diff --git a/.travis.yml b/.travis.yml index 318816d..77410e0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ before_install: - "if [ $(phantomjs --version) != '2.1.1' ]; then tar -xvf ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C ${PWD}/travis_phantomjs; fi" - "phantomjs --version" -before_script: bundle exec rails db:{setup,migrate} +before_script: bundle exec rails db:test:prepare cache: bundler sudo: false env: RAILSGOAT_MAINTAINER=true diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb index fc696cd..20fb4eb 100644 --- a/app/controllers/api/v1/users_controller.rb +++ b/app/controllers/api/v1/users_controller.rb @@ -18,12 +18,12 @@ class Api::V1::UsersController < ApplicationController def valid_api_token authenticate_or_request_with_http_token do |token, options| # TODO :add some functionality to check if the HTTP Header is valid - identify_user(token) + if !identify_user(token) + redirect_to root_url + end end end - # TODO I don't believe returning from this method is a valid method - # of halting execution anymore. def identify_user(token="") # We've had issues with URL encoding, etc. causing issues so just to be safe # we will go ahead and unescape the user's token @@ -31,8 +31,8 @@ class Api::V1::UsersController < ApplicationController @clean_token =~ /(.*?)-(.*)/ id = $1 hash = $2 - (id && hash) ? true : false - check_hash(id, hash) ? true : false + + check_hash(id, hash) end def check_hash(id, hash) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b4fc055..d577d50 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -25,8 +25,9 @@ class UsersController < ApplicationController def update message = false - - user = User.where("user_id = '#{params[:user][:user_id]}'").first + + user = User.where("user_id = '#{params[:user][:user_id]}'")[0] + if user user.skip_user_id_assign = true user.skip_hash_password = true