cutalion/SetupMeetup

View on GitHub
app/controllers/persona_controller.rb

Summary

Maintainability
A
0 mins
Test Coverage
class PersonaController < ApplicationController

  # verifies the load and logs the user in
  def login
    data = validate_assertion(params[:assertion])

    if data['status'] == 'okay'
      self.current_user = User.find_or_create_by(email: data['email'])
    end

    render json: data
  end

  # flushes the session
  def logout
    self.current_user = nil
    render text: ''
  end

  private

  # validates that the assertion is really issued by the provider
  def validate_assertion(assertion)
    Nestful.post 'https://verifier.login.persona.org/verify',
      format: :json,
      params: { assertion: assertion, audience: url_for(:root) }
  end

end