diff options
| author | Azul <azul@leap.se> | 2012-11-12 19:42:00 +0100 |
|---|---|---|
| committer | Azul <azul@leap.se> | 2012-11-12 19:42:00 +0100 |
| commit | a0ba5ec9c705a74b86fdb558436fb05103bf88e3 (patch) | |
| tree | 22e0562166e38eb84dc20c8e7addf3089b3af13c /users/app | |
| parent | 05ea71016fd54a14159c72299c25efbdc2f177bc (diff) | |
| parent | fe8b49232d31681667badaaeff7aa4d0a40445ea (diff) | |
Merge branch 'develop' into feature-client-side-validations
Conflicts:
Gemfile.lock
Diffstat (limited to 'users/app')
| -rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 4 | ||||
| -rw-r--r-- | users/app/controllers/sessions_controller.rb | 18 | ||||
| -rw-r--r-- | users/app/views/sessions/new.json.erb | 3 |
3 files changed, 10 insertions, 15 deletions
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index c3342f3..87f7921 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -7,8 +7,8 @@ module ControllerExtension::Authentication helper_method :current_user, :logged_in?, :admin? end - def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] + def authentication_error + warden.winning_strategy.try(:message) end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..486f67e 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,28 +3,20 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + @errors = authentication_error end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + authenticate! + render :json => session.delete(:handshake) end def destroy - session[:user_id] = nil + logout redirect_to root_path end end diff --git a/users/app/views/sessions/new.json.erb b/users/app/views/sessions/new.json.erb new file mode 100644 index 0000000..36154b8 --- /dev/null +++ b/users/app/views/sessions/new.json.erb @@ -0,0 +1,3 @@ +{ +"errors": <%= raw @errors.to_json %> +} |