Commit a590ddfeaec31b81f788429b3aebb702bf7deaa2

Authored by Carlos Purificação
1 parent ea5cb22f

Login captcha intial implementation

lib/noosfero/api/helpers.rb
... ... @@ -21,6 +21,17 @@ require 'grape'
21 21 plugins
22 22 end
23 23  
  24 + def current_tmp_user
  25 + private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
  26 + @current_tmp_user ||= User.find_by_private_token(private_token)
  27 + @current_tmp_user = nil if !@current_tmp_user.nil? && @current_tmp_user.private_token_expired?
  28 + @current_tmp_user
  29 + end
  30 +
  31 + def logout_tmp_user
  32 + @current_tmp_user = nil
  33 + end
  34 +
24 35 def current_user
25 36 private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
26 37 @current_user ||= User.find_by_private_token(private_token)
... ... @@ -307,6 +318,8 @@ require 'grape'
307 318  
308 319 def set_session_cookie
309 320 cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
  321 + # Set also the private_token for the current_tmp_user
  322 + cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
310 323 end
311 324  
312 325 def setup_multitenancy
... ...
lib/noosfero/api/session.rb
... ... @@ -4,6 +4,26 @@ module Noosfero
4 4 module API
5 5 class Session < Grape::API
6 6  
  7 + ################################
  8 + # => Login with captcha only
  9 + # This method will attempt to login the user using only the captcha.
  10 + # To do this, we generate a temporary in-memory user and generate a private
  11 + # token to it.
  12 + ################################
  13 + post "/login-captcha" do
  14 + remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
  15 + # test_captcha will render_api_error! and exit in case of any problem
  16 + # this return is just to improve the clarity of the execution path
  17 + return unless test_captcha(remote_ip, params, environment)
  18 +
  19 + name = "tmp_user_#{remote_ip}"
  20 + user = User.new(:name => name)
  21 + user.generate_private_token!
  22 +
  23 + @current_tmp_user = user
  24 + {:private_token => user.private_token}
  25 + end
  26 +
7 27 # Login to get token
8 28 #
9 29 # Parameters:
... ...