module Ecom module Core class AccessController < ApplicationController skip_before_action :authenticate, only: [:login] def login app_code = Rails.configuration.app_code user = User.find_by(email: auth_params[:email]) if user if user.authenticate(auth_params[:password]) roles = user.roles_for_module(app_code).each_with_object([]) do |role, result| result << role.name end if roles.count <= 0 render json: { error: 'User has no roles in this application.' }, status: :unprocessable_entity return end payload = { id: user.id, email: user.email, name: user.full_name, roles: roles, projects: user.projects } jwt = TokenAuthService.issue(payload) render json: { token: jwt, user: payload, error: nil } else render json: { error: 'Invalid username or password' }, status: 400 end else render json: { error: 'User does not exist' }, status: 400 end end private def auth_params params.require(:auth).permit(:email, :password) end end end end