Address code review comments
This commit is contained in:
parent
83267d08e0
commit
101fbb7aa5
|
@ -15,7 +15,7 @@ module AuthApiDoc
|
|||
end
|
||||
|
||||
swagger_path '/api/v1/auth/generate-token' do
|
||||
# Swagger documentation for /api/v1/auth/generate-token GET
|
||||
# Swagger documentation for /api/v1/auth/generate-token POST
|
||||
operation :post do
|
||||
|
||||
key :description, 'Return a valid Authorization Bearer token.'
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
require 'json'
|
||||
|
||||
module Authentication
|
||||
module Strategies
|
||||
class UserPassword < Warden::Strategies::Base
|
||||
|
@ -16,25 +18,31 @@ module Authentication
|
|||
# Check if request contains valid data and should be authenticated.
|
||||
# @return [Boolean] true if strategy should be run for the request; otherwise, false.
|
||||
def valid?
|
||||
body = JSON.parse(request.body.read, symbolize_names: true)
|
||||
request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
|
||||
body[:username] && body[:password]
|
||||
begin
|
||||
body = JSON.parse(request.body.read, symbolize_names: true)
|
||||
body[:username] && body[:password]
|
||||
ensure
|
||||
request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
|
||||
end
|
||||
end
|
||||
|
||||
# Authenticate the request.
|
||||
def authenticate!
|
||||
body = JSON.parse(request.body.read, symbolize_names: true)
|
||||
request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
|
||||
db_manager = env['msf.db_manager']
|
||||
user = db_manager.users(username: body[:username]).first
|
||||
begin
|
||||
body = JSON.parse(request.body.read, symbolize_names: true)
|
||||
|
||||
if user.nil? || !db_manager.authenticate_user(id: user.id, password: body[:password])
|
||||
fail("Invalid username or password.")
|
||||
else
|
||||
success!(user)
|
||||
db_manager = env['msf.db_manager']
|
||||
user = db_manager.users(username: body[:username]).first
|
||||
|
||||
if user.nil? || !db_manager.authenticate_user(id: user.id, password: body[:password])
|
||||
fail("Invalid username or password.")
|
||||
else
|
||||
success!(user)
|
||||
end
|
||||
ensure
|
||||
request.body.rewind # Reset the StringIO buffer so any further consumers can read the body
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue