DaKaZ/sessions_controller.rb

## sessions_controller.rb
module Api
  module V1
    class SessionsController < ApiController
      skip_before_filter :restrict_api_access

      rescue_from 'FbGraph::InvalidToken' do |exception|
        messages ||= Hash.new
        messages[:error] ||= Array.new
        messages[:error] << 'Invalid Facebook Authentication Token'
        failure(messages)
      end

      def create
        messages = init_messages
        api_session = ApiSession.create(url: request.url, params: params, remote_ip: request.remote_ip.inspect, query_string: request.query_string.inspect, method: request.method.inspect, location: params[:location])
        device = Device.find_by_device_token(params[:device_token])
        if device.nil?
          messages[:error] << 'Invalid Device Token'
          failure (messages)
          return
        else
          if device.expires_at.present? and device.expires_at < Date.today
            messages[:error] << 'Device/application access expired, please update your application code at your app store'
            failure(messages)
            return
          else
            messages[:warning] << "This application has been marked for end-of-life at #{device.expires_at.to_formatted_s(:long_ordinal)}.  Please update the application as soon as possible to avoid any problems with access." if  device.expires_at.present?
            begin
              user = nil
              if params[:auth_key].present? or params[:provider].present?
                params[:provider] ||= 'identity'
                if params[:provider] == 'identity'
                  if user = User.find_by_email(params[:auth_key])
                    if user.valid_password?(params[:password])
                      logger.info('User signed in successfully')#sign_in user
                    else
                      logger.error("Invalid Password: #{params[:password]}")
                      messages[:error] << 'Invalid password'
                      failure(messages, 401)
                      return
                    end
                  else
                    messages[:error] << 'Invalid user'
                    failure(messages, 401)
                    return
                  end


                end
                if params[:provider] == 'facebook'
                  token = params[:token]

                  fb_user = FbGraph::User.me(token)
                  fb_user = fb_user.fetch
                  if fb_user.email.blank?
                    messages[:error] << 'Facebook did not return a valid email, account could not be created.'
                    failure(messages, 401)
                    return
                  else
                    user = User.create_with_facebook(fb_user)
                  end

                end
              else
                # anyonymous user
                passwd = SecureRandom.hex(20)
                user = User.create(:anonymous => true, :password => passwd, :password_confirmation => passwd, email: "anon_#{passwd}@useek.com")
              end


              if user.present? and (user.expiration_date.blank? or user.expiration_date > Date.today())
                Level.current_user = user
                key = ApiKey.get_api_key(user)
                api_session.update_attributes(api_key_id: key.id)
                messages[:info] << 'Login successful!'
                user.update_location!(params[:location]) if params[:location]

                render :json => { user:             user,
                                  active_games:     user.active_games,
                                  # location:         rewards[:location],
                                  # active_rewards:   rewards[:results],
                                  # redeemed_rewards: user.redemptions,
                                  messages:         messages }, :status => 200
                return
              else
                if user.nil?
                  messages[:error] << 'Invalid email or password (nil)'
                else
                  unless user.expiration_date.blank? or user.expiration_date < Date.today()
                    messages[:error] << 'Account Expired'
                  end
                end
                failure(messages)
                return
              end
            rescue
              messages[:error] << 'A unknown error occurred, sorry'
              failure(messages)
              return
            end
          end

        end

      end

      def failure(msg, status = 401)
        logger.error "API Session Create failed: #{msg}"
        render :json => { :messages => msg }, :status => status
      end

      def destroy
        messages = init_messages
        api_key = params[:id]
        # begin
          key = ApiKey.find_by_access_token(api_key)
          key.update_attribute(:expires_at, DateTime.now)
          messages[:info] << 'Session was successfully destroyed.'
          render :json => { messages: messages }, status: 200
        # rescue
        #   messages[:error] << 'An error occurred.'
        #   render :json => { messages: messages }, status: 500
        # end

      end

    end
  end
end
	module Api
	module V1
	class SessionsController < ApiController
	skip_before_filter :restrict_api_access

	rescue_from 'FbGraph::InvalidToken' do \|exception\|
	messages \|\|= Hash.new
	messages[:error] \|\|= Array.new
	messages[:error] << 'Invalid Facebook Authentication Token'
	failure(messages)
	end

	def create
	messages = init_messages
	api_session = ApiSession.create(url: request.url, params: params, remote_ip: request.remote_ip.inspect, query_string: request.query_string.inspect, method: request.method.inspect, location: params[:location])
	device = Device.find_by_device_token(params[:device_token])
	if device.nil?
	messages[:error] << 'Invalid Device Token'
	failure (messages)
	return
	else
	if device.expires_at.present? and device.expires_at < Date.today
	messages[:error] << 'Device/application access expired, please update your application code at your app store'
	failure(messages)
	return
	else
	messages[:warning] << "This application has been marked for end-of-life at #{device.expires_at.to_formatted_s(:long_ordinal)}. Please update the application as soon as possible to avoid any problems with access." if device.expires_at.present?
	begin
	user = nil
	if params[:auth_key].present? or params[:provider].present?
	params[:provider] \|\|= 'identity'
	if params[:provider] == 'identity'
	if user = User.find_by_email(params[:auth_key])
	if user.valid_password?(params[:password])
	logger.info('User signed in successfully')#sign_in user
	else
	logger.error("Invalid Password: #{params[:password]}")
	messages[:error] << 'Invalid password'
	failure(messages, 401)
	return
	end
	else
	messages[:error] << 'Invalid user'
	failure(messages, 401)
	return
	end


	end
	if params[:provider] == 'facebook'
	token = params[:token]

	fb_user = FbGraph::User.me(token)
	fb_user = fb_user.fetch
	if fb_user.email.blank?
	messages[:error] << 'Facebook did not return a valid email, account could not be created.'
	failure(messages, 401)
	return
	else
	user = User.create_with_facebook(fb_user)
	end

	end
	else
	# anyonymous user
	passwd = SecureRandom.hex(20)
	user = User.create(:anonymous => true, :password => passwd, :password_confirmation => passwd, email: "anon_#{passwd}@useek.com")
	end



	if user.present? and (user.expiration_date.blank? or user.expiration_date > Date.today())
	Level.current_user = user
	key = ApiKey.get_api_key(user)
	api_session.update_attributes(api_key_id: key.id)
	messages[:info] << 'Login successful!'
	user.update_location!(params[:location]) if params[:location]

	render :json => { user: user,
	active_games: user.active_games,
	# location: rewards[:location],
	# active_rewards: rewards[:results],
	# redeemed_rewards: user.redemptions,
	messages: messages }, :status => 200
	return
	else
	if user.nil?
	messages[:error] << 'Invalid email or password (nil)'
	else
	unless user.expiration_date.blank? or user.expiration_date < Date.today()
	messages[:error] << 'Account Expired'
	end
	end
	failure(messages)
	return
	end
	rescue
	messages[:error] << 'A unknown error occurred, sorry'
	failure(messages)
	return
	end
	end

	end

	end

	def failure(msg, status = 401)
	logger.error "API Session Create failed: #{msg}"
	render :json => { :messages => msg }, :status => status
	end

	def destroy
	messages = init_messages
	api_key = params[:id]
	# begin
	key = ApiKey.find_by_access_token(api_key)
	key.update_attribute(:expires_at, DateTime.now)
	messages[:info] << 'Session was successfully destroyed.'
	render :json => { messages: messages }, status: 200
	# rescue
	# messages[:error] << 'An error occurred.'
	# render :json => { messages: messages }, status: 500
	# end

	end

	end
	end
	end