app/controllers/api/user_controller.rb in gds-sso-3.1.0 vs app/controllers/api/user_controller.rb in gds-sso-3.1.1
- old
+ new
@@ -1,6 +1,7 @@
class Api::UserController < ApplicationController
+ skip_before_filter :verify_authenticity_token
before_filter :authenticate_user!
before_filter :require_user_update_permission
def update
user_json = JSON.parse(request.body.read)['user']
@@ -21,16 +22,16 @@
private
# This should mirror the object created by the omniauth-gds strategy/gem
# By doing this, we can reuse the code for creating/updating the user
def build_gds_oauth_hash(user_json)
OmniAuth::AuthHash.new(
- uid: user_json['uid'],
- provider: 'gds',
- info: {
- name: user_json['name'],
+ uid: user_json['uid'],
+ provider: 'gds',
+ info: {
+ name: user_json['name'],
email: user_json['email']
- },
- extra: {
+ },
+ extra: {
user: { permissions: user_json['permissions'] }
})
end
def require_user_update_permission