Commit 692eab74 by liyijie

Add valid to authable

parent b63b8f89
......@@ -9,5 +9,10 @@ module RailsApiAuthentication
include RailsApiAuthentication::AuthSession
auth_session klass_sym
end
def acts_as_auth_password(klass_sym)
include RailsApiAuthentication::AuthPassword
auth_password klass_sym
end
end
end
......@@ -4,5 +4,10 @@ module RailsApiAuthentication
include RailsApiAuthentication::Authable
auth_for params
end
def acts_as_validable(params={})
include RailsApiAuthentication::Authable
valid_for params
end
end
end
module RailsApiAuthentication
module AuthPassword
extend ActiveSupport::Concern
included do
end
# Reset password with token
def create
auth_password = self.class.klass.auth_password
valid_key = self.class.klass.valid_key
self.send("current_#{self.class.klass_sym}")&.reset_password(reset_password_params[auth_password], reset_password_params[valid_key])
render json: { meesage: "reset password successful"}, status: 200
rescue UserError => e
render json: { error: e.message }, status: e.status
end
# Update password when the auth is pass
def update
auth_password = self.class.klass.auth_password
self.send("current_#{self.class.klass_sym}")&.update_password(password_params[auth_password])
render json: { meesage: "update password successful"}, status: 200
rescue UserError => e
render json: { error: e.message }, status: e.status
end
private
def password_params
auth_password = self.class.klass.auth_password
params.require(self.class.klass_sym).permit(auth_password)
end
def reset_password_params
auth_password = self.class.klass.auth_password
valid_key = self.class.klass.valid_key
params.require(self.class.klass_sym).permit(
auth_password, valid_key
)
end
module ClassMethods
attr_reader :klass, :klass_sym
def auth_password klass_sym
@klass = klass_sym.to_s.camelize.constantize
@klass_sym = klass_sym
end
end
end
end
......@@ -4,23 +4,42 @@ module RailsApiAuthentication
DIGEST = Digest::SHA2.new
included do
attr_accessor :token
def logout
AuthToken.find(token: token)&.first&.delete if token.present?
end
def update_password password
raise(UserError.new(401, '-1', 'password is blank')) if password.blank?
self.update(@auth_password => generate_password(password))
end
def reset_password password, valid_code
update_password(password) if self.class.valid?(self.send(@auth_key), valid_code)
end
end
module ClassMethods
attr_reader :auth_key, :auth_password
attr_reader :auth_key, :auth_password, :valid_key
def auth_for params
@auth_key = params[:auth_key]&.to_sym || :name
@auth_password = params[:auth_password]&.to_sym || :password
end
def valid_for params
@valid_key = params[:key]&.to_sym || :valid_code
@valid_expire = params[:expire]&.to_sym || 60
@valid_length = params[:length]&.to_sym || 4
end
def generate_valid_code name
code = (0..9).to_a.sample(@valid_length).join
$redis.setex(name, @valid_expire, code)
end
def login(name, password)
user = self.find_by(@auth_key => name)
raise(UserError.new(401, '-1', 'Unauthorized')) if user.nil?
......@@ -29,7 +48,6 @@ module RailsApiAuthentication
AuthToken.create(self, { oid: user.id })
end
def auth!(request)
user = auth(request)
user.nil? ? raise(UserError.new(401, '-1', 'Unauthorized')) : user
......@@ -37,6 +55,7 @@ module RailsApiAuthentication
def register(name, password, attrs={})
raise(UserError.new(401, '-1', 'password is blank')) if password.blank?
raise(UserError.new(401, '-1', 'valid token is not correct')) if @valid_key.present? && !valid?(name, attrs[@valid_key])
self.create!({@auth_key => name, @auth_password => generate_password(password)}.merge attrs)
rescue ActiveRecord::RecordInvalid => e
raise UserError.new(401, '-1', e.message)
......@@ -61,6 +80,10 @@ module RailsApiAuthentication
"#{salt(password, suffix)}:#{suffix}"
end
def valid? name, valid_code
valid_code == $redis.get(name)
end
def auth(request)
token = request.env["HTTP_#{self.to_s.upcase}_TOKEN"] || request.env["#{self.to_s.upcase}_TOKEN"]
auth = AuthToken.find(token: token)&.first
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment