summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Gemfile.lock4
-rw-r--r--users/app/controllers/sessions_controller.rb2
-rw-r--r--users/config/initializers/warden.rb35
-rw-r--r--users/leap_web_users.gemspec2
-rw-r--r--users/lib/leap_web_users/engine.rb2
5 files changed, 31 insertions, 14 deletions
diff --git a/Gemfile.lock b/Gemfile.lock
index 5b1fbf6..a9ca432 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -19,8 +19,8 @@ PATH
specs:
leap_web_users (0.1.0)
leap_web_core (= 0.1.0)
+ rails_warden
ruby-srp (~> 0.1.3)
- warden
GEM
remote: https://rubygems.org/
@@ -120,6 +120,8 @@ GEM
activesupport (= 3.2.8)
bundler (~> 1.0)
railties (= 3.2.8)
+ rails_warden (0.5.7)
+ warden (>= 1.0.0)
railties (3.2.8)
actionpack (= 3.2.8)
activesupport (= 3.2.8)
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 3872866..7b7799c 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -6,12 +6,10 @@ class SessionsController < ApplicationController
end
def create
- debugger
env['warden'].authenticate!
end
def update
- debugger
env['warden'].authenticate!
end
diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index bb7dc13..98dd99c 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -1,6 +1,8 @@
-Rails.configuration.middleware.use Warden::Manager do |manager|
- manager.default_strategies :secure_remote_password
- manager.failure_app = SessionsController
+Rails.configuration.middleware.use RailsWarden::Manager do |config|
+ config.default_strategies :secure_remote_password
+ config.failure_app = SessionsController
+ config.default_scope = :user
+ config.scope_defaults :user, :action => :new
end
# Setup Session Serialization
@@ -18,31 +20,46 @@ end
Warden::Strategies.add(:secure_remote_password) do
def valid?
- id && ( params['A'] || params['client_auth'] )
+ handshake? || authentication?
end
def authenticate!
- if params['client_auth'] && session[:handshake]
+ if authentication?
validate!
- else
+ else # handshake
initialize!
end
end
protected
+ def handshake?
+ params['A'] && params['login']
+ end
+
+ def authentication?
+ params['client_auth'] && session[:handshake]
+ end
+
def validate!
srp_session = session.delete(:handshake)
user = srp_session.authenticate(params['client_auth'].hex)
- user.nil? ? fail!("Could not log in") : success!(u)
+ user.nil? ? fail!("Could not log in") : success!(user)
end
def initialize!
user = User.find_by_param(id)
session[:handshake] = user.initialize_auth(params['A'].hex)
- custom! [200, {}, [session[:handshake].to_json]]
+ custom! json_response(session[:handshake])
rescue RECORD_NOT_FOUND
- fail! "User not found"
+ fail! "User not found!"
+ end
+
+ def json_response(object)
+ [ 200,
+ {"Content-Type" => "application/json; charset=utf-8"},
+ [object.to_json]
+ ]
end
def id
diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec
index 477265e..053f8dc 100644
--- a/users/leap_web_users.gemspec
+++ b/users/leap_web_users.gemspec
@@ -18,5 +18,5 @@ Gem::Specification.new do |s|
s.add_dependency "leap_web_core", LeapWeb::VERSION
s.add_dependency "ruby-srp", "~> 0.1.3"
- s.add_dependency "warden"
+ s.add_dependency "rails_warden"
end
diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb
index 25c110e..42ca072 100644
--- a/users/lib/leap_web_users/engine.rb
+++ b/users/lib/leap_web_users/engine.rb
@@ -1,7 +1,7 @@
# thou shall require all your dependencies in an engine.
require "leap_web_core"
require "leap_web_core/ui_dependencies"
-require "warden"
+require "rails_warden"
require "ruby-srp"
module LeapWebUsers