diff options
-rw-r--r-- | Gemfile.lock | 5 | ||||
m--------- | users/app/assets/javascripts/srp | 0 | ||||
-rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 2 | ||||
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 17 | ||||
-rw-r--r-- | users/app/views/sessions/new.json.erb | 3 | ||||
-rw-r--r-- | users/config/initializers/warden.rb | 69 | ||||
-rw-r--r-- | users/leap_web_users.gemspec | 1 | ||||
-rw-r--r-- | users/lib/leap_web_users/engine.rb | 1 |
8 files changed, 85 insertions, 13 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 6792476..01a2291 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -25,6 +25,7 @@ PATH specs: leap_web_users (0.1.0) leap_web_core (= 0.1.0) + rails_warden ruby-srp (~> 0.1.4) GEM @@ -125,6 +126,8 @@ GEM activesupport (= 3.2.8) bundler (~> 1.0) railties (= 3.2.8) + rails_warden (0.5.7) + warden (>= 1.0.0) railties (3.2.8) actionpack (= 3.2.8) activesupport (= 3.2.8) @@ -167,6 +170,8 @@ GEM uglifier (1.2.7) execjs (>= 0.3.0) multi_json (~> 1.3) + warden (1.2.1) + rack (>= 1.0) PLATFORMS ruby diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp -Subproject 23350b54ec2723e1b2e333626567c9fe9d1e264 +Subproject 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c0 diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index c3342f3..50cf0d1 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -8,7 +8,7 @@ module ControllerExtension::Authentication end def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] + @current_user ||= env['warden'].user end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..06d55eb 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,24 +3,17 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + if warden.winning_strategy + @errors = warden.winning_strategy.message + end end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + authenticate! end def destroy diff --git a/users/app/views/sessions/new.json.erb b/users/app/views/sessions/new.json.erb new file mode 100644 index 0000000..36154b8 --- /dev/null +++ b/users/app/views/sessions/new.json.erb @@ -0,0 +1,3 @@ +{ +"errors": <%= raw @errors.to_json %> +} diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb new file mode 100644 index 0000000..82753ec --- /dev/null +++ b/users/config/initializers/warden.rb @@ -0,0 +1,69 @@ +Rails.configuration.middleware.use RailsWarden::Manager do |config| + config.default_strategies :secure_remote_password + config.failure_app = SessionsController +end + +RailsWarden.unauthenticated_action = :new + +# Setup Session Serialization +class Warden::SessionSerializer + def serialize(record) + [record.class.name, record.id] + end + + def deserialize(keys) + klass, id = keys + klass.find(id) + end +end + +Warden::Strategies.add(:secure_remote_password) do + + def valid? + handshake? || authentication? + end + + def authenticate! + if authentication? + validate! + else # handshake + initialize! + end + end + + protected + + def handshake? + params['A'] && params['login'] + end + + def authentication? + params['client_auth'] && session[:handshake] + end + + def validate! + srp_session = session.delete(:handshake) + user = srp_session.authenticate(params['client_auth'].hex) + user ? success!(user) : fail!(:password => "Could not log in") + end + + def initialize! + user = User.find_by_param(id) + session[:handshake] = user.initialize_auth(params['A'].hex) + custom! json_response(session[:handshake]) + rescue RECORD_NOT_FOUND + fail! :login => "User not found!" + end + + def json_response(object) + [ 200, + {"Content-Type" => "application/json; charset=utf-8"}, + [object.to_json] + ] + end + + def id + params["id"] || params["login"] + end +end + diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index dec5a71..0682a99 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -18,4 +18,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION s.add_dependency "ruby-srp", "~> 0.1.4" + s.add_dependency "rails_warden" end diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 9b7545e..42ca072 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -1,6 +1,7 @@ # thou shall require all your dependencies in an engine. require "leap_web_core" require "leap_web_core/ui_dependencies" +require "rails_warden" require "ruby-srp" module LeapWebUsers |