diff options
author | Azul <azul@leap.se> | 2012-11-12 19:16:55 +0100 |
---|---|---|
committer | Azul <azul@leap.se> | 2012-11-12 19:16:55 +0100 |
commit | c886cc17b6f37ddd556e70fe2d76a3ea28db52bf (patch) | |
tree | e27fe040bfaba5840730f466d4c6f90213759d5e /users/app/controllers | |
parent | ca2e1b9f379ccba068ad0ebb852d855f1639cd3a (diff) | |
parent | 5b300b554682c232c0955bdb0dd3d8263dde901e (diff) |
Merge branch 'feature-warden-srp' into develop
Diffstat (limited to 'users/app/controllers')
-rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 4 | ||||
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 18 |
2 files changed, 7 insertions, 15 deletions
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index c3342f3..87f7921 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,8 +7,8 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] + def authentication_error + warden.winning_strategy.try(:message) end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..486f67e 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,28 +3,20 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + @errors = authentication_error end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + authenticate! + render :json => session.delete(:handshake) end def destroy - session[:user_id] = nil + logout redirect_to root_path end end |