From 5ca9615e38a60d529f47a052355a199eff37208f Mon Sep 17 00:00:00 2001
From: Min Zeya Phyo <zeya@code2lab.co>
Date: Fri, 14 Apr 2017 23:22:58 +0630
Subject: [PATCH] API login/logout with http header token

---
 Gemfile                                       |  1 +
 Gemfile.lock                                  |  2 ++
 app/controllers/api/api_controller.rb         |  1 -
 .../api/authenticate_controller.rb            | 29 ++++++++++++++++++-
 .../api/restaurant/menu_controller.rb         |  4 +--
 .../api/restaurant/rooms_controller.rb        |  2 +-
 .../api/restaurant/seatings_controller.rb     |  2 +-
 .../api/restaurant/takeaway_controller.rb     |  2 +-
 .../api/restaurant/zones_controller.rb        |  4 +--
 .../concerns/token_verification.rb            | 12 +++-----
 config/routes.rb                              | 10 +++----
 11 files changed, 47 insertions(+), 22 deletions(-)

diff --git a/Gemfile b/Gemfile
index 44ecff75..3b8f7ca8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,6 +23,7 @@ gem 'coffee-rails', '~> 4.2'
 gem 'simple_form'
 gem 'bootstrap', '~> 4.0.0.alpha3'
 gem "font-awesome-rails"
+gem 'rack-cors'
 
 #Report and Printing gems
 gem 'cups', '~> 0.0.7'
diff --git a/Gemfile.lock b/Gemfile.lock
index 231d65f7..00b87ae7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -107,6 +107,7 @@ GEM
       prawn (>= 1.3.0, < 3.0.0)
     puma (3.8.2)
     rack (2.0.1)
+    rack-cors (0.4.1)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (5.0.2)
@@ -224,6 +225,7 @@ DEPENDENCIES
   prawn
   prawn-table
   puma (~> 3.0)
+  rack-cors
   rails (~> 5.0.2)
   rspec-rails (~> 3.5)
   sass-rails (~> 5.0)
diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb
index 06529352..2c8a1453 100644
--- a/app/controllers/api/api_controller.rb
+++ b/app/controllers/api/api_controller.rb
@@ -10,5 +10,4 @@ class Api::ApiController < ActionController::API
       return token
     end
   end
-
 end
diff --git a/app/controllers/api/authenticate_controller.rb b/app/controllers/api/authenticate_controller.rb
index e58f51d7..fcd00f1b 100644
--- a/app/controllers/api/authenticate_controller.rb
+++ b/app/controllers/api/authenticate_controller.rb
@@ -1,9 +1,36 @@
-class Api::AuthenticateController < ActionController::API
+class Api::AuthenticateController < Api::ApiController
+  skip_before_action  :authenticate
 
   def create
+    emp_id = params[:emp_id]
+    password = params[:password]
+
+    if emp_id && password
+      @employee = Employee.login(emp_id, password)
+
+      if @employee
+        render json: JSON.generate({:status => true, :session_token => @employee.token_session, :name => @employee.name, :role => @employee.role})
+      else
+        render json: JSON.generate({:status => false, :error_message => "Bad Emp_ID or Password."})
+      end
+    else
+      render json: JSON.generate({:status => false, :error_message => "Input Parameters missing."})
+
+    end
   end
 
   def destroy
+    logout_status = Employee.logout(params[:session_token])
+    if logout_status
+      render json: JSON.generate({:status => true})
+
+    else
+      render json: JSON.generate({:status => false, :error_message => "Session Token Invalid or Missing"})
+
+    end
   end
 
+  def authenticate_params
+    params.permit(:emp_id, :password, :session_token)
+  end
 end
diff --git a/app/controllers/api/restaurant/menu_controller.rb b/app/controllers/api/restaurant/menu_controller.rb
index 47a07e8b..8d80dedd 100644
--- a/app/controllers/api/restaurant/menu_controller.rb
+++ b/app/controllers/api/restaurant/menu_controller.rb
@@ -1,4 +1,4 @@
-class Api::Restaurant::MenuController < ActionController::API
+class Api::Restaurant::MenuController < Api::ApiController
   before :authenticate_token
 
