Merge pull request #25 from leapcode/feature/keep-session-small

Ensure user data does not clutter session[:handshake]
author: azul <azul@riseup.net> 2013-02-06 07:53:21 -0800
committer: azul <azul@riseup.net> 2013-02-06 07:53:21 -0800
commit: 40955e06c038ad3d84bfe88052c501fb7a6208d8 (patch)
tree: b63e83731066d7da948509c391bd0a3f1cfc30f3 /users/lib/warden/strategies
parent: 70e05a181ce3b79a6ea9b5c76eab5102e94860ca (diff)
parent: f1f33f7e041c9e831e27ca5084ce1dd8a35a7c45 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
index 594e27e..483336d 100644
--- a/users/lib/warden/strategies/secure_remote_password.rb
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -25,13 +25,18 @@ module Warden
       end
 
       def validate!
-        user = session[:handshake].authenticate(params['client_auth'].hex)
-        user ? success!(user) : fail!(:password => "wrong_password")
+        client = session[:handshake].authenticate(params['client_auth'].hex)
+        client ?
+          success!(User.find_by_login(client.username)) :
+          fail!(:password => "wrong_password")
       end
 
       def initialize!
         if user = User.find_by_login(id)
-          session[:handshake] = user.initialize_auth(params['A'].hex)
+          client = SRP::Client.new user.username,
+            :verifier => user.verifier,
+            :salt => user.salt
+          session[:handshake] = SRP::Session.new(client, params['A'].hex)
           custom! json_response(session[:handshake])
         else
           fail! :login => "user_not_found"
author	azul <azul@riseup.net>	2013-02-06 07:53:21 -0800
committer	azul <azul@riseup.net>	2013-02-06 07:53:21 -0800
commit	40955e06c038ad3d84bfe88052c501fb7a6208d8 (patch)
tree	b63e83731066d7da948509c391bd0a3f1cfc30f3 /users/lib/warden/strategies
parent	70e05a181ce3b79a6ea9b5c76eab5102e94860ca (diff)
parent	f1f33f7e041c9e831e27ca5084ce1dd8a35a7c45 (diff)