Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow keyless guests #606

Merged
merged 6 commits into from Nov 28, 2018
Merged

Allow keyless guests #606

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
032f1f0
Comment revisions only.
gsrohde Nov 9, 2018
3633d39
Implement feature requested in Issue #605: allow key-less API access …
gsrohde Nov 26, 2018
86a9e2c
Merge branch 'develop' into allow_keyless_guests
dlebauer Nov 26, 2018
1510660
Consider an invalid API key an error rather than defaulting to the gu…
gsrohde Nov 27, 2018
d0f8c05
Fixed incorrect login string. Got rid of redundant use of params[:key].
gsrohde Nov 27, 2018
ff5a8ea
Merge branch 'develop' into allow_keyless_guests
dlebauer Nov 27, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 8 additions & 4 deletions app/models/bulk_upload_data_set.rb
View file
Open in desktop
Expand Up @@ -1242,8 +1242,12 @@ def insert_data
t.site_id = row['site_id']

# Modify each Trait class instance so that date strings are
# interpreted as being in the time zone of the trait site
# (or UTC, if the trait site time_zone column is null)
# interpreted as being in the time zone of the trait site (or UTC, if
# the trait site time_zone column is null). Note that in the Bulk
# Upload Wizard, the validation step will prevent reaching this code
# if a site without time zone is in the data file. But nothing
# prevents a site without time zone from being specified
# interactively.
class <<t
def date=(value)
date = Time.use_zone(Site.find(site_id).time_zone || 'UTC') do
Expand Down Expand Up @@ -1971,8 +1975,8 @@ def get_insertion_data
# dates are assumed always to be accurate to the day:
csv_row_as_hash["dateloc"] = 5

# bulk upload doesn't handles "date only" dates and dates with time to the
# second; determine which:
# bulk upload handles "date only" dates and dates with time to the
# second and no other cases; determine which:
if csv_row_as_hash["date"].length == 19
csv_row_as_hash["timeloc"] = 1
elsif csv_row_as_hash["date"].length == 10
Expand Down
23 changes: 22 additions & 1 deletion app/services/api_authentication_system.rb
View file
Open in desktop
Expand Up @@ -3,7 +3,11 @@ module ApiAuthenticationSystem

# Override default access_denied action.
def access_denied
@errors = "authentication failed"
if @errors
@errors = "authentication failed: " + @errors
else
@errors = "authentication failed"
end
render status: 401
end

Expand All @@ -19,4 +23,21 @@ def permissions(action_name, resource)
end
end

# Override "login_from_api_key" so that if no key is given or the given key is
# invalid, the user is logged in as the guest user.
def login_from_api_key
key = params[:key]
if key.nil?
u = User.find_by_login('guestuser')
else
u = User.find_by_apikey(params[:key]) || User.find_by_login('guestuser')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a key is given and it is wrong, I think it should return an error that states it is an invalid login. Otherwise the user might be confused why their login does not allow them to do certain actions in case the API is wrong (since it becomes guestuser).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better?

end

if u.nil?
@errors = "You must either use a valid API key or set up the guest user account."
end

return u
end

end