jimsynz/api_sessions_controller.rb

## api_sessions_controller.rb
class Api::SessionsController < ApiController

  def create
    token = ApiToken.new(params[:api_token])

    if params[:username] && params[:password]
      user = User.find_by_username(params[:username])
      if _user_is_authentic?
        token.user = user
      else
        return _not_authorized
      end

    elsif params[:api_key]
      user = User.find_by_api_key(params[:api_key])
      if user
        token.user = user
      else
        return _not_authorized
      end
    end

    respond_with token
  end


  private

  def user_url(*args)
    api_users_url(*args)
  end

  def _not_authorized
    render json: { error: 'not authorized' }, status: 401
  end

  def _user_is_authentic? user
    user && UserAuthenticationService.authenticate(user, params[:password])
  end
end
	class Api::SessionsController < ApiController

	def create
	token = ApiToken.new(params[:api_token])

	if params[:username] && params[:password]
	user = User.find_by_username(params[:username])
	if _user_is_authentic?
	token.user = user
	else
	return _not_authorized
	end

	elsif params[:api_key]
	user = User.find_by_api_key(params[:api_key])
	if user
	token.user = user
	else
	return _not_authorized
	end
	end

	respond_with token
	end


	private

	def user_url(*args)
	api_users_url(*args)
	end

	def _not_authorized
	render json: { error: 'not authorized' }, status: 401
	end

	def _user_is_authentic? user
	user && UserAuthenticationService.authenticate(user, params[:password])
	end
	end