Class: Spree::Api::V3::Admin::AuthController

Inherits:
BaseController show all
Includes:
AuthCookies
Defined in:
app/controllers/spree/api/v3/admin/auth_controller.rb

Constant Summary

Constants included from AuthCookies

Spree::Api::V3::Admin::AuthCookies::COOKIE_PATH, Spree::Api::V3::Admin::AuthCookies::REFRESH_COOKIE_NAME

Constants included from ScopedAuthorization

ScopedAuthorization::READ_ACTIONS

Constants inherited from BaseController

BaseController::RATE_LIMIT_RESPONSE

Constants included from Idempotent

Idempotent::IDEMPOTENCY_HEADER, Idempotent::IDEMPOTENCY_TTL, Idempotent::MAX_KEY_LENGTH, Idempotent::MUTATING_METHODS

Constants included from ErrorHandler

ErrorHandler::ERROR_CODES

Constants included from JwtAuthentication

JwtAuthentication::JWT_AUDIENCE_ADMIN, JwtAuthentication::JWT_AUDIENCE_STORE, JwtAuthentication::JWT_ISSUER, JwtAuthentication::USER_TYPE_ADMIN, JwtAuthentication::USER_TYPE_CUSTOMER

Instance Method Summary collapse

Methods included from Spree::Api::V3::ApiKeyAuthentication

#authenticate_api_key!, #authenticate_secret_key!

Methods included from JwtAuthentication

#authenticate_user, #require_authentication!

Instance Method Details

#createObject

POST /api/v3/admin/auth/login



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'app/controllers/spree/api/v3/admin/auth_controller.rb', line 16

def create
  strategy = authentication_strategy
  return unless strategy

  result = strategy.authenticate

  if result.success?
    user = result.value
    refresh_token = Spree::RefreshToken.create_for(user, request_env: request_env_for_token)
    set_refresh_cookie(refresh_token)
    render json: auth_response(user)
  else
    render_error(
      code: ERROR_CODES[:authentication_failed],
      message: result.error,
      status: :unauthorized
    )
  end
end

#logoutObject

POST /api/v3/admin/auth/logout



67
68
69
70
71
72
73
 
# File 'app/controllers/spree/api/v3/admin/auth_controller.rb', line 67

def logout
  refresh_token_value = refresh_token_from_cookie
  Spree::RefreshToken.active.find_by(token: refresh_token_value)&.destroy if refresh_token_value.present?

  clear_refresh_cookie
  head :no_content
end

#refreshObject

POST /api/v3/admin/auth/refresh



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'app/controllers/spree/api/v3/admin/auth_controller.rb', line 37

def refresh
  refresh_token_value = refresh_token_from_cookie

  if refresh_token_value.blank?
    return render_error(
      code: ERROR_CODES[:invalid_refresh_token],
      message: 'Refresh token cookie missing',
      status: :unauthorized
    )
  end

  refresh_token = Spree::RefreshToken.active.find_by(token: refresh_token_value)

  if refresh_token.nil?
    clear_refresh_cookie
    return render_error(
      code: ERROR_CODES[:invalid_refresh_token],
      message: 'Invalid or expired refresh token',
      status: :unauthorized
    )
  end

  user = refresh_token.user
  new_refresh_token = refresh_token.rotate!(request_env: request_env_for_token)
  set_refresh_cookie(new_refresh_token)

  render json: auth_response(user)
end