diff options
Diffstat (limited to 'users/app')
| m--------- | users/app/assets/javascripts/srp | 0 | ||||
| -rw-r--r-- | users/app/controllers/controller_extension/authentication.rb | 2 | ||||
| -rw-r--r-- | users/app/controllers/sessions_controller.rb | 17 | ||||
| -rw-r--r-- | users/app/views/sessions/new.json.erb | 3 |
4 files changed, 9 insertions, 13 deletions
diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp -Subproject 23350b54ec2723e1b2e333626567c9fe9d1e264 +Subproject 3bf101bc1ef3b5a58fe2f1e2a2e7a681f6de6c0 diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index c3342f3..50cf0d1 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -8,7 +8,7 @@ module ControllerExtension::Authentication end def current_user - @current_user ||= User.find(session[:user_id]) if session[:user_id] + @current_user ||= env['warden'].user end def logged_in? diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..06d55eb 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,24 +3,17 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + if warden.winning_strategy + @errors = warden.winning_strategy.message + end end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + authenticate! end def destroy diff --git a/users/app/views/sessions/new.json.erb b/users/app/views/sessions/new.json.erb new file mode 100644 index 0000000..36154b8 --- /dev/null +++ b/users/app/views/sessions/new.json.erb @@ -0,0 +1,3 @@ +{ +"errors": <%= raw @errors.to_json %> +} |