Update and document authentication methods

2026-02-15 23:57:48 +00:00 · 2021-10-11 13:59:33 +01:00
parent 56bc554f29
commit a222b507fb
3 changed files with 40 additions and 9 deletions
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -16,21 +16,16 @@ module Api

      private

-      def spree_current_user
-        @spree_current_user ||= request.env['warden'].user
-      end
-
-      # Use logged in user (spree_current_user) for API authentication (current_api_user)
      def authenticate_user
-        return if (@current_api_user = spree_current_user)
+        return if (@current_api_user = request.env['warden'].user)

        if api_key.blank?
          # An anonymous user
-          @current_api_user = Spree.user_class.new
+          @current_api_user = Spree::User.new
          return
        end

-        return if (@current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s))
+        return if (@current_api_user = Spree::User.find_by(spree_api_key: api_key.to_s))

        invalid_api_key
      end
@@ -40,7 +35,7 @@ module Api
      end

      def api_key
-        request.headers["X-Spree-Token"] || params[:token]
+        request.headers["X-Api-Token"] || params[:token]
      end

      def error_during_processing(exception)
--- a/spec/swagger_helper.rb
+++ b/spec/swagger_helper.rb
@@ -28,6 +28,26 @@ RSpec.configure do |config|
        schemas: {
          error_response: ErrorsSchema.schema,
          customer: CustomerSchema.schema
+        },
+        securitySchemas: {
+          api_key_header: {
+            type: :apiKey,
+            name: 'X-Api-Token',
+            in: :header,
+            description: "Authenticates via API key passed in specified header"
+          },
+          api_key_param: {
+            type: :apiKey,
+            name: 'token',
+            in: :query,
+            description: "Authenticates via API key passed in specified query param"
+          },
+          session: {
+            type: :http,
+            name: '_ofn_session',
+            in: :cookie,
+            description: "Authenticates using the current user's session if logged in"
+          },
        }
      },
      paths: {},
--- a/swagger/v1/swagger.yaml
+++ b/swagger/v1/swagger.yaml
@@ -68,6 +68,22 @@ components:
          type: object
      required:
      - data
+  securitySchemas:
+    api_key_header:
+      type: apiKey
+      name: X-Api-Token
+      in: header
+      description: Authenticates via API key passed in specified header
+    api_key_param:
+      type: apiKey
+      name: token
+      in: query
+      description: Authenticates via API key passed in specified query param
+    session:
+      type: http
+      name: _ofn_session
+      in: cookie
+      description: Authenticates using the current user's session if logged in
 paths:
  "/api/v1/customers":
    get: