class API::Reporting::OneTimeTokensController

Public Instance Methods

Source
# File app/controllers/api/reporting/one_time_tokens_controller.rb, line 6
def authorize
  @token = ReportingAPI::OneTimeToken.find_by!(token: params[:code])
  @token.delete # <- Tokens are one-time use

  user = @token.user
  user.cis2_info =
    CIS2Info.new(request_session: { "cis2_info" => @token.cis2_info })
  display_name = user.full_name
  display_name +=
    " (#{user.role_description})" if user.role_description.present?

  json_data = {
    jwt: @token.to_jwt,
    user_nav: {
      items: [
        { text: display_name, icon: true },
        { href: logout_path, text: "Log out" }
      ]
    }
  }
  render json: json_data
rescue ActiveRecord::RecordNotFound
  render json: { errors: "invalid_grant" }, status: :forbidden
end