From 1cb63055cbc29aff276a10d51f59c7f707236cec Mon Sep 17 00:00:00 2001
From: guange <8863824@gmail.com>
Date: Sun, 12 Jun 2016 17:18:05 +0800
Subject: [PATCH] =?UTF-8?q?api=E5=8F=AF=E4=BB=A5=E9=80=9A=E8=BF=87openid?=
 =?UTF-8?q?=E6=9D=A5=E8=AE=A4=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/api/mobile/api.rb             | 14 ++++++++++----
 app/api/mobile/apis/activities.rb |  4 +++-
 app/api/mobile/apis/courses.rb    |  1 -
 config/wechat.yml                 |  8 ++++----
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/app/api/mobile/api.rb b/app/api/mobile/api.rb
index 23014b0c1..f3f0cf935 100644
--- a/app/api/mobile/api.rb
+++ b/app/api/mobile/api.rb
@@ -29,16 +29,22 @@ module Mobile
       end
 
       def authenticate!
-        raise('Unauthorized. Invalid or expired token.') unless current_user
+        raise('Unauthorized. 用户认证失败.') unless current_user
       end
 
       def current_user
+        openid = params[:openid]
+        if openid
+          uw = UserWechat.find_by_openid(params[:openid])
+          return uw.user if uw
+        end
+
         token = ApiKey.where(access_token: params[:token]).first
         if token && !token.expired?
-          @current_user = User.find(token.user_id)
-        else
-          nil
+          return User.find(token.user_id)
         end
+
+        nil
       end
     end
 
diff --git a/app/api/mobile/apis/activities.rb b/app/api/mobile/apis/activities.rb
index af17e0f44..49fdaff8f 100644
--- a/app/api/mobile/apis/activities.rb
+++ b/app/api/mobile/apis/activities.rb
@@ -12,7 +12,9 @@ module Mobile
           requires :openid, type: String
         end
         post do
-          user = UserWechat.find_by_openid(params[:openid]).user
+          authenticate!
+
+          user = current_user
 
           shield_project_ids = ShieldActivity.select("shield_id").where("container_type='User' and container_id=#{user.id} and shield_type='Project'").map(&:shield_id)
           shield_course_ids = ShieldActivity.select("shield_id").where("container_type='User' and container_id=#{user.id} and shield_type='Course'").map(&:shield_id)
diff --git a/app/api/mobile/apis/courses.rb b/app/api/mobile/apis/courses.rb
index 591a4e288..3a36a9e37 100644
--- a/app/api/mobile/apis/courses.rb
+++ b/app/api/mobile/apis/courses.rb
@@ -97,7 +97,6 @@ module Mobile
 
         desc "加入课程"
         params do
-          requires :token, type: String
           requires :course_password, type: String
         end
         post ":id" do
diff --git a/config/wechat.yml b/config/wechat.yml
index cf0703e81..cf5be1f2b 100644
--- a/config/wechat.yml
+++ b/config/wechat.yml
@@ -5,11 +5,11 @@ default: &default
 # Or if using public account, only need above two line
 
   # guange test
-  appid: "wxf694495398c7d470"
-  secret: "743e038392f1d89540e95f8f7645849a"
+  #appid: "wxf694495398c7d470"
+  #secret: "743e038392f1d89540e95f8f7645849a"
 
-  #appid: "wx8e1ab05163a28e37"
-  #secret: "beb4d3bc4b32b3557811680835357841"
+  appid: "wx8e1ab05163a28e37"
+  secret: "beb4d3bc4b32b3557811680835357841"
 
   token:    "123456"
   access_token: "1234567"