summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-04-02 14:20:55 +0200
committerAzul <azul@leap.se>2013-04-02 14:20:55 +0200
commit62c48c5a14ea0c1221216c3e40eb82ef594f2771 (patch)
tree374b3201989f20fa6f6b10a0a63c75cd6ff4f3db
parent869ba2f363a48d0f76321efc08a228f54aeb6758 (diff)
send salt on Session#create without srp ephemeral A
-rw-r--r--users/app/controllers/v1/sessions_controller.rb7
-rw-r--r--users/test/functional/v1/sessions_controller_test.rb11
2 files changed, 16 insertions, 2 deletions
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 0551ca9..9365d76 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -13,7 +13,12 @@ module V1
def create
logout if logged_in?
- authenticate!
+ if params['A']
+ authenticate!
+ else
+ @user = User.find_by_login(params['login'])
+ render :json => {salt: @user.salt}
+ end
end
def update
diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
index be085ce..535da52 100644
--- a/users/test/functional/v1/sessions_controller_test.rb
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -7,7 +7,7 @@ class V1::SessionsControllerTest < ActionController::TestCase
setup do
@request.env['HTTP_HOST'] = 'api.lvh.me'
- @user = stub :login => "me", :id => 123
+ @user = stub_record :user
@client_hex = 'a123'
end
@@ -36,6 +36,15 @@ class V1::SessionsControllerTest < ActionController::TestCase
post :create, :login => @user.login, 'A' => @client_hex
end
+ test "should send salt" do
+ User.expects(:find_by_login).with(@user.login).returns(@user)
+
+ post :create, :login => @user.login
+
+ assert_equal @user, assigns(:user)
+ assert_json_response salt: @user.salt
+ end
+
test "should authorize" do
request.env['warden'].expects(:authenticate!)
@controller.expects(:current_user).returns(@user)