utx0/base_controller.rb

## base_controller.rb
# app/controllers/api/v1/base_controller.rb
class Api::V1::BaseController < ApplicationController
  skip_before_filter :verify_authenticity_token

  include Api::V1::SessionsHelper

  respond_to :json

  before_filter :authenticate_user

end

## sessions_controller.rb
# app/controllers/api/v1/sessions_controller.rb
class Api::V1::SessionsController < Api::V1::BaseController

  skip_before_filter :authenticate_user, only: :create

  # curl -H 'Accept: application/json' -X POST http://0.0.0.0:3000/api/v1/login -d 'login=luke@lukehamilton.me&password=foobar' -v
  def create
    if request.format != :json
        render :status=>406, :json=>{:message=>"The request must be json"} #TODO come back and fix this
        return
    end

    #email = params[:email]
    login = params[:login]
    password = params[:password]

    # Test for nil fields
    if login.nil? or password.nil?
      invalid_request
      return
    end

    # Try and find user
    user = User.find_by_login(login.downcase)

    # Test if User exists
    if user.nil?
      logger.info("User #{login} failed login, user cannot be found.")
      invalid_login_details
      return
    end

    if not user.valid_password?(password)
      logger.info("User #{login} failed login, password \"#{password}\" is invalid")
      invalid_login_details
    else
      logger.info("User #{login} logged in successfully.")
      user.ensure_authentication_token!
      sign_in(user)
      successful_login(user)
    end
  end

  def destroy

    token = params[:token]

    if token
      user=User.find_by_authentication_token(params[:token])

      if user.nil?
        logger.info("Token: #{params[:token]} not found for any user records.")
        invalid_token
      else
        user.reset_authentication_token!
        successful_logout
      end
    else
      auth_token_required
    end
  end
end

## sessions_helper.rb
# app/helpers/api/v1/sessions_helper.rb
module Api::V1::SessionsHelper

  def authenticate_user
    token = params[:token]

    if token
      user = User.find_by_authentication_token(token)
      if user
        sign_in(user)
      else
        invalid_token
      end
    else
      auth_token_required
    end
  end

  def invalid_login_details
    render status: 401, json: { success: false, message: "Invalid login details." }
  end

  def invalid_request
    render status: 400, json: { success: false, message: "The request must contain the user email and password."}
  end

  def invalid_token
    render status: 401, json: { success: false, message: "Invalid token." }
  end

  def auth_token_required
    render status: 401, json: { success: false, message: "Authentication token required." }
  end

  def successful_login(user)
    render status: 200, json: { success: true, message: "Login successful.", auth_token: user.authentication_token }
  end

  def successful_logout
    render status: 410, json: { success: true, message: "Logout successful." }
  end

end

## users_controller.rb
# app/controllers/api/v1/users_controller.rb
class Api::V1::UsersController < Api::V1::BaseController

  skip_before_filter :authenticate_user, only: :create

  # Create new account
  # curl -v -H "Accept: application/json" -X POST -d "user[email]=email@email.com&user[username]=username&user[password]=password&user[password_confirmation]=password" http://localhost:3000/api/v1/signup
  def create

    user = User.new(params[:user])

    if user.save
      user.ensure_authentication_token!
      sign_in(user)
      render :json=> user.as_json, :status=>201
      return
    else
      render :json=> user.errors, :status=>422
    end
  end
end
	# app/controllers/api/v1/base_controller.rb
	class Api::V1::BaseController < ApplicationController
	skip_before_filter :verify_authenticity_token

	include Api::V1::SessionsHelper

	respond_to :json

	before_filter :authenticate_user

	end
	# app/controllers/api/v1/sessions_controller.rb
	class Api::V1::SessionsController < Api::V1::BaseController

	skip_before_filter :authenticate_user, only: :create

	# curl -H 'Accept: application/json' -X POST http://0.0.0.0:3000/api/v1/login -d 'login=luke@lukehamilton.me&password=foobar' -v
	def create
	if request.format != :json
	render :status=>406, :json=>{:message=>"The request must be json"} #TODO come back and fix this
	return
	end

	#email = params[:email]
	login = params[:login]
	password = params[:password]

	# Test for nil fields
	if login.nil? or password.nil?
	invalid_request
	return
	end

	# Try and find user
	user = User.find_by_login(login.downcase)

	# Test if User exists
	if user.nil?
	logger.info("User #{login} failed login, user cannot be found.")
	invalid_login_details
	return
	end

	if not user.valid_password?(password)
	logger.info("User #{login} failed login, password \"#{password}\" is invalid")
	invalid_login_details
	else
	logger.info("User #{login} logged in successfully.")
	user.ensure_authentication_token!
	sign_in(user)
	successful_login(user)
	end
	end

	def destroy

	token = params[:token]

	if token
	user=User.find_by_authentication_token(params[:token])

	if user.nil?
	logger.info("Token: #{params[:token]} not found for any user records.")
	invalid_token
	else
	user.reset_authentication_token!
	successful_logout
	end
	else
	auth_token_required
	end
	end
	end
	# app/helpers/api/v1/sessions_helper.rb
	module Api::V1::SessionsHelper

	def authenticate_user
	token = params[:token]

	if token
	user = User.find_by_authentication_token(token)
	if user
	sign_in(user)
	else
	invalid_token
	end
	else
	auth_token_required
	end
	end

	def invalid_login_details
	render status: 401, json: { success: false, message: "Invalid login details." }
	end

	def invalid_request
	render status: 400, json: { success: false, message: "The request must contain the user email and password."}
	end

	def invalid_token
	render status: 401, json: { success: false, message: "Invalid token." }
	end

	def auth_token_required
	render status: 401, json: { success: false, message: "Authentication token required." }
	end

	def successful_login(user)
	render status: 200, json: { success: true, message: "Login successful.", auth_token: user.authentication_token }
	end

	def successful_logout
	render status: 410, json: { success: true, message: "Logout successful." }
	end

	end
	# app/controllers/api/v1/users_controller.rb
	class Api::V1::UsersController < Api::V1::BaseController

	skip_before_filter :authenticate_user, only: :create

	# Create new account
	# curl -v -H "Accept: application/json" -X POST -d "user[email]=email@email.com&user[username]=username&user[password]=password&user[password_confirmation]=password" http://localhost:3000/api/v1/signup
	def create

	user = User.new(params[:user])

	if user.save
	user.ensure_authentication_token!
	sign_in(user)
	render :json=> user.as_json, :status=>201
	return
	else
	render :json=> user.errors, :status=>422
	end
	end
	end