esteedqueen/authenticable.rb

## authenticable.rb
module Authenticable

  # Devise methods overwrite
  def current_user
    @current_user ||= User.find_by(authentication_token: request.headers['Authorization'])
  end

  def authenticate_with_token!
    render json: { errors: "Not authenticated" },
                status: :unauthorized unless user_signed_in?
  end

  def user_signed_in?
    current_user.present?
  end

end

## base_controller.rb
class Api::V1::BaseController < ApplicationController

  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.

  respond_to :json

  skip_before_filter :verify_authenticity_token, :if => Proc.new { |c| c.request.format == 'application/json' }

  protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }

  skip_before_filter :authenticate_user!

  include Authenticable

  ...

  # set and include other common functions in here


end

## registrations_controller.rb
class Api::V1::Users::RegistrationsController < Api::V1::BaseController

  before_action :authenticate_with_token!, only: [:update, :destroy]

  respond_to :json

  def create
    if params[:user][:email].nil?
      render :status => 400,
             :json => {:message => 'User request must contain the user email.'}
      return
    elsif params[:user][:password].nil?
      render :status => 400,
             :json => {:message => 'User request must contain the user password.'}
      return
    end

    if params[:user][:email]
      duplicate_user = User.find_by_email(params[:user][:email])
      unless duplicate_user.nil?
        render :status => 409,
               :json => {:message => 'Duplicate email. A user already exists with that email address.'}
        return
      end
    end

    @user = User.create(sign_up_params)

    if @user.save
      render(status: 200, json: Api::V1::UserSerializer.new(@user, root:false).to_json)
    else
      render :status => 400,
             :json => {:message => @user.errors.full_messages}
    end
  end


  private

    def sign_up_params
      params.require(:user).permit(:email, :username, :password)
    end

end

## sessions_controller.rb
class Api::V1::SessionsController < Api::V1::BaseController

  before_filter :authenticate_with_token!, except: [:create]

  before_filter :ensure_params_exist

  respond_to :json

  def create
    resource = User.find_for_database_authentication(
      email: params[:user][:email]
    )
    return invalid_login_attempt unless resource

    if resource.valid_password?(params[:user][:password])
      sign_in(:user, resource)
      render(status: 200, success: true, json: Api::V1::UserSerializer.new(resource, root:false).to_json)
      return
    end
    invalid_login_attempt
  end

  def destroy
    resource = current_user
    resource.authentication_token = nil
    resource.save
    head 204
  end


  protected
    def ensure_params_exist
      return unless params[:user].blank?
      render json: {
        success: false,
        message: "missing user parameter"
      }, status: 422
    end

    def invalid_login_attempt
      warden.custom_failure!
      render json: {
        success: false,
        message: "Error with your email or password"
      }, status: 401
    end

end
	module Authenticable

	# Devise methods overwrite
	def current_user
	@current_user \|\|= User.find_by(authentication_token: request.headers['Authorization'])
	end

	def authenticate_with_token!
	render json: { errors: "Not authenticated" },
	status: :unauthorized unless user_signed_in?
	end

	def user_signed_in?
	current_user.present?
	end

	end
	class Api::V1::BaseController < ApplicationController

	# Prevent CSRF attacks by raising an exception.
	# For APIs, you may want to use :null_session instead.

	respond_to :json

	skip_before_filter :verify_authenticity_token, :if => Proc.new { \|c\| c.request.format == 'application/json' }

	protect_from_forgery with: :null_session, if: Proc.new { \|c\| c.request.format == 'application/json' }

	skip_before_filter :authenticate_user!

	include Authenticable

	...

	# set and include other common functions in here


	end
	class Api::V1::Users::RegistrationsController < Api::V1::BaseController

	before_action :authenticate_with_token!, only: [:update, :destroy]

	respond_to :json

	def create
	if params[:user][:email].nil?
	render :status => 400,
	:json => {:message => 'User request must contain the user email.'}
	return
	elsif params[:user][:password].nil?
	render :status => 400,
	:json => {:message => 'User request must contain the user password.'}
	return
	end

	if params[:user][:email]
	duplicate_user = User.find_by_email(params[:user][:email])
	unless duplicate_user.nil?
	render :status => 409,
	:json => {:message => 'Duplicate email. A user already exists with that email address.'}
	return
	end
	end

	@user = User.create(sign_up_params)

	if @user.save
	render(status: 200, json: Api::V1::UserSerializer.new(@user, root:false).to_json)
	else
	render :status => 400,
	:json => {:message => @user.errors.full_messages}
	end
	end



	private

	def sign_up_params
	params.require(:user).permit(:email, :username, :password)
	end

	end
	class Api::V1::SessionsController < Api::V1::BaseController

	before_filter :authenticate_with_token!, except: [:create]

	before_filter :ensure_params_exist

	respond_to :json

	def create
	resource = User.find_for_database_authentication(
	email: params[:user][:email]
	)
	return invalid_login_attempt unless resource

	if resource.valid_password?(params[:user][:password])
	sign_in(:user, resource)
	render(status: 200, success: true, json: Api::V1::UserSerializer.new(resource, root:false).to_json)
	return
	end
	invalid_login_attempt
	end

	def destroy
	resource = current_user
	resource.authentication_token = nil
	resource.save
	head 204
	end


	protected
	def ensure_params_exist
	return unless params[:user].blank?
	render json: {
	success: false,
	message: "missing user parameter"
	}, status: 422
	end

	def invalid_login_attempt
	warden.custom_failure!
	render json: {
	success: false,
	message: "Error with your email or password"
	}, status: 401
	end

	end