diff options
-rw-r--r-- | Gemfile.lock | 3 | ||||
-rw-r--r-- | users/app/controllers/application_controller.rb | 2 | ||||
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 16 | ||||
-rw-r--r-- | users/config/initializers/warden.rb | 52 | ||||
-rw-r--r-- | users/leap_web_users.gemspec | 1 | ||||
-rw-r--r-- | users/lib/leap_web_users/engine.rb | 1 |
6 files changed, 62 insertions, 13 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index a982c2a..5b1fbf6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,6 +20,7 @@ PATH leap_web_users (0.1.0) leap_web_core (= 0.1.0) ruby-srp (~> 0.1.3) + warden GEM remote: https://rubygems.org/ @@ -161,6 +162,8 @@ GEM uglifier (1.2.7) execjs (>= 0.3.0) multi_json (~> 1.3) + warden (1.2.1) + rack (>= 1.0) PLATFORMS ruby diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb index 64e1a55..8388dda 100644 --- a/users/app/controllers/application_controller.rb +++ b/users/app/controllers/application_controller.rb @@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base private def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] + @current_user ||= env['warden'].user end helper_method :current_user diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..3872866 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -6,21 +6,13 @@ class SessionsController < ApplicationController end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + debugger + env['warden'].authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + debugger + env['warden'].authenticate! end def destroy diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb new file mode 100644 index 0000000..bb7dc13 --- /dev/null +++ b/users/config/initializers/warden.rb @@ -0,0 +1,52 @@ +Rails.configuration.middleware.use Warden::Manager do |manager| + manager.default_strategies :secure_remote_password + manager.failure_app = SessionsController +end + +# Setup Session Serialization +class Warden::SessionSerializer + def serialize(record) + [record.class.name, record.id] + end + + def deserialize(keys) + klass, id = keys + klass.find(id) + end +end + +Warden::Strategies.add(:secure_remote_password) do + + def valid? + id && ( params['A'] || params['client_auth'] ) + end + + def authenticate! + if params['client_auth'] && session[:handshake] + validate! + else + initialize! + end + end + + protected + + def validate! + srp_session = session.delete(:handshake) + user = srp_session.authenticate(params['client_auth'].hex) + user.nil? ? fail!("Could not log in") : success!(u) + end + + def initialize! + user = User.find_by_param(id) + session[:handshake] = user.initialize_auth(params['A'].hex) + custom! [200, {}, [session[:handshake].to_json]] + rescue RECORD_NOT_FOUND + fail! "User not found" + end + + def id + params["id"] || params["login"] + end +end + diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index 6d35f63..477265e 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -18,4 +18,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION s.add_dependency "ruby-srp", "~> 0.1.3" + s.add_dependency "warden" end diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 9b7545e..25c110e 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -1,6 +1,7 @@ # thou shall require all your dependencies in an engine. require "leap_web_core" require "leap_web_core/ui_dependencies" +require "warden" require "ruby-srp" module LeapWebUsers |