diff options
Diffstat (limited to 'users/lib/warden')
-rw-r--r-- | users/lib/warden/session_serializer.rb | 13 | ||||
-rw-r--r-- | users/lib/warden/strategies/secure_remote_password.rb | 81 |
2 files changed, 0 insertions, 94 deletions
diff --git a/users/lib/warden/session_serializer.rb b/users/lib/warden/session_serializer.rb deleted file mode 100644 index 81d7076..0000000 --- a/users/lib/warden/session_serializer.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Warden - # Setup Session Serialization - class SessionSerializer - def serialize(record) - [record.class.name, record.id] - end - - def deserialize(keys) - klass, id = keys - klass.constantize.find(id) - end - end -end diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb deleted file mode 100644 index 2c334c6..0000000 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ /dev/null @@ -1,81 +0,0 @@ -module Warden - module Strategies - class SecureRemotePassword < Warden::Strategies::Base - - def valid? - handshake? || authentication? - end - - def authenticate! - if authentication? - validate! - else # handshake - initialize! - end - end - - protected - - def handshake? - params['A'] && params['login'] - end - - def authentication? - params['client_auth'] && session[:handshake] - end - - def validate! - if client = validate - success!(User.find_by_login(client.username)) - else - Rails.logger.warn "Login attempt failed." - Rails.logger.debug debug_info - Rails.logger.debug "Received: #{params['client_auth']}" - session.delete(:handshake) - fail!(:base => "invalid_user_pass") - end - end - - def validate - session[:handshake].authenticate(params['client_auth']) - end - - def initialize! - if user = User.find_by_login(id) - client = SRP::Client.new user.username, - :verifier => user.verifier, - :salt => user.salt - session[:handshake] = SRP::Session.new(client, params['A']) - custom! json_response(session[:handshake]) - else - fail! :base => 'invalid_user_pass' - end - rescue SRP::InvalidEphemeral - fail!(:base => "invalid_ephemeral") - end - - def json_response(object) - [ 200, - {"Content-Type" => "application/json; charset=utf-8"}, - [object.to_json] - ] - end - - def id - params["id"] || params["login"] - end - - protected - - def debug_info - JSON.pretty_generate(session[:handshake].internal_state) - end - - end - end - Warden::Strategies.add :secure_remote_password, - Warden::Strategies::SecureRemotePassword - -end - - |