3d01febcf7
Require the user to re-enter their password before they can view, create, update, or delete their API keys. This works by tracking the timestamp of the user's last password re-entry in a `last_authenticated_at` session cookie, and redirecting the user to a password confirmation page if they haven't re-entered their password in the last hour. This is modeled after Github's Sudo mode.
39 lines
1.1 KiB
Ruby
39 lines
1.1 KiB
Ruby
class ApiKeysController < ApplicationController
|
|
before_action :requires_reauthentication
|
|
respond_to :html, :json, :xml
|
|
|
|
def new
|
|
@api_key = authorize ApiKey.new(user: CurrentUser.user, **permitted_attributes(ApiKey))
|
|
respond_with(@api_key)
|
|
end
|
|
|
|
def create
|
|
@api_key = authorize ApiKey.new(user: CurrentUser.user, **permitted_attributes(ApiKey))
|
|
@api_key.save
|
|
respond_with(@api_key, location: user_api_keys_path(CurrentUser.user.id))
|
|
end
|
|
|
|
def edit
|
|
@api_key = authorize ApiKey.find(params[:id])
|
|
respond_with(@api_key)
|
|
end
|
|
|
|
def update
|
|
@api_key = authorize ApiKey.find(params[:id])
|
|
@api_key.update(permitted_attributes(@api_key))
|
|
respond_with(@api_key, location: user_api_keys_path(CurrentUser.user.id))
|
|
end
|
|
|
|
def index
|
|
params[:search][:user_id] = params[:user_id] if params[:user_id].present?
|
|
@api_keys = authorize ApiKey.visible(CurrentUser.user).paginated_search(params, count_pages: true)
|
|
respond_with(@api_keys)
|
|
end
|
|
|
|
def destroy
|
|
@api_key = authorize ApiKey.find(params[:id])
|
|
@api_key.destroy
|
|
respond_with(@api_key, location: user_api_keys_path(CurrentUser.user.id))
|
|
end
|
|
end
|