adding in warden with a basic strategy

currently failing because we are not setting the content-type header.
author: Azul <azul@leap.se> 2012-10-30 12:32:10 +0100
committer: Azul <azul@leap.se> 2012-10-30 12:32:10 +0100
commit: 194e924cb7c36eafa01b68c74774505e170e47ac (patch)
tree: d6f655010c2cc25b31e1b95b2cef78c962f9c84f
parent: 3ba2e664a26e96a93c8640b57241af6386db361e (diff)
6 files changed, 62 insertions, 13 deletions
diff --git a/Gemfile.lock b/Gemfile.lock
index a982c2a..5b1fbf6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -20,6 +20,7 @@ PATH
     leap_web_users (0.1.0)
       leap_web_core (= 0.1.0)
       ruby-srp (~> 0.1.3)
+      warden
 
 GEM
   remote: https://rubygems.org/
@@ -161,6 +162,8 @@ GEM
     uglifier (1.2.7)
       execjs (>= 0.3.0)
       multi_json (~> 1.3)
+    warden (1.2.1)
+      rack (>= 1.0)
 
 PLATFORMS
   ruby
diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb
index 64e1a55..8388dda 100644
--- a/users/app/controllers/application_controller.rb
+++ b/users/app/controllers/application_controller.rb
@@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base
   private
 
   def current_user
-    @current_user ||= User.find(session[:user_id]) if session[:user_id]
+    @current_user ||= env['warden'].user
   end
   helper_method :current_user
 
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 4a1107d..3872866 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -6,21 +6,13 @@ class SessionsController < ApplicationController
   end
 
   def create
-    @user = User.find_by_param(params[:login])
-    session[:handshake] = @user.initialize_auth(params['A'].hex)
-    render :json => session[:handshake]
-  rescue RECORD_NOT_FOUND
-    render :json => {:errors => {:login => ["unknown user"]}}
+    debugger
+    env['warden'].authenticate!
   end
 
   def update
-    @srp_session = session.delete(:handshake)
-    @user = @srp_session.authenticate!(params[:client_auth].hex)
-    session[:user_id] = @user.id
-    render :json => @srp_session
-  rescue WRONG_PASSWORD
-    session[:handshake] = nil
-    render :json => {:errors => {"password" => ["wrong password"]}}
+    debugger
+    env['warden'].authenticate!
   end
 
   def destroy
diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
new file mode 100644
index 0000000..bb7dc13
--- /dev/null
+++ b/users/config/initializers/warden.rb
@@ -0,0 +1,52 @@
+Rails.configuration.middleware.use Warden::Manager do |manager|
+  manager.default_strategies :secure_remote_password
+  manager.failure_app = SessionsController
+end
+
+# Setup Session Serialization
+class Warden::SessionSerializer
+  def serialize(record)
+    [record.class.name, record.id]
+  end
+
+  def deserialize(keys)
+    klass, id = keys
+    klass.find(id)
+  end
+end
+
+Warden::Strategies.add(:secure_remote_password) do
+
+  def valid?
+    id && ( params['A'] || params['client_auth'] )
+  end
+
+  def authenticate!
+    if params['client_auth'] && session[:handshake]
+      validate!
+    else
+      initialize!
+    end
+  end
+
+  protected
+
+  def validate!
+    srp_session = session.delete(:handshake)
+    user = srp_session.authenticate(params['client_auth'].hex)
+    user.nil? ? fail!("Could not log in") : success!(u)
+  end
+
+  def initialize!
+    user = User.find_by_param(id)
+    session[:handshake] = user.initialize_auth(params['A'].hex)
+    custom! [200, {}, [session[:handshake].to_json]]
+  rescue RECORD_NOT_FOUND
+    fail! "User not found"
+  end
+
+  def id
+    params["id"] || params["login"]
+  end
+end
+
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 6d35f63..477265e 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -18,4 +18,5 @@ Gem::Specification.new do |s|
   s.add_dependency "leap_web_core", LeapWeb::VERSION
 
   s.add_dependency "ruby-srp", "~> 0.1.3"
+  s.add_dependency "warden"
 end
diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb
index 9b7545e..25c110e 100644
--- a/users/lib/leap_web_users/engine.rb
+++ b/users/lib/leap_web_users/engine.rb
@@ -1,6 +1,7 @@
 # thou shall require all your dependencies in an engine.
 require "leap_web_core"
 require "leap_web_core/ui_dependencies"
+require "warden"
 require "ruby-srp"
 
 module LeapWebUsers
author	Azul <azul@leap.se>	2012-10-30 12:32:10 +0100
committer	Azul <azul@leap.se>	2012-10-30 12:32:10 +0100
commit	194e924cb7c36eafa01b68c74774505e170e47ac (patch)
tree	d6f655010c2cc25b31e1b95b2cef78c962f9c84f
parent	3ba2e664a26e96a93c8640b57241af6386db361e (diff)