From a222b507fb3ace07aef7ea761e34d82a25188cf1 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Mon, 11 Oct 2021 13:59:33 +0100
Subject: [PATCH] Update and document authentication methods

---
 app/controllers/api/v1/base_controller.rb | 13 ++++---------
 spec/swagger_helper.rb                    | 20 ++++++++++++++++++++
 swagger/v1/swagger.yaml                   | 16 ++++++++++++++++
 3 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb
index 12f7f8748e..1ed61ecd6c 100644
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -16,21 +16,16 @@ module Api
 
       private
 
-      def spree_current_user
-        @spree_current_user ||= request.env['warden'].user
-      end
-
-      # Use logged in user (spree_current_user) for API authentication (current_api_user)
       def authenticate_user
-        return if (@current_api_user = spree_current_user)
+        return if (@current_api_user = request.env['warden'].user)
 
         if api_key.blank?
           # An anonymous user
-          @current_api_user = Spree.user_class.new
+          @current_api_user = Spree::User.new
           return
         end
 
-        return if (@current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s))
+        return if (@current_api_user = Spree::User.find_by(spree_api_key: api_key.to_s))
 
         invalid_api_key
       end
@@ -40,7 +35,7 @@ module Api
       end
 
       def api_key
-        request.headers["X-Spree-Token"] || params[:token]
+        request.headers["X-Api-Token"] || params[:token]
       end
 
       def error_during_processing(exception)
diff --git a/spec/swagger_helper.rb b/spec/swagger_helper.rb
index 9bcd2c4064..d8d5094673 100644
--- a/spec/swagger_helper.rb
+++ b/spec/swagger_helper.rb
@@ -28,6 +28,26 @@ RSpec.configure do |config|
         schemas: {
           error_response: ErrorsSchema.schema,
           customer: CustomerSchema.schema
+        },
+        securitySchemas: {
+          api_key_header: {
+            type: :apiKey,
+            name: 'X-Api-Token',
+            in: :header,
+            description: "Authenticates via API key passed in specified header"
+          },
+          api_key_param: {
+            type: :apiKey,
+            name: 'token',
+            in: :query,
+            description: "Authenticates via API key passed in specified query param"
+          },
+          session: {
+            type: :http,
+            name: '_ofn_session',
+            in: :cookie,
+            description: "Authenticates using the current user's session if logged in"
+          },
         }
       },
       paths: {},
diff --git a/swagger/v1/swagger.yaml b/swagger/v1/swagger.yaml
index de4d0e1186..7fade2d482 100644
--- a/swagger/v1/swagger.yaml
+++ b/swagger/v1/swagger.yaml
@@ -68,6 +68,22 @@ components:
           type: object
       required:
       - data
+  securitySchemas:
+    api_key_header:
+      type: apiKey
+      name: X-Api-Token
+      in: header
+      description: Authenticates via API key passed in specified header
+    api_key_param:
+      type: apiKey
+      name: token
+      in: query
+      description: Authenticates via API key passed in specified query param
+    session:
+      type: http
+      name: _ofn_session
+      in: cookie
+      description: Authenticates using the current user's session if logged in
 paths:
   "/api/v1/customers":
     get: