Commit c18fefcfa4cef0b0036508ec57dd8d818e007f72
Committed by
Rodrigo Souto
Rodrigo Souto
1 parent
4e9cbfd2
Exists in
api_tasks
and in
4 other branches
api: set session cookie
Showing
3 changed files
with
8 additions
and
2 deletions
Show diff stats
lib/noosfero/api/api.rb
| @@ -10,6 +10,7 @@ module Noosfero | @@ -10,6 +10,7 @@ module Noosfero | ||
| 10 | before { setup_multitenancy } | 10 | before { setup_multitenancy } |
| 11 | before { detect_stuff_by_domain } | 11 | before { detect_stuff_by_domain } |
| 12 | after { end_log } | 12 | after { end_log } |
| 13 | + after { set_session_cookie } | ||
| 13 | 14 | ||
| 14 | version 'v1' | 15 | version 'v1' |
| 15 | prefix "api" | 16 | prefix "api" |
lib/noosfero/api/helpers.rb
| @@ -9,7 +9,7 @@ module Noosfero | @@ -9,7 +9,7 @@ module Noosfero | ||
| 9 | end | 9 | end |
| 10 | 10 | ||
| 11 | def current_user | 11 | def current_user |
| 12 | - private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s if params | 12 | + private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token'] || cookies['_noosfero_api_session']).to_s if params |
| 13 | @current_user ||= User.find_by_private_token(private_token) | 13 | @current_user ||= User.find_by_private_token(private_token) |
| 14 | @current_user = nil if !@current_user.nil? && @current_user.private_token_expired? | 14 | @current_user = nil if !@current_user.nil? && @current_user.private_token_expired? |
| 15 | @current_user | 15 | @current_user |
| @@ -146,7 +146,11 @@ module Noosfero | @@ -146,7 +146,11 @@ module Noosfero | ||
| 146 | render_api_error!(messages.join(','), 400) | 146 | render_api_error!(messages.join(','), 400) |
| 147 | end | 147 | end |
| 148 | protected | 148 | protected |
| 149 | - | 149 | + |
| 150 | + def set_session_cookie | ||
| 151 | + cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present? | ||
| 152 | + end | ||
| 153 | + | ||
| 150 | def start_log | 154 | def start_log |
| 151 | logger.info "Started #{request.path} #{request.params.except('password')}" | 155 | logger.info "Started #{request.path} #{request.params.except('password')}" |
| 152 | end | 156 | end |
lib/noosfero/api/session.rb
| @@ -16,6 +16,7 @@ module Noosfero | @@ -16,6 +16,7 @@ module Noosfero | ||
| 16 | 16 | ||
| 17 | return unauthorized! unless user | 17 | return unauthorized! unless user |
| 18 | user.generate_private_token! | 18 | user.generate_private_token! |
| 19 | + @current_user = user | ||
| 19 | present user, :with => Entities::UserLogin | 20 | present user, :with => Entities::UserLogin |
| 20 | end | 21 | end |
| 21 | 22 |