# frozen_string_literal: true module NeetoCommonsBackend module Authenticatable extend ActiveSupport::Concern included do before_action :authenticate_user_using_x_auth_token respond_to :json attr_reader :user private def authenticate_user_using_x_auth_token return if user_signed_in? email = request.headers["X-Auth-Email"] auth_token = request.headers["X-Auth-Token"] @user = email && @organization && User.find_first_by_auth_conditions(email:, organization_id: @organization.id) if valid_user_token?(auth_token) sign_in user, store: false User.current = user else message = if user && !user.active? t("devise.failure.deactivated") else t("devise.failure.timeout") end render_error(message, :unauthorized) end end def valid_user_token?(auth_token) user && user.active? && Devise.secure_compare(user.authentication_token, auth_token) end def authenticate_organization_api_key! unless @organization.api_key == request.headers["X-Neeto-API-Key"] render_error(t("authentication.unauthorized"), :unauthorized) and return end end end end end