From 4bea58805a28fc38074556059ab3916d03e9820b Mon Sep 17 00:00:00 2001 From: Yan Date: Thu, 5 Apr 2018 17:18:02 +0630 Subject: [PATCH 1/2] merge edit for master --- config/secrets.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/config/secrets.yml b/config/secrets.yml index eaac38a9..111e1843 100755 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -12,13 +12,8 @@ development: secret_key_base: b61d85f8ed2a1a9e0eeece3443b3e8f838d002cc1d9f32115d8e93db920e2957adfedc57501d44741211538f3108b742cdeada87d5bfae796c53da1f90a3cd61 -<<<<<<< HEAD sx_provision_url: connect.smartsales.dev/api #connect.smartsales.dev/api #connect.smartsales.asia/api #provision.zsai.ws/api server_mode: cloud -======= - sx_provision_url: connect.smartsales.asia/api #connect.smartsales.dev/api #connect.smartsales.asia/api #provision.zsai.ws/api - server_mode: application ->>>>>>> fe01948dd322688f7d59acd0d002b569dbbd40e2 cipher_type: AES-256-CBC sx_key: Wh@t1$C2L From cb3f9c4cd73da6f900444e69f83d89d650c1a442 Mon Sep 17 00:00:00 2001 From: Yan Date: Mon, 9 Apr 2018 09:58:22 +0630 Subject: [PATCH 2/2] remove skip auth from api and check user modified --- .../api/restaurant/item_sets_controller.rb | 1 - .../restaurant/menu_categories_controller.rb | 3 +-- .../api/restaurant/menu_controller.rb | 1 - .../menu_item_attributes_controller.rb | 3 +-- .../menu_item_instances_controller.rb | 3 +-- app/controllers/base_origami_controller.rb | 18 +++++++++++++----- app/controllers/concerns/token_verification.rb | 2 +- 7 files changed, 17 insertions(+), 14 deletions(-) diff --git a/app/controllers/api/restaurant/item_sets_controller.rb b/app/controllers/api/restaurant/item_sets_controller.rb index a7ad9efc..99581550 100755 --- a/app/controllers/api/restaurant/item_sets_controller.rb +++ b/app/controllers/api/restaurant/item_sets_controller.rb @@ -1,5 +1,4 @@ class Api::Restaurant::ItemSetsController < Api::ApiController - #Description # Pull the default menu details and also other available (active) menus # Input Params - order_id diff --git a/app/controllers/api/restaurant/menu_categories_controller.rb b/app/controllers/api/restaurant/menu_categories_controller.rb index f1f3e6d0..644a38a8 100755 --- a/app/controllers/api/restaurant/menu_categories_controller.rb +++ b/app/controllers/api/restaurant/menu_categories_controller.rb @@ -1,5 +1,4 @@ -class Api::Restaurant::MenuCategoriesController < Api::ApiController - skip_before_action :authenticate +class Api::Restaurant::MenuCategoriesController < Api::ApiController #Description # Pull the default menu details and also other available (active) menus # Input Params - order_id diff --git a/app/controllers/api/restaurant/menu_controller.rb b/app/controllers/api/restaurant/menu_controller.rb index ad8ad7f9..96ba3cc0 100755 --- a/app/controllers/api/restaurant/menu_controller.rb +++ b/app/controllers/api/restaurant/menu_controller.rb @@ -1,5 +1,4 @@ class Api::Restaurant::MenuController < Api::ApiController - skip_before_action :authenticate #Description # Pull the default menu details and also other available (active) menus # Input Params - order_id diff --git a/app/controllers/api/restaurant/menu_item_attributes_controller.rb b/app/controllers/api/restaurant/menu_item_attributes_controller.rb index 37719c37..d0469924 100755 --- a/app/controllers/api/restaurant/menu_item_attributes_controller.rb +++ b/app/controllers/api/restaurant/menu_item_attributes_controller.rb @@ -1,5 +1,4 @@ -class Api::Restaurant::MenuItemAttributesController < Api::ApiController - skip_before_action :authenticate +class Api::Restaurant::MenuItemAttributesController < Api::ApiController #Description # Pull the default menu details and also other available (active) menus # Input Params - order_id diff --git a/app/controllers/api/restaurant/menu_item_instances_controller.rb b/app/controllers/api/restaurant/menu_item_instances_controller.rb index be38f782..cfe75b19 100755 --- a/app/controllers/api/restaurant/menu_item_instances_controller.rb +++ b/app/controllers/api/restaurant/menu_item_instances_controller.rb @@ -1,5 +1,4 @@ -class Api::Restaurant::MenuItemInstancesController < Api::ApiController - skip_before_action :authenticate +class Api::Restaurant::MenuItemInstancesController < Api::ApiController #Description # Pull the default menu details and also other available (active) menus # Input Params - order_id diff --git a/app/controllers/base_origami_controller.rb b/app/controllers/base_origami_controller.rb index b627ae01..66cc2880 100755 --- a/app/controllers/base_origami_controller.rb +++ b/app/controllers/base_origami_controller.rb @@ -15,9 +15,17 @@ class BaseOrigamiController < ActionController::Base redirect_to origami_dashboard_path end - def check_user - if current_user.nil? - redirect_to root_path + def check_user + if check_mobile + if current_user.nil? + return render status: 401, json: { + message: "User using other device!" + }.to_json + end + else + if current_user.nil? + redirect_to root_path + end end end @@ -41,8 +49,8 @@ class BaseOrigamiController < ActionController::Base authenticate_with_http_token do |token, options| if token session[:webview] = true - end - session[:session_token] = token + session[:session_token] = token + end end if session[:webview] && request.user_agent =~ /android|blackberry|iphone|ipad|ipod|iemobile|mobile|webos/i diff --git a/app/controllers/concerns/token_verification.rb b/app/controllers/concerns/token_verification.rb index 66658b6a..1d700c8b 100755 --- a/app/controllers/concerns/token_verification.rb +++ b/app/controllers/concerns/token_verification.rb @@ -9,7 +9,7 @@ module TokenVerification protected # Authenticate the user with token based authentication - def authenticate + def authenticate authenticate_token || render_unauthorized end