-
Notifications
You must be signed in to change notification settings - Fork 0
/
application_controller.rb
27 lines (23 loc) · 1018 Bytes
/
application_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :null_session
private
def current_user
# logger.debug request.headers.inspect
logger.debug request.headers['HTTP_ACCESS_TOKEN']
# logger.debug request.headers['access_token']
if session[:user_id]
logger.warn 'Getting user because the session had a user_id.'
@current_user ||= User.find(session[:user_id]) if session[:user_id]
elsif request.headers['HTTP_ACCESS_TOKEN']
logger.warn 'Getting user because request had an access token.'
@urrent_user ||= User.find_by_access_token request.headers['HTTP_ACCESS_TOKEN']
end
rescue ActiveRecord::RecordNotFound => e
# The user has an invalid session, so let's kill it off.
logger.warn "A session was provided, but that user isn't in the database: #{ e }"
redirect_to '/logout'
end
helper_method :current_user
end