Download as
Browse Code »

Commit c18fefcfa4cef0b0036508ec57dd8d818e007f72

Authored by Victor Costa
Committed by Rodrigo Souto
1 parent 4e9cbfd2
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

api: set session cookie

Showing 3 changed files with 8 additions and 2 deletions   Show diff stats
lib/noosfero/api/api.rb
  Diff comments   View file @c18fefc
@@ -10,6 +10,7 @@ module Noosfero @@ -10,6 +10,7 @@ module Noosfero
10 before { setup_multitenancy } 10 before { setup_multitenancy }
11 before { detect_stuff_by_domain } 11 before { detect_stuff_by_domain }
12 after { end_log } 12 after { end_log }
  13 + after { set_session_cookie }
13 14
14 version 'v1' 15 version 'v1'
15 prefix "api" 16 prefix "api"
lib/noosfero/api/helpers.rb
  Diff comments   View file @c18fefc
@@ -9,7 +9,7 @@ module Noosfero @@ -9,7 +9,7 @@ module Noosfero
9 end 9 end
10 10
11 def current_user 11 def current_user
12 - private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s if params 12 + private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token'] || cookies['_noosfero_api_session']).to_s if params
13 @current_user ||= User.find_by_private_token(private_token) 13 @current_user ||= User.find_by_private_token(private_token)
14 @current_user = nil if !@current_user.nil? && @current_user.private_token_expired? 14 @current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
15 @current_user 15 @current_user
@@ -146,7 +146,11 @@ module Noosfero @@ -146,7 +146,11 @@ module Noosfero
146 render_api_error!(messages.join(','), 400) 146 render_api_error!(messages.join(','), 400)
147 end 147 end
148 protected 148 protected
149 - 149 +
  150 + def set_session_cookie
  151 + cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
  152 + end
  153 +
150 def start_log 154 def start_log
151 logger.info "Started #{request.path} #{request.params.except('password')}" 155 logger.info "Started #{request.path} #{request.params.except('password')}"
152 end 156 end
lib/noosfero/api/session.rb
  Diff comments   View file @c18fefc
@@ -16,6 +16,7 @@ module Noosfero @@ -16,6 +16,7 @@ module Noosfero
16 16
17 return unauthorized! unless user 17 return unauthorized! unless user
18 user.generate_private_token! 18 user.generate_private_token!
  19 + @current_user = user
19 present user, :with => Entities::UserLogin 20 present user, :with => Entities::UserLogin
20 end 21 end
21 22