Merge branch 'master' of gitlab.c3sl.ufpr.br:portalmec/portalmec

Gemfile

@@ -22,7 +22,7 @@ gem 'jbuilder', '~> 2.0'
 gem 'sdoc', '~> 0.4.0', group: :doc
 
 # Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
+gem 'bcrypt', '~> 3.1.7'
 
 # Use Unicorn as the app server
 # gem 'unicorn'
@@ -56,7 +56,10 @@ end
 
 # authentication
 gem 'devise'
+
+# enable login via rest
 gem 'devise_token_auth'
+gem 'rack-cors', require: 'rack/cors'
 
 #bootstrap
 gem 'bootstrap-sass'

Gemfile.lock

@@ -152,6 +152,7 @@ GEM
     procto (0.0.2)
     puma (2.13.4)
     rack (1.6.4)
+    rack-cors (0.4.0)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (4.2.0)
@@ -263,6 +264,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  bcrypt (~> 3.1.7)
   better_errors
   bootstrap-sass
   byebug
@@ -280,6 +282,7 @@ DEPENDENCIES
   orientdb4r
   pg
   puma
+  rack-cors
   rails (= 4.2.0)
   rmagick
   rubycritic

app/controllers/application_controller.rb

 class ApplicationController < ActionController::Base
-  include DeviseTokenAuth::Concerns::SetUserByToken
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :null_session
+  include DeviseTokenAuth::Concerns::SetUserByToken
 
   def repository
     Portalmec::Application.repository

config/application.rb

@@ -32,5 +32,18 @@ module Portalmec
       Repository::Environments.fetch Rails.env
     end
 
+    # CORS for login via rest
+    # config.middleware.use Rack::Cors do
+    config.middleware.insert_before 0, "Rack::Cors", :debug => true, :logger => (-> { Rails.logger }) do
+      allow do
+        origins '*'
+        # TODO: change when mobile app is done
+        resource '/auth/*',
+          headers: :any,
+          expose: ['access-token', 'expiry', 'token-type', 'uid', 'client'],
+          methods: [:get, :post, :options, :delete, :put]
+      end
+    end
+
   end
 end