summaryrefslogtreecommitdiff
path: root/users/app/controllers/sessions_controller.rb
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2012-09-27 22:39:08 +0200
committerAzul <azul@riseup.net>2012-09-27 22:39:08 +0200
commitebbfe3d77efddbe8f97fa82c171632ac4cfcf6da (patch)
treeb81b55476f4f7889af0e346ebf5dc95afc4a02af /users/app/controllers/sessions_controller.rb
parent1208257bcc0e2a6648b68433a7b7e24791f92583 (diff)
added in leap web users - one repo to rule them all
Diffstat (limited to 'users/app/controllers/sessions_controller.rb')
-rw-r--r--users/app/controllers/sessions_controller.rb30
1 files changed, 30 insertions, 0 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..e68d798
--- /dev/null
+++ b/users/app/controllers/sessions_controller.rb
@@ -0,0 +1,30 @@
+class SessionsController < ApplicationController
+
+ skip_before_filter :verify_authenticity_token
+
+ def new
+ end
+
+ def create
+ @user = User.find_by_param(params[:login])
+ session[:handshake] = @user.initialize_auth(params['A'].hex)
+ render :json => { :B => session[:handshake].bb.to_s(16) }
+ rescue RECORD_NOT_FOUND
+ render :json => {:errors => {:login => ["unknown user"]}}
+ end
+
+ def update
+ @user = User.find_by_param(params[:id])
+ @server_auth = @user.authenticate!(params[:client_auth].hex, session.delete(:handshake))
+ session[:user_id] = @user.id
+ render :json => {:M2 => @server_auth}
+ rescue WRONG_PASSWORD
+ session[:handshake] = nil
+ render :json => {:errors => {"password" => ["wrong password"]}}
+ end
+
+ def destroy
+ session[:user_id] = nil
+ redirect_to root_path
+ end
+end