Download as
Browse Code »

Commit c18fefcfa4cef0b0036508ec57dd8d818e007f72

Authored by Victor Costa
Committed by Rodrigo Souto
1 parent 4e9cbfd2
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

api: set session cookie

Showing 3 changed files with 8 additions and 2 deletions   Show diff stats
lib/noosfero/api/api.rb
  Diff comments   View file @c18fefc
... ... @@ -10,6 +10,7 @@ module Noosfero
10 10 before { setup_multitenancy }
11 11 before { detect_stuff_by_domain }
12 12 after { end_log }
  13 + after { set_session_cookie }
13 14  
14 15 version 'v1'
15 16 prefix "api"
... ...
lib/noosfero/api/helpers.rb
  Diff comments   View file @c18fefc
... ... @@ -9,7 +9,7 @@ module Noosfero
9 9 end
10 10  
11 11 def current_user
12   - private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s if params
  12 + private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token'] || cookies['_noosfero_api_session']).to_s if params
13 13 @current_user ||= User.find_by_private_token(private_token)
14 14 @current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
15 15 @current_user
... ... @@ -146,7 +146,11 @@ module Noosfero
146 146 render_api_error!(messages.join(','), 400)
147 147 end
148 148 protected
149   -
  149 +
  150 + def set_session_cookie
  151 + cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
  152 + end
  153 +
150 154 def start_log
151 155 logger.info "Started #{request.path} #{request.params.except('password')}"
152 156 end
... ...
lib/noosfero/api/session.rb
  Diff comments   View file @c18fefc
... ... @@ -16,6 +16,7 @@ module Noosfero
16 16  
17 17 return unauthorized! unless user
18 18 user.generate_private_token!
  19 + @current_user = user
19 20 present user, :with => Entities::UserLogin
20 21 end
21 22  
... ...