   #Description
@@ -7,7 +7,7 @@ class Api::Restaurant::MenuController < ActionController::API
   def index
     menu_detail()
   end
-  
+
   #Description
   # This API show current order details
   # Input Params - menu_id
diff --git a/app/controllers/api/restaurant/rooms_controller.rb b/app/controllers/api/restaurant/rooms_controller.rb
index f9c9eb82..466e2f5d 100644
--- a/app/controllers/api/restaurant/rooms_controller.rb
+++ b/app/controllers/api/restaurant/rooms_controller.rb
@@ -1,4 +1,4 @@
-class Api::Restaurant::RoomsController < ActionController::API
+class Api::Restaurant::RoomsController < Api::ApiController
   before_action :set_room, only: [:show]
 
   def index
diff --git a/app/controllers/api/restaurant/seatings_controller.rb b/app/controllers/api/restaurant/seatings_controller.rb
index bef5b5c2..8a2245e3 100644
--- a/app/controllers/api/restaurant/seatings_controller.rb
+++ b/app/controllers/api/restaurant/seatings_controller.rb
@@ -1,4 +1,4 @@
-class Api::Restaurant::SeatingsController < ActionController::API
+class Api::Restaurant::SeatingsController < Api::ApiController
   before_action :set_table, only: [:show]
 
   def index
diff --git a/app/controllers/api/restaurant/takeaway_controller.rb b/app/controllers/api/restaurant/takeaway_controller.rb
index a6988160..6753f925 100644
--- a/app/controllers/api/restaurant/takeaway_controller.rb
+++ b/app/controllers/api/restaurant/takeaway_controller.rb
@@ -1,4 +1,4 @@
-class Api::Restaurant::TakeawaysController < ActionController::API
+class Api::Restaurant::TakeawaysController < Api::ApiController
   def index
       render json: SeatTable.order("order_by")
   end
diff --git a/app/controllers/api/restaurant/zones_controller.rb b/app/controllers/api/restaurant/zones_controller.rb
index 5349df94..38106ce3 100644
--- a/app/controllers/api/restaurant/zones_controller.rb
+++ b/app/controllers/api/restaurant/zones_controller.rb
@@ -1,7 +1,7 @@
-class Api::Restaurant::ZonesController < ActionController::API
+class Api::Restaurant::ZonesController < Api::ApiController
 
   def index
       render json: Zone.includes([:tables, :rooms]).where("is_active = true")
   end
-  
+
 end
diff --git a/app/controllers/concerns/token_verification.rb b/app/controllers/concerns/token_verification.rb
index becc48a8..7cf54caa 100644
--- a/app/controllers/concerns/token_verification.rb
+++ b/app/controllers/concerns/token_verification.rb
@@ -1,5 +1,6 @@
 module TokenVerification
   extend ActiveSupport::Concern
+  include ActionController::HttpAuthentication::Token::ControllerMethods
 
   included do
     before_action :authenticate
@@ -15,14 +16,9 @@ module TokenVerification
   def authenticate_token
     authenticate_with_http_token do |token, options|
       #@current_user = User.find_by(api_key: token)
-      @device_access = DeviceAccess.find_by_token(token)
-      if @device_access
-        @log = DeviceAccessLog.new
-        @log.device_access = @device_access
-        @log.api_route = request.env['PATH_INFO']
-        @log.remote_ip = request.remote_ip
-        # @log.client_info =
-        @log.save
+      @user = Employee.authenticate_token(token)
+      if @user
+        #Maybe log - login?
       end
 
     end
diff --git a/config/routes.rb b/config/routes.rb
index 1e85f0e5..660bd923 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -6,15 +6,15 @@ Rails.application.routes.draw do
   post 'install' =>  'install#create'
 
   #--------- Login/Authentication ------------#
-  post 'authenticate' => 'home#create'
-  delete 'authenticate' => 'home/destroy'
+  post 'login' => 'home#create'
+  delete 'logout' => 'home#destroy'
 
 
   #--------- API Routes ------------#
   namespace :api,  :defaults => { :format => 'json' } do
     #Session Login and Logout
-    post   'authenticate' => "autheticate#create"
-    delete 'authenticate' => "autheticate#destroy"
+    post   'authenticate' => "authenticate#create"
+    delete 'authenticate' => "authenticate#destroy"
 
     namespace :restaurant do
       get 'zones' => "zones#index"
@@ -35,7 +35,7 @@ Rails.application.routes.draw do
         resources :menu_items, only: [:index, :show]
         resources :menu_sold_out, only: [:index]
       end
-      
+
     end
 
     #Order Controller