add a /login.json endpoint, just returns success or failure for now - merged with i18n

2017-05-19 13:52:20 +02:00 · 2017-05-19 13:52:20 +02:00 · bf5967b93e
parent d3e90291b3
commit bf5967b93e
2 changed files with 50 additions and 21 deletions
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -47,33 +47,62 @@ class LoginController < ApplicationController
      end

      if user.has_2fa?
-        session[:twofa_u] = user.session_token
-        return redirect_to "/login/2fa"
-      end
-
-      session[:u] = user.session_token
-
-      if (rd = session[:redirect_to]).present?
-        session.delete(:redirect_to)
-        return redirect_to rd
-      elsif params[:referer].present?
-        begin
-          ru = URI.parse(params[:referer])
-          if ru.host == Rails.application.domain
-            return redirect_to ru.to_s
+        if params[:totp].present?
+          if !user.authenticate_totp(params[:totp])
+            raise "invalid TOTP code"
+          end
+        else
+          return respond_to do |format|
+            format.html {
+              session[:twofa_u] = user.session_token
+              redirect_to "/login/2fa"
+            }
+            format.json {
+              render :json => { :status => 0,
+                :error => "must supply totp parameter" }
+            }
          end
-        rescue => e
-          Rails.logger.error "error parsing referer: #{e}"
        end
      end

-      return redirect_to "/"
+      return respond_to do |format|
+        format.html {
+          session[:u] = user.session_token
+
+          if (rd = session[:redirect_to]).present?
+            session.delete(:redirect_to)
+            return redirect_to rd
+          elsif params[:referer].present?
+            begin
+              ru = URI.parse(params[:referer])
+              if ru.host == Rails.application.domain
+                return redirect_to ru.to_s
+              end
+            rescue => e
+              Rails.logger.error "error parsing referer: #{e}"
+            end
+          end
+
+          redirect_to "/"
+        }
+        format.json {
+          render :json => { :status => 1, :username => user.username }
+        }
+      end
    rescue
    end

-    flash.now[:error] = I18n.t 'controllers.login_controller.flashlogininvalid'
-    @referer = params[:referer]
-    index
+    respond_to do |format|
+      format.html {
+        flash.now[:error] = I18n.t 'controllers.login_controller.flashlogininvalid'
+        @referer = params[:referer]
+        index
+      }
+      format.json {
+        render :json => { :status => 0,
+          :error => "invalid 'email' and/or 'password' parameter" }
+      }
+    end
  end

  def forgot_password
--- a/config/routes.rb
+++ b/config/routes.rb
@ -30,7 +30,7 @@ Lobsters::Application.routes.draw do
    get "/threads/:user" => "comments#threads"

    get "/login" => "login#index"
-    post "/login" => "login#login"
+    post "/login" => "login#login", :format => /html|json/
    post "/logout" => "login#logout"
    get "/login/2fa" => "login#twofa"
    post "/login/2fa_verify" => "login#twofa_verify", :as => "twofa_login"