_tmp_user = user | |
24 | + {:private_token => user.private_token} | |
25 | + end | |
26 | + | |
7 | 27 | # Login to get token |
8 | 28 | # |
9 | 29 | # Parameters: | ... | ... |