seperated the warden classes from the initializer

also commented the sessions controller test a bit and fixed it

1 files changed, 57 insertions, 0 deletions

diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
new file mode 100644
index 0000000..8266e2d
--- /dev/null
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -0,0 +1,57 @@
+module Warden
+  module Strategies
+    class SecureRemotePassword < Warden::Strategies::Base
+
+      def valid?
+        handshake? || authentication?
+      end
+
+      def authenticate!
+        if authentication?
+          validate!
+        else  # handshake
+          initialize!
+        end
+      end
+
+      protected
+
+      def handshake?
+        params['A'] && params['login']
+      end
+
+      def authentication?
+        params['client_auth'] && session[:handshake]
+      end
+
+      def validate!
+        user = session[:handshake].authenticate(params['client_auth'].hex)
+        user ? success!(user) : fail!(:password => "Could not log in")
+      end
+
+      def initialize!
+        user = User.find_by_param(id)
+        session[:handshake] = user.initialize_auth(params['A'].hex)
+        custom! json_response(session[:handshake])
+      rescue RECORD_NOT_FOUND
+        fail! :login => "User not found!"
+      end
+
+      def json_response(object)
+        [ 200,
+          {"Content-Type" => "application/json; charset=utf-8"},
+          [object.to_json]
+        ]
+      end
+
+      def id
+        params["id"] || params["login"]
+      end
+    end
+  end
+  Warden::Strategies.add :secure_remote_password,
+    Warden::Strategies::SecureRemotePassword
+
+end
+
+