Module: Api::Vendor::V1::Concerns::Authentication

Includes:

IntegrationTestHelpers, EncryptableHelper

Included in:

BaseController, CreateReservation, PackageTypesController, ReservationsController, RestaurantPackagesController, RestaurantsController, VendorReservationsController

Defined in:

app/controllers/api/vendor/v1/concerns/authentication.rb

Instance Method Summary

• #authentication! ⇒ Object
• #find_vendor_channel ⇒ Object

Methods included from EncryptableHelper

#decrypt, #encrypt, #generate_signature

Instance Method Details

#authentication! ⇒ Object

# File 'app/controllers/api/vendor/v1/concerns/authentication.rb', line 5

def authentication!
  return true if valid_tagthai_user_info_request?

  auth_header = request.headers['Authorization']

  return render_error('Missing authorization header') if auth_header.blank?

  # assume the token is in the 'Authorization' header with format 'hmac <token>'
  hmac, token = auth_header.split
  return render_error('Missing authentication token') unless hmac.downcase == 'hmac'

  # validate token format <KEY>:<TIMESTAMP>:<SIGNATURE>
  return render_error('Invalid authentication token format') unless token.match?(/\A[\w-]+:\d+:[a-f0-9]+\z/)

  api_key, timestamp, client_signature = token.split(':')

  # for vendor integration tests only
  vendor_name_header = integration_test_vendor_name

  return render_error('Vendor api key does not exist') unless valid_vendor_key?(api_key, vendor_name_header)

  return render_error('Vendor booking channel does not exist') if find_vendor_channel.blank?

  return render_error('Invalid authentication token') unless valid_token?(api_key, timestamp, client_signature,
                                                                          vendor_name_header)

  # token is valid, continue with the request
  true
end

#find_vendor_channel ⇒ Object

# File 'app/controllers/api/vendor/v1/concerns/authentication.rb', line 35

def find_vendor_channel
  @vendor_channel ||= Channel.find_by(oauth_application_id: vendor.id)
end