Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow keyless guests #606

Merged
merged 6 commits into from Nov 28, 2018
Merged

Allow keyless guests #606

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
032f1f0
Comment revisions only.
gsrohde Nov 9, 2018
3633d39
Implement feature requested in Issue #605: allow key-less API access …
gsrohde Nov 26, 2018
86a9e2c
Merge branch 'develop' into allow_keyless_guests
dlebauer Nov 26, 2018
1510660
Consider an invalid API key an error rather than defaulting to the gu…
gsrohde Nov 27, 2018
d0f8c05
Fixed incorrect login string. Got rid of redundant use of params[:key].
gsrohde Nov 27, 2018
ff5a8ea
Merge branch 'develop' into allow_keyless_guests
dlebauer Nov 27, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 8 additions & 4 deletions app/models/bulk_upload_data_set.rb
View file
Open in desktop
Expand Up @@ -1242,8 +1242,12 @@ def insert_data
t.site_id = row['site_id']

# Modify each Trait class instance so that date strings are
# interpreted as being in the time zone of the trait site
# (or UTC, if the trait site time_zone column is null)
# interpreted as being in the time zone of the trait site (or UTC, if
# the trait site time_zone column is null). Note that in the Bulk
# Upload Wizard, the validation step will prevent reaching this code
# if a site without time zone is in the data file. But nothing
# prevents a site without time zone from being specified
# interactively.
class <<t
def date=(value)
date = Time.use_zone(Site.find(site_id).time_zone || 'UTC') do
Expand Down Expand Up @@ -1971,8 +1975,8 @@ def get_insertion_data
# dates are assumed always to be accurate to the day:
csv_row_as_hash["dateloc"] = 5

# bulk upload doesn't handles "date only" dates and dates with time to the
# second; determine which:
# bulk upload handles "date only" dates and dates with time to the
# second and no other cases; determine which:
if csv_row_as_hash["date"].length == 19
csv_row_as_hash["timeloc"] = 1
elsif csv_row_as_hash["date"].length == 10
Expand Down
26 changes: 25 additions & 1 deletion app/services/api_authentication_system.rb
View file
Open in desktop
@@ -1,9 +1,14 @@
# coding: utf-8
module ApiAuthenticationSystem
include AuthenticatedSystem

# Override default access_denied action.
def access_denied
@errors = "authentication failed"
if @errors
@errors = "authentication failed: " + @errors
else
@errors = "authentication failed"
end
render status: 401
end

Expand All @@ -19,4 +24,23 @@ def permissions(action_name, resource)
end
end

# Override "login_from_api_key" so that if no key is given or the given key is
# invalid, the user is logged in as the guest user.
def login_from_api_key
key = params[:key]
if key.nil?
u = User.find_by_login('guestuserx')
if u.nil?
@errors = "For key-less access to the API, you must set up the guest user account."
end
else
u = User.find_by_apikey(params[:key])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpicking but can use key variable here to prevent an extra lookup.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem--that was my intention but then I forgot to; and your nitpicking led me to notice and fix a more serious problem.

if u.nil?
@errors = "Invalid API key. To access the API as a guest user, omit the “key” parameter."
end
end

return u
end

end