diff options
Diffstat (limited to 'users/app')
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 6 | ||||
-rw-r--r-- | users/app/models/user.rb | 10 |
2 files changed, 12 insertions, 4 deletions
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 7852e5c..b8043f5 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -15,11 +15,13 @@ class SessionsController < ApplicationController end def update + # TODO: validate the id belongs to the session @user = User.find_by_param(params[:id]) - @server_auth = @user.authenticate!(params[:client_auth].hex, session.delete(:handshake)) + @srp_session = session.delete(:handshake) + @server_auth = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id User.current = @user #? - render :json => {:M2 => @server_auth} + render :json => {:M2 => "%064x" % @server_auth} rescue WRONG_PASSWORD session[:handshake] = nil render :json => {:errors => {"password" => ["wrong password"]}} diff --git a/users/app/models/user.rb b/users/app/models/user.rb index 95ee810..a6aab84 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -1,7 +1,5 @@ class User < CouchRest::Model::Base - include SRP::Authentication - property :login, String, :accessible => true property :email, String, :accessible => true property :password_verifier, String, :accessible => true @@ -38,6 +36,10 @@ class User < CouchRest::Model::Base super(options.merge(:only => ['login', 'password_salt'])) end + def initialize_auth(aa) + return SRP::Session.new(self, aa) + end + def salt password_salt.hex end @@ -46,6 +48,10 @@ class User < CouchRest::Model::Base password_verifier.hex end + def username + login + end + def self.current Thread.current[:user] end |