From 7a57bfab7bc6dce36f6e94079c0f8bfcd3720652 Mon Sep 17 00:00:00 2001
From: Eric Schultz <eric@commitchange.com>
Date: Mon, 1 Mar 2021 17:46:31 -0600
Subject: [PATCH] Add API controller to get the current user. Also create
 authenticate_user_with_json! so we can authenticate properly using JSON.

---
 app/controllers/api/api_controller.rb               |  4 +++-
 app/controllers/api/users_controller.rb             | 13 +++++++++++++
 .../concerns/controllers/user/authorization.rb      |  6 +++++-
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 app/controllers/api/users_controller.rb

diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb
index 01f63cdc..35c4ba3a 100644
--- a/app/controllers/api/api_controller.rb
+++ b/app/controllers/api/api_controller.rb
@@ -2,7 +2,9 @@
 
 # License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
 # Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
-class Api::ApiController < ApplicationController
+class Api::ApiController < ActionController::Base
+    include Controllers::Locale
+    include Controllers::Nonprofit::Authorization
     rescue_from ActiveRecord::RecordInvalid, with: :record_invalid_rescue
     
     protected
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
new file mode 100644
index 00000000..ee7c66c2
--- /dev/null
+++ b/app/controllers/api/users_controller.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
+# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
+class Api::UsersController < Api::ApiController
+	include Controllers::User::Authorization
+
+	before_action :authenticate_user_with_json!
+
+	def current
+		render locals: { user: current_user }
+	end
+end
diff --git a/app/controllers/concerns/controllers/user/authorization.rb b/app/controllers/concerns/controllers/user/authorization.rb
index c8aab54c..60a35d17 100644
--- a/app/controllers/concerns/controllers/user/authorization.rb
+++ b/app/controllers/concerns/controllers/user/authorization.rb
@@ -10,7 +10,11 @@ module Controllers::User::Authorization
 	included do
 		helper_method :current_role?, :administered_nonprofit
 
-		private
+		protected
+
+		def authenticate_user_with_json!
+			reject_with_sign_in({}, :json) unless current_user
+		end
 
 		def authenticate_user!(msg = nil, type = :html)
 			reject_with_sign_in(msg, type) unless current_user