Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }
- class ApplicationController < ActionController::Base
- before_filter :authenticate_user_from_token!
- protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }
- private
- def authenticate_user_from_token!
- authenticate_with_http_token do |token, options|
- user_email = options[:user_email].presence
- user = user_email && User.find_by_email(user_email)
- if user && Devise.secure_compare(user.authentication_token, token)
- sign_in user, store: false
- end
- end
- end
- end
- class SessionsController < Devise::SessionsController
- #skip_before_action :verify_authenticity_token, :only => :create
- respond_to :json, :html
- def create
- self.resource = warden.authenticate!(auth_options)
- if sign_in(resource_name, resource)
- respond_to do |format|
- format.html { super }
- format.json do
- data = {
- auth_token: self.resource.authentication_token,
- email: self.resource.email,
- id: self.resource.id
- }
- render json: data, status: 201
- end
- end
- else
- render json: {errors: self.resource.errors}, :status => 422
- end
- end
- end
- class Api::CsrfController < ApplicationController
- def index
- logger.info("csrf controller token: #{form_authenticity_token}")
- render json: { request_forgery_protection_token => form_authenticity_token }.to_json
- end
- end
- export default Ember.Object.extend({
- fetchToken: function() {
- var _this = this;
- return Ember.$.ajax({
- url: 'api/csrf'
- }).done( function(data) {
- var param = Object.keys(data)[0];
- console.log('param key name:', param);
- _this.set('token', data);
- _this.set('param', param);
- },this.setPrefilter.bind(this) );
- },
- setPrefilter: function() {
- var token = this.get('token').authenticity_token;
- var preFilter = function(options, originalOptions, jqXHR) {
- return jqXHR.setRequestHeader('X-CSRF-Token', token );
- };
- Ember.$.ajaxPrefilter(preFilter);
- }
- });
- export function initialize(container, application) {
- application.inject('route', 'csrfService', 'service:csrf');
- application.inject('controller', 'csrfService', 'service:csrf');
- }
- export default {
- name: 'csrf-service',
- initialize: initialize
- };
- import Ember from 'ember';
- export default Ember.Route.extend({
- beforeModel: function(){
- return this.csrfService.fetchToken();
- }
- });
- <form {{action 'loginUser' on='submit'}}>
- {{input type="text" value=email placeholder='email'}}
- {{input type='password' value=password placeholder='password'}}
- {{input name="authenticity_token" type="hidden" value=csrfService.token.authenticity_token }}
- <button type='submit'> Login </button>
- </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
