Adding interlock authentication

2014-02-23 05:55:00 -07:00
parent c5556a0d50
commit 095b6d3965
12 changed files with 81 additions and 15 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,6 +13,20 @@ class ApplicationController < ActionController::Base

  @payment_methods = [[nil],["PayPal"],["Dwolla"],["Bill Pay"],["Check"],["Cash"],["Other"]]
  @payment_instructions = {nil => nil, :paypal => "Set up a monthly recurring payment to hslfinances@gmail.com", :dwolla => "Set up a monthly recurring payment to hslfinances@gmail.com", :billpay =>  "Have your bank send a monthly check to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201", :check => "Mail to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201 OR put in the drop safe at the Lab with a deposit slip firmly attached each month.", :cash => "Put in the drop safe at the Lab with a deposit slip firmly attached each month.", :other => "Hmm... talk to a Treasurer!"}
+
+  # Check authorization of a user / sign them in manually
+  def check_auth(email,password)
+    resource = User.find_by_email(email)
+    if resource && resource.valid_password?(password)
+      resource.remember_me = true
+      sign_in :user, resource
+      return true
+    else
+      return false
+    end
+  end
+
+
 end

 # Add a "fit" function to sanitize inputs for mac history
--- a/app/controllers/cards_controller.rb
+++ b/app/controllers/cards_controller.rb
@@ -1,6 +1,6 @@
 class CardsController < ApplicationController
-  load_and_authorize_resource
-  before_filter :authenticate_user!
+  load_and_authorize_resource except: :authorize
+  before_filter :authenticate_user!, except: :authorize
  
  # GET /cards
  # GET /cards.json
@@ -111,6 +111,41 @@ class CardsController < ApplicationController
    end
  end

+  def authorize
+
+    # Stop unless signed in already, OR if the supplied user/pass params are good.
+    unless current_user || check_auth(params['user'],params['pass'])
+      @auth = "bad_user_or_pass"
+    else
+      # Stop unless the user can access the door system
+      unless can? :authorize, Card
+        @auth = "bad_user_permissions"
+        Rails.logger.warn "----------\r\nWARNING: CARD AUTH ATTEMPT DENIED. USER #{current_user.inspect}\r\n----------"
+      else
+
+        begin
+          @card = Card.find(:first, :conditions => ["lower(card_number) = ?", params[:id].downcase])
+          @auth = @card.inspect 
+          if @card && @card.user 
+            @auth = @card.user.has_certification?(params[:device])
+          else
+            @auth = false
+          end
+        rescue
+          @auth = false
+        end
+      end
+    end
+
+    if @card && @card.user
+      username = @card.user.name
+    else
+      username = nil
+    end
+
+    render json: [@auth, username]
+  end
+
  # DELETE /cards/1
  # DELETE /cards/1.json
  def destroy
--- a/app/controllers/space_api_controller.rb
+++ b/app/controllers/space_api_controller.rb
@@ -102,15 +102,4 @@ class SpaceApiController < ApplicationController

  end

-  def check_auth(email,password)
-    resource = User.find_by_email(email)
-    if resource && resource.valid_password?(password)
-      resource.remember_me = true
-      sign_in :user, resource
-      return true
-    else
-      return false
-    end
-  end
-
 end