summaryrefslogtreecommitdiff
path: root/users/app
diff options
context:
space:
mode:
Diffstat (limited to 'users/app')
-rw-r--r--users/app/controllers/sessions_controller.rb6
-rw-r--r--users/app/models/user.rb10
2 files changed, 12 insertions, 4 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 7852e5c..b8043f5 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -15,11 +15,13 @@ class SessionsController < ApplicationController
end
def update
+ # TODO: validate the id belongs to the session
@user = User.find_by_param(params[:id])
- @server_auth = @user.authenticate!(params[:client_auth].hex, session.delete(:handshake))
+ @srp_session = session.delete(:handshake)
+ @server_auth = @srp_session.authenticate!(params[:client_auth].hex)
session[:user_id] = @user.id
User.current = @user #?
- render :json => {:M2 => @server_auth}
+ render :json => {:M2 => "%064x" % @server_auth}
rescue WRONG_PASSWORD
session[:handshake] = nil
render :json => {:errors => {"password" => ["wrong password"]}}
diff --git a/users/app/models/user.rb b/users/app/models/user.rb
index 95ee810..a6aab84 100644
--- a/users/app/models/user.rb
+++ b/users/app/models/user.rb
@@ -1,7 +1,5 @@
class User < CouchRest::Model::Base
- include SRP::Authentication
-
property :login, String, :accessible => true
property :email, String, :accessible => true
property :password_verifier, String, :accessible => true
@@ -38,6 +36,10 @@ class User < CouchRest::Model::Base
super(options.merge(:only => ['login', 'password_salt']))
end
+ def initialize_auth(aa)
+ return SRP::Session.new(self, aa)
+ end
+
def salt
password_salt.hex
end
@@ -46,6 +48,10 @@ class User < CouchRest::Model::Base
password_verifier.hex
end
+ def username
+ login
+ end
+
def self.current
Thread.current[:user]
end