summaryrefslogtreecommitdiff
path: root/users/app/controllers/sessions_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'users/app/controllers/sessions_controller.rb')
-rw-r--r--users/app/controllers/sessions_controller.rb6
1 files changed, 4 insertions, 2 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 7852e5c..b8043f5 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -15,11 +15,13 @@ class SessionsController < ApplicationController
end
def update
+ # TODO: validate the id belongs to the session
@user = User.find_by_param(params[:id])
- @server_auth = @user.authenticate!(params[:client_auth].hex, session.delete(:handshake))
+ @srp_session = session.delete(:handshake)
+ @server_auth = @srp_session.authenticate!(params[:client_auth].hex)
session[:user_id] = @user.id
User.current = @user #?
- render :json => {:M2 => @server_auth}
+ render :json => {:M2 => "%064x" % @server_auth}
rescue WRONG_PASSWORD
session[:handshake] = nil
render :json => {:errors => {"password" => ["wrong password"]}}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 16:09:39 +0000