class Api::UserController < ApplicationController skip_before_filter :verify_authenticity_token before_filter :authenticate_user! before_filter :require_user_update_permission def update user_json = JSON.parse(request.body.read)['user'] oauth_hash = build_gds_oauth_hash(user_json) GDS::SSO::Config.user_klass.find_for_gds_oauth(oauth_hash) head :ok end def reauth user = GDS::SSO::Config.user_klass.where(:uid => params[:uid]).first if user.nil? || user.set_remotely_signed_out! head :ok else head 500 end end private # This should mirror the object created by the omniauth-gds strategy/gem # By doing this, we can reuse the code for creating/updating the user def build_gds_oauth_hash(user_json) OmniAuth::AuthHash.new( uid: user_json['uid'], provider: 'gds', info: { name: user_json['name'], email: user_json['email'] }, extra: { user: { permissions: user_json['permissions'], organisation_slug: user_json['organisation_slug'], } }) end def require_user_update_permission authorise_user!("user_update_permission") end end