diff options
author | azul <azul@riseup.net> | 2013-02-06 07:53:21 -0800 |
---|---|---|
committer | azul <azul@riseup.net> | 2013-02-06 07:53:21 -0800 |
commit | 40955e06c038ad3d84bfe88052c501fb7a6208d8 (patch) | |
tree | b63e83731066d7da948509c391bd0a3f1cfc30f3 /users/lib/warden | |
parent | 70e05a181ce3b79a6ea9b5c76eab5102e94860ca (diff) | |
parent | f1f33f7e041c9e831e27ca5084ce1dd8a35a7c45 (diff) |
Merge pull request #25 from leapcode/feature/keep-session-small
Ensure user data does not clutter session[:handshake]
Diffstat (limited to 'users/lib/warden')
-rw-r--r-- | users/lib/warden/strategies/secure_remote_password.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 594e27e..483336d 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -25,13 +25,18 @@ module Warden end def validate! - user = session[:handshake].authenticate(params['client_auth'].hex) - user ? success!(user) : fail!(:password => "wrong_password") + client = session[:handshake].authenticate(params['client_auth'].hex) + client ? + success!(User.find_by_login(client.username)) : + fail!(:password => "wrong_password") end def initialize! if user = User.find_by_login(id) - session[:handshake] = user.initialize_auth(params['A'].hex) + client = SRP::Client.new user.username, + :verifier => user.verifier, + :salt => user.salt + session[:handshake] = SRP::Session.new(client, params['A'].hex) custom! json_response(session[:handshake]) else fail! :login => "user_not_found" |