Secret Tokens, Device destroy action
parent
14d7d3e16b
commit
116f640c35
|
@ -1,3 +1,4 @@
|
|||
config/initializers/secret_token.rb
|
||||
*.gem
|
||||
*.rbc
|
||||
.bundle
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
class Api::DevicesController < ApplicationController
|
||||
respond_to :json
|
||||
|
||||
before_action :ensure_logged_in
|
||||
|
||||
def index
|
||||
|
@ -6,6 +8,16 @@ class Api::DevicesController < ApplicationController
|
|||
render json: @devices
|
||||
end
|
||||
|
||||
def destroy
|
||||
@device = Device.find(params[:id])
|
||||
ensure_device_ownership
|
||||
if @device.destroy
|
||||
render nothing: true, status: :unauthorized
|
||||
else
|
||||
render @device.errors, status: :unprocessable_entity
|
||||
end
|
||||
end
|
||||
|
||||
# def create # Not yet implemented - sit tight. Coming soon!
|
||||
# @device = Device.new(device_params)
|
||||
# if @device.save
|
||||
|
@ -27,4 +39,11 @@ private
|
|||
render nothing: true, :status => :unauthorized
|
||||
end
|
||||
end
|
||||
|
||||
def ensure_device_ownership
|
||||
if @device.user == current_user
|
||||
render nothing: true, :status => :unauthorized
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -4,8 +4,12 @@ Devise.setup do |config|
|
|||
# The secret key used by Devise. Devise uses this key to generate
|
||||
# random tokens. Changing this key will render invalid all existing
|
||||
# confirmation, reset password and unlock tokens in the database.
|
||||
# config.secret_key = '8724ed1027eb2d2686a425033671014691e16d86de126d5a39a2106b900392c309d5facd9c8c89740d5e0a50862941e0c2aa3794c4588bebfd2d7e10da1be670'
|
||||
|
||||
if Rails.env == 'production'
|
||||
config.secret_key = ENV['devise_secret']
|
||||
else
|
||||
config.secret_key = '8724ed1027eb2d2686a425033671014691e16d86de126d5a39a21'\
|
||||
'06b900392c309d5facd9c8c89740d5e0a50862941e0c2aa3794c4588bebfd2d7e10da1be670'
|
||||
end
|
||||
# ==> Mailer Configuration
|
||||
# Configure the e-mail address which will be shown in Devise::Mailer,
|
||||
# note that it will be overwritten if you use your own mailer class
|
||||
|
|
|
@ -9,4 +9,12 @@
|
|||
|
||||
# Make sure your secret_key_base is kept private
|
||||
# if you're sharing your code publicly.
|
||||
Dss::Application.config.secret_key_base = '452b4491c1cdd7315a0d787be2f7668ea8307a64733488151a43b62bdd76a6eb819cf973a9261b1500ef5745faf54171c7015f5ab7fd43449a5e06e6c1215e4e'
|
||||
if Rails.env == 'production'
|
||||
Dss::Application.config.secret_key_base = ENV['secret_key_base']
|
||||
else
|
||||
# Going to keep a hard coded one here to make life easy for folks who want to
|
||||
# run it in development / submit PRs. Less config. RC.
|
||||
Dss::Application.config.secret_key_base = '452b4491c1cdd7315a0d787be2f7668ea'\
|
||||
'8307a64733488151a43b62bdd76a6eb819cf973a9261b1500ef5745faf54171c7015f5ab7fd'\
|
||||
'43449a5e06e6c1215e4e'
|
||||
end
|
|
@ -1,6 +1,10 @@
|
|||
# Read about factories at https://github.com/thoughtbot/factory_girl
|
||||
require 'securerandom'
|
||||
|
||||
FactoryGirl.define do
|
||||
factory :device do
|
||||
name Faker::Internet.user_name
|
||||
uuid SecureRandom.uuid
|
||||
token SecureRandom.urlsafe_base64
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue