Merge pull request #346 from alfajango/hubot-authenticity-token

Added ability to authenticate by authenticity token, needed for compatibility with hubot.
kandanapp · Apr 27, 2014 · 5cd6e66 · 5cd6e66
2 parents 49f4125 + 8d10d18
commit 5cd6e66
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb
@@ -1,4 +1,5 @@
 class ActivitiesController < ApplicationController
+  before_filter :authenticate_user_from_token!, :only => :create
   before_filter :authenticate_user!
 
   def index

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -18,4 +18,21 @@ def redirect_suspended_account
   	redirect_to suspended_path if redirect
   end
 
+  private
+
+  # For this example, we are simply using token authentication
+  # via parameters. However, anyone could use Rails's token
+  # authentication features to get the token from a header.
+  def authenticate_user_from_token!
+    user_token = params[:auth_token].presence
+    user       = user_token && User.find_by_authentication_token(user_token.to_s)
+
+    if user
+      # Notice we are passing store false, so the user is not
+      # actually stored in the session and a token is needed
+      # for every request. If you want the token to work as a
+      # sign in token, you can simply remove store: false.
+      sign_in user, store: false
+    end
+  end
 end