-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #154 from pulibrary/auth-tokens
Token authentication for scripted access
- Loading branch information
Showing
20 changed files
with
446 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# frozen_string_literal: true | ||
class AuthTokensController < ApplicationController | ||
before_action :set_auth_token, only: [:show, :edit, :update, :destroy] | ||
authorize_resource only: [:new, :edit, :create, :update, :destroy] | ||
|
||
# GET /auth_tokens | ||
def index | ||
@auth_tokens = AuthToken.all | ||
end | ||
|
||
# GET /auth_tokens/1 | ||
def show; end | ||
|
||
# GET /auth_tokens/new | ||
def new | ||
@auth_token = AuthToken.new | ||
end | ||
|
||
# GET /auth_tokens/1/edit | ||
def edit; end | ||
|
||
# POST /auth_tokens | ||
def create | ||
@auth_token = AuthToken.new(auth_token_params) | ||
|
||
if @auth_token.save | ||
redirect_to @auth_token, notice: 'Auth token was successfully created.' | ||
else | ||
render :new | ||
end | ||
end | ||
|
||
# PATCH/PUT /auth_tokens/1 | ||
def update | ||
if @auth_token.update(auth_token_params) | ||
redirect_to @auth_token, notice: 'Auth token was successfully updated.' | ||
else | ||
render :edit | ||
end | ||
end | ||
|
||
# DELETE /auth_tokens/1 | ||
def destroy | ||
@auth_token.destroy | ||
redirect_to auth_tokens_url, notice: 'Auth token was successfully destroyed.' | ||
end | ||
|
||
private | ||
|
||
# Use callbacks to share common setup or constraints between actions. | ||
def set_auth_token | ||
@auth_token = AuthToken.find(params[:id]) | ||
end | ||
|
||
# Only allow a trusted parameter "white list" through. | ||
def auth_token_params | ||
params.require(:auth_token).permit(:label, group: []) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# frozen_string_literal: true | ||
module TokenAuth | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
def current_ability | ||
Ability.new(current_user, auth_token: params[:auth_token]) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# frozen_string_literal: true | ||
class AuthToken < ApplicationRecord | ||
before_create :assign_token | ||
before_save :clean_group | ||
serialize :group, Array | ||
validates :label, presence: true | ||
|
||
private | ||
|
||
def assign_token | ||
self.token = SecureRandom.hex | ||
end | ||
|
||
def clean_group | ||
self.group = group.select(&:present?) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<%= simple_form_for(@auth_token) do |f| %> | ||
<%= f.error_notification %> | ||
|
||
<div class="form-inputs"> | ||
<%= f.input :label %> | ||
<%= f.input :group, as: :multi_value %> | ||
<%= f.input :token %> | ||
</div> | ||
|
||
<div class="form-actions"> | ||
<%= f.button :submit %> | ||
</div> | ||
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<h1>Editing Auth Token</h1> | ||
|
||
<%= render 'form', auth_token: @auth_token %> | ||
<%= link_to 'Show', @auth_token %> | | ||
<%= link_to 'Back', auth_tokens_path %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
<p id="notice"><%= notice %></p> | ||
|
||
<h1>Auth Tokens</h1> | ||
|
||
<table> | ||
<thead> | ||
<tr> | ||
<th>Label</th> | ||
<th>Group</th> | ||
<th>Token</th> | ||
<th colspan="3"></th> | ||
</tr> | ||
</thead> | ||
|
||
<tbody> | ||
<% @auth_tokens.each do |auth_token| %> | ||
<tr> | ||
<td><%= auth_token.label %></td> | ||
<td><%= auth_token.group %></td> | ||
<td><%= auth_token.token %></td> | ||
<td><%= link_to 'Show', auth_token %></td> | ||
<td><%= link_to 'Edit', edit_auth_token_path(auth_token) %></td> | ||
<td><%= link_to 'Destroy', auth_token, method: :delete, data: { confirm: 'Are you sure?' } %></td> | ||
</tr> | ||
<% end %> | ||
</tbody> | ||
</table> | ||
|
||
<br> | ||
|
||
<%= link_to 'New Auth Token', new_auth_token_path %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<h1>New Auth Token</h1> | ||
|
||
<%= render 'form', auth_token: @auth_token %> | ||
<%= link_to 'Back', auth_tokens_path %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<p id="notice"><%= notice %></p> | ||
|
||
<p> | ||
<strong>Label:</strong> | ||
<%= @auth_token.label %> | ||
</p> | ||
|
||
<p> | ||
<strong>Group:</strong> | ||
<%= @auth_token.group %> | ||
</p> | ||
|
||
<p> | ||
<strong>Token:</strong> | ||
<%= @auth_token.token %> | ||
</p> | ||
|
||
<%= link_to 'Edit', edit_auth_token_path(@auth_token) %> | | ||
<%= link_to 'Back', auth_tokens_path %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# frozen_string_literal: true | ||
class CreateAuthTokens < ActiveRecord::Migration[5.1] | ||
def change | ||
create_table :auth_tokens do |t| | ||
t.string :label | ||
t.string :group | ||
t.string :token | ||
|
||
t.timestamps | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.