app/controllers/administration/api_keys_controller.rb app/views/administration/api_keys/show.html.erb db/migrate/20080805202133_add_api_key_to_people.rb @@ -50,8 +50,12 @@ class ApplicationController < ActionController::Base Person.logged_in = @logged_in = Person.find_by_id(id) end end + + def authenticate_user # default + authenticate_user_with_http_basic_or_session + end - def authenticate_user + def authenticate_user_with_session if id = session[:logged_in_id] unless person = Person.find_by_id(id) session[:logged_in_id] = nil @@ -77,18 +81,19 @@ class ApplicationController < ActionController::Base def authenticate_user_with_code_or_session unless params[:code] and Person.logged_in = @logged_in = Person.find_by_feed_code(params[:code]) - authenticate_user + authenticate_user_with_session end end - def authenticate_user_with_http_basic - authenticate_with_http_basic do |username, password| - if (key = password.any? ? password : username).any? - Person.logged_in = @logged_in = Person.find_by_feed_code(key) + def authenticate_user_with_http_basic_or_session + authenticate_with_http_basic do |email, api_key| + if email.to_s.any? and api_key.to_s.length == 50 + Person.logged_in = @logged_in = Person.find_by_email_and_api_key(email, api_key) + Person.logged_in = @logged_in = nil unless @logged_in.super_admin? end end unless @logged_in - authenticate_user + authenticate_user_with_session end end app/controllers/application.rb @@ -481,11 +481,15 @@ class Person < ActiveRecord::Base before_create :update_feed_code def update_feed_code begin # ensure unique - code = (1..50).collect { (i = Kernel.rand(62); i += ((i < 10) ? 48 : ((i < 36) ? 55 : 61 ))).chr }.join + code = random_chars(50) write_attribute :feed_code, code end while Person.count('*', :conditions => ['feed_code = ?', code]) > 0 end + def generate_api_key + write_attribute :api_key, random_chars(50) + end + def update_from_params(params) person_basics = %w(first_name last_name suffix mobile_phone work_phone fax city state zip birthday anniversary gender address1 address2 city state zip) if params[:photo_url] and params[:photo_url].length > 7 # not just "http://" app/models/person.rb @@ -71,6 +71,7 @@ ActionController::Routing::Routes.draw do |map| map.admin 'admin', :controller => 'administration/dashboards' map.namespace :administration, :path_prefix => 'admin' do |admin| + admin.resource :api_key admin.resources :updates admin.resources :admins admin.resources :membership_requests config/routes.rb 78744b9b9f919a7c7f975395f39c7428468fcc3b Tim Morgan tim@timmorgan.org http://github.com/seven1m/onebody/commit/c07a5659540caa54be9dd050b4836e498addc329 c07a5659540caa54be9dd050b4836e498addc329 2008-08-05T14:06:47-07:00 2008-08-05T06:14:00-07:00 Added API key support and http basic authentication. d7557d1b9ff9b728c1da1fd3ecb33149a702582d Tim Morgan tim@timmorgan.org