Merge branch 'develop' into feature-client-side-validations

Conflicts:
	Gemfile.lock

3 files changed, 74 insertions, 0 deletions

diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb
index 9b7545e..7033576 100644
--- a/users/lib/leap_web_users/engine.rb
+++ b/users/lib/leap_web_users/engine.rb
@@ -1,8 +1,12 @@
 # thou shall require all your dependencies in an engine.
 require "leap_web_core"
 require "leap_web_core/ui_dependencies"
+require "rails_warden"
 require "ruby-srp"
 
+require "warden/session_serializer"
+require "warden/strategies/secure_remote_password"
+
 module LeapWebUsers
   class Engine < ::Rails::Engine
 
diff --git a/users/lib/warden/session_serializer.rb b/users/lib/warden/session_serializer.rb
new file mode 100644
index 0000000..81d7076
--- /dev/null
+++ b/users/lib/warden/session_serializer.rb
@@ -0,0 +1,13 @@
+module Warden
+  # Setup Session Serialization
+  class SessionSerializer
+    def serialize(record)
+      [record.class.name, record.id]
+    end
+
+    def deserialize(keys)
+      klass, id = keys
+      klass.constantize.find(id)
+    end
+  end
+end
diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb
new file mode 100644
index 0000000..8266e2d
--- /dev/null
+++ b/users/lib/warden/strategies/secure_remote_password.rb
@@ -0,0 +1,57 @@
+module Warden
+  module Strategies
+    class SecureRemotePassword < Warden::Strategies::Base
+
+      def valid?
+        handshake? || authentication?
+      end
+
+      def authenticate!
+        if authentication?
+          validate!
+        else  # handshake
+          initialize!
+        end
+      end
+
+      protected
+
+      def handshake?
+        params['A'] && params['login']
+      end
+
+      def authentication?
+        params['client_auth'] && session[:handshake]
+      end
+
+      def validate!
+        user = session[:handshake].authenticate(params['client_auth'].hex)
+        user ? success!(user) : fail!(:password => "Could not log in")
+      end
+
+      def initialize!
+        user = User.find_by_param(id)
+        session[:handshake] = user.initialize_auth(params['A'].hex)
+        custom! json_response(session[:handshake])
+      rescue RECORD_NOT_FOUND
+        fail! :login => "User not found!"
+      end
+
+      def json_response(object)
+        [ 200,
+          {"Content-Type" => "application/json; charset=utf-8"},
+          [object.to_json]
+        ]
+      end
+
+      def id
+        params["id"] || params["login"]
+      end
+    end
+  end
+  Warden::Strategies.add :secure_remote_password,
+    Warden::Strategies::SecureRemotePassword
+
+end
+
+