Login captcha intial implementation

Carlos Purificação
1 parent ea5cb22f
Showing 2 changed files with 33 additions and 0 deletions Show diff stats
lib/noosfero/api/helpers.rb
lib/noosfero/api/session.rb
@@ -21,6 +21,17 @@ require &#39;grape&#39;
         plugins
       end
+      def current_tmp_user
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
+        @current_tmp_user ||= User.find_by_private_token(private_token)
+        @current_tmp_user = nil if !@current_tmp_user.nil? && @current_tmp_user.private_token_expired?
+        @current_tmp_user
+      end
+
+      def logout_tmp_user
+        @current_tmp_user = nil
+      end      
+
       def current_user
         private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
         @current_user ||= User.find_by_private_token(private_token)
@@ -307,6 +318,8 @@ require &#39;grape&#39;
       def set_session_cookie
         cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+        # Set also the private_token for the current_tmp_user
+        cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
       end
       def setup_multitenancy
@@ -4,6 +4,26 @@ module Noosfero
   module API
     class Session < Grape::API
+      ################################
+      # => Login with captcha only
+      # This method will attempt to login the user using only the captcha.
+      # To do this, we generate a temporary in-memory user and generate a private
+      # token to it.
+      ################################
+      post "/login-captcha" do
+        remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
+        # test_captcha will render_api_error! and exit in case of any problem
+        # this return is just to improve the clarity of the execution path
+        return unless test_captcha(remote_ip, params, environment)
+
+        name = "tmp_user_#{remote_ip}"
+        user = User.new(:name => name)
+        user.generate_private_token!
+
+        @current_tmp_user = user
+        {:private_token => user.private_token}
+      end
+
       # Login to get token
       #
       # Parameters:
	@@ -21,6 +21,17 @@ require 'grape'		@@ -21,6 +21,17 @@ require 'grape'
21	plugins	21	plugins
22	end	22	end
23		23
		24	+ def current_tmp_user
		25	+ private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s
		26	+ @current_tmp_user \|\|= User.find_by_private_token(private_token)
		27	+ @current_tmp_user = nil if !@current_tmp_user.nil? && @current_tmp_user.private_token_expired?
		28	+ @current_tmp_user
		29	+ end
		30	+
		31	+ def logout_tmp_user
		32	+ @current_tmp_user = nil
		33	+ end
		34	+
24	def current_user	35	def current_user
25	private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s	36	private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s
26	@current_user \|\|= User.find_by_private_token(private_token)	37	@current_user \|\|= User.find_by_private_token(private_token)
	@@ -307,6 +318,8 @@ require 'grape'		@@ -307,6 +318,8 @@ require 'grape'
307		318
308	def set_session_cookie	319	def set_session_cookie
309	cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?	320	cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
		321	+ # Set also the private_token for the current_tmp_user
		322	+ cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
310	end	323	end
311		324
312	def setup_multitenancy	325	def setup_multitenancy
	@@ -4,6 +4,26 @@ module Noosfero		@@ -4,6 +4,26 @@ module Noosfero
4	module API	4	module API
5	class Session < Grape::API	5	class Session < Grape::API
6		6
		7	+ ################################
		8	+ # => Login with captcha only
		9	+ # This method will attempt to login the user using only the captcha.
		10	+ # To do this, we generate a temporary in-memory user and generate a private
		11	+ # token to it.
		12	+ ################################
		13	+ post "/login-captcha" do
		14	+ remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) \|\| (env && env['REMOTE_ADDR'])
		15	+ # test_captcha will render_api_error! and exit in case of any problem
		16	+ # this return is just to improve the clarity of the execution path
		17	+ return unless test_captcha(remote_ip, params, environment)
		18	+
		19	+ name = "tmp_user_#{remote_ip}"
		20	+ user = User.new(:name => name)
		21	+ user.generate_private_token!
		22	+
		23	+ @current_tmp_user = user
		24	+ {:private_token => user.private_token}
		25	+ end
		26	+
7	# Login to get token	27	# Login to get token
8	#	28	#
9	# Parameters:	29	# Parameters: