From 0c79df9874c59fbaa5c845e07d8fa1b4bbc23b9c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:11:32 +0200 Subject: use ruby-srp 0.1.3 which returns the user on authenticate call Also removed a few hooks to User.current. Will replace with current_user --- users/app/controllers/sessions_controller.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 284c0e2..4a1107d 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -8,19 +8,15 @@ class SessionsController < ApplicationController def create @user = User.find_by_param(params[:login]) session[:handshake] = @user.initialize_auth(params['A'].hex) - User.current = @user #? render :json => session[:handshake] rescue RECORD_NOT_FOUND render :json => {:errors => {:login => ["unknown user"]}} end def update - # TODO: validate the id belongs to the session - @user = User.find_by_param(params[:id]) @srp_session = session.delete(:handshake) - @srp_session.authenticate!(params[:client_auth].hex) + @user = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id - User.current = @user #? render :json => @srp_session rescue WRONG_PASSWORD session[:handshake] = nil @@ -29,7 +25,6 @@ class SessionsController < ApplicationController def destroy session[:user_id] = nil - User.current = nil #? redirect_to root_path end end -- cgit v1.2.3 From 194e924cb7c36eafa01b68c74774505e170e47ac Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 12:32:10 +0100 Subject: adding in warden with a basic strategy currently failing because we are not setting the content-type header. --- users/app/controllers/sessions_controller.rb | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 4a1107d..3872866 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -6,21 +6,13 @@ class SessionsController < ApplicationController end def create - @user = User.find_by_param(params[:login]) - session[:handshake] = @user.initialize_auth(params['A'].hex) - render :json => session[:handshake] - rescue RECORD_NOT_FOUND - render :json => {:errors => {:login => ["unknown user"]}} + debugger + env['warden'].authenticate! end def update - @srp_session = session.delete(:handshake) - @user = @srp_session.authenticate!(params[:client_auth].hex) - session[:user_id] = @user.id - render :json => @srp_session - rescue WRONG_PASSWORD - session[:handshake] = nil - render :json => {:errors => {"password" => ["wrong password"]}} + debugger + env['warden'].authenticate! end def destroy -- cgit v1.2.3 From bcc0f11caeef1b09712b9b62e1607237885d1af5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 14:42:04 +0100 Subject: using rails_warden bit of refactoring without rails_warden the failure app action was not getting set properly. --- users/app/controllers/sessions_controller.rb | 2 -- 1 file changed, 2 deletions(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 3872866..7b7799c 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -6,12 +6,10 @@ class SessionsController < ApplicationController end def create - debugger env['warden'].authenticate! end def update - debugger env['warden'].authenticate! end -- cgit v1.2.3 From f2825d10e6447ea766fee085841e2b92b0477976 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 15:36:16 +0100 Subject: sending proper error messages from warden. still need to translate these --- users/app/controllers/sessions_controller.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 7b7799c..06d55eb 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,14 +3,17 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + if warden.winning_strategy + @errors = warden.winning_strategy.message + end end def create - env['warden'].authenticate! + authenticate! end def update - env['warden'].authenticate! + authenticate! end def destroy -- cgit v1.2.3 From ef90c45998b33ba8606c3786875e21496ace4686 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 22:14:13 +0100 Subject: fixed functional tests --- users/app/controllers/sessions_controller.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 06d55eb..722265a 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,9 +3,7 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new - if warden.winning_strategy - @errors = warden.winning_strategy.message - end + @errors = authentication_error end def create @@ -17,7 +15,7 @@ class SessionsController < ApplicationController end def destroy - session[:user_id] = nil + logout redirect_to root_path end end -- cgit v1.2.3 From da2804c8f8a800851fa1863f579e2b8e9a57b4cc Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 6 Nov 2012 11:51:10 +0100 Subject: first steps towards warden srp testing --- users/app/controllers/sessions_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 722265a..72e2892 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -11,6 +11,7 @@ class SessionsController < ApplicationController end def update + debugger authenticate! end -- cgit v1.2.3 From 63c5b2cafdefbd9b13297faa57ee2f18a5c07bf5 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 16:05:22 +0100 Subject: got integration test and login flow to work --- users/app/controllers/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 72e2892..486f67e 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -11,8 +11,8 @@ class SessionsController < ApplicationController end def update - debugger authenticate! + render :json => session.delete(:handshake) end def destroy -- cgit v1.2.3 From 7e5db2a28ba872154e5f5002bb84d149a512e36e Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 10:33:21 +0100 Subject: using the new srp.js api --- users/app/controllers/sessions_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 486f67e..66c1c4f 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,7 +3,9 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new - @errors = authentication_error + if @errors = authentication_error + render :status => 422 + end end def create -- cgit v1.2.3 From cec9ad7c514f2f3c767bd12bfc3df28db4d1a98b Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 11:36:25 +0100 Subject: using client side validations for login --- users/app/controllers/sessions_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 66c1c4f..32d1ddc 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -3,6 +3,7 @@ class SessionsController < ApplicationController skip_before_filter :verify_authenticity_token def new + @session = Session.new if @errors = authentication_error render :status => 422 end -- cgit v1.2.3 From 6d5f8d0f993093b51d1f11bb528c535dcf88a969 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 13:05:32 +0100 Subject: beautify login workflow * translating error messages * not caching login and password in js anymore * catching non responses --- users/app/controllers/sessions_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'users/app/controllers/sessions_controller.rb') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 32d1ddc..bc910b5 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -4,7 +4,8 @@ class SessionsController < ApplicationController def new @session = Session.new - if @errors = authentication_error + if authentication_errors + @errors = authentication_errors render :status => 422 end end -- cgit v1.2.3