From 194e924cb7c36eafa01b68c74774505e170e47ac Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 30 Oct 2012 12:32:10 +0100
Subject: adding in warden with a basic strategy

currently failing because we are not setting the content-type header.
---
 users/config/initializers/warden.rb | 52 +++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 users/config/initializers/warden.rb

(limited to 'users/config/initializers/warden.rb')

diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
new file mode 100644
index 0000000..bb7dc13
--- /dev/null
+++ b/users/config/initializers/warden.rb
@@ -0,0 +1,52 @@
+Rails.configuration.middleware.use Warden::Manager do |manager|
+  manager.default_strategies :secure_remote_password
+  manager.failure_app = SessionsController
+end
+
+# Setup Session Serialization
+class Warden::SessionSerializer
+  def serialize(record)
+    [record.class.name, record.id]
+  end
+
+  def deserialize(keys)
+    klass, id = keys
+    klass.find(id)
+  end
+end
+
+Warden::Strategies.add(:secure_remote_password) do
+
+  def valid?
+    id && ( params['A'] || params['client_auth'] )
+  end
+
+  def authenticate!
+    if params['client_auth'] && session[:handshake]
+      validate!
+    else
+      initialize!
+    end
+  end
+
+  protected
+
+  def validate!
+    srp_session = session.delete(:handshake)
+    user = srp_session.authenticate(params['client_auth'].hex)
+    user.nil? ? fail!("Could not log in") : success!(u)
+  end
+
+  def initialize!
+    user = User.find_by_param(id)
+    session[:handshake] = user.initialize_auth(params['A'].hex)
+    custom! [200, {}, [session[:handshake].to_json]]
+  rescue RECORD_NOT_FOUND
+    fail! "User not found"
+  end
+
+  def id
+    params["id"] || params["login"]
+  end
+end
+
-- 
cgit v1.2.3


From bcc0f11caeef1b09712b9b62e1607237885d1af5 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 30 Oct 2012 14:42:04 +0100
Subject: using rails_warden bit of refactoring

without rails_warden the failure app action was not getting set properly.
---
 users/config/initializers/warden.rb | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

(limited to 'users/config/initializers/warden.rb')

diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index bb7dc13..98dd99c 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -1,6 +1,8 @@
-Rails.configuration.middleware.use Warden::Manager do |manager|
-  manager.default_strategies :secure_remote_password
-  manager.failure_app = SessionsController
+Rails.configuration.middleware.use RailsWarden::Manager do |config|
+  config.default_strategies :secure_remote_password
+  config.failure_app = SessionsController
+  config.default_scope = :user
+  config.scope_defaults :user, :action => :new
 end
 
 # Setup Session Serialization
@@ -18,31 +20,46 @@ end
 Warden::Strategies.add(:secure_remote_password) do
 
   def valid?
-    id && ( params['A'] || params['client_auth'] )
+    handshake? || authentication?
   end
 
   def authenticate!
-    if params['client_auth'] && session[:handshake]
+    if authentication?
       validate!
-    else
+    else  # handshake
       initialize!
     end
   end
 
   protected
 
+  def handshake?
+    params['A'] && params['login']
+  end
+
+  def authentication?
+    params['client_auth'] && session[:handshake]
+  end
+
   def validate!
     srp_session = session.delete(:handshake)
     user = srp_session.authenticate(params['client_auth'].hex)
-    user.nil? ? fail!("Could not log in") : success!(u)
+    user.nil? ? fail!("Could not log in") : success!(user)
   end
 
   def initialize!
     user = User.find_by_param(id)
     session[:handshake] = user.initialize_auth(params['A'].hex)
-    custom! [200, {}, [session[:handshake].to_json]]
+    custom! json_response(session[:handshake])
   rescue RECORD_NOT_FOUND
-    fail! "User not found"
+    fail! "User not found!"
+  end
+
+  def json_response(object)
+    [ 200,
+      {"Content-Type" => "application/json; charset=utf-8"},
+      [object.to_json]
+    ]
   end
 
   def id
-- 
cgit v1.2.3


From f2825d10e6447ea766fee085841e2b92b0477976 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 30 Oct 2012 15:36:16 +0100
Subject: sending proper error messages from warden.

still need to translate these
---
 users/config/initializers/warden.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'users/config/initializers/warden.rb')

diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index 98dd99c..82753ec 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -1,10 +1,10 @@
 Rails.configuration.middleware.use RailsWarden::Manager do |config|
   config.default_strategies :secure_remote_password
   config.failure_app = SessionsController
-  config.default_scope = :user
-  config.scope_defaults :user, :action => :new
 end
 
+RailsWarden.unauthenticated_action = :new
+
 # Setup Session Serialization
 class Warden::SessionSerializer
   def serialize(record)
@@ -44,7 +44,7 @@ Warden::Strategies.add(:secure_remote_password) do
   def validate!
     srp_session = session.delete(:handshake)
     user = srp_session.authenticate(params['client_auth'].hex)
-    user.nil? ? fail!("Could not log in") : success!(user)
+    user ? success!(user) : fail!(:password => "Could not log in")
   end
 
   def initialize!
@@ -52,7 +52,7 @@ Warden::Strategies.add(:secure_remote_password) do
     session[:handshake] = user.initialize_auth(params['A'].hex)
     custom! json_response(session[:handshake])
   rescue RECORD_NOT_FOUND
-    fail! "User not found!"
+    fail! :login => "User not found!"
   end
 
   def json_response(object)
-- 
cgit v1.2.3


From 63c5b2cafdefbd9b13297faa57ee2f18a5c07bf5 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 9 Nov 2012 16:05:22 +0100
Subject: got integration test and login flow to work

---
 users/config/initializers/warden.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'users/config/initializers/warden.rb')

diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index 82753ec..11b950f 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -13,7 +13,7 @@ class Warden::SessionSerializer
 
   def deserialize(keys)
     klass, id = keys
-    klass.find(id)
+    klass.constantize.find(id)
   end
 end
 
@@ -42,8 +42,7 @@ Warden::Strategies.add(:secure_remote_password) do
   end
 
   def validate!
-    srp_session = session.delete(:handshake)
-    user = srp_session.authenticate(params['client_auth'].hex)
+    user = session[:handshake].authenticate(params['client_auth'].hex)
     user ? success!(user) : fail!(:password => "Could not log in")
   end
 
-- 
cgit v1.2.3


From 5b300b554682c232c0955bdb0dd3d8263dde901e Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 9 Nov 2012 16:45:54 +0100
Subject: seperated the warden classes from the initializer

also commented the sessions controller test a bit and fixed it
---
 users/config/initializers/warden.rb | 61 -------------------------------------
 1 file changed, 61 deletions(-)

(limited to 'users/config/initializers/warden.rb')

diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index 11b950f..45feb6c 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -5,64 +5,3 @@ end
 
 RailsWarden.unauthenticated_action = :new
 
-# Setup Session Serialization
-class Warden::SessionSerializer
-  def serialize(record)
-    [record.class.name, record.id]
-  end
-
-  def deserialize(keys)
-    klass, id = keys
-    klass.constantize.find(id)
-  end
-end
-
-Warden::Strategies.add(:secure_remote_password) do
-
-  def valid?
-    handshake? || authentication?
-  end
-
-  def authenticate!
-    if authentication?
-      validate!
-    else  # handshake
-      initialize!
-    end
-  end
-
-  protected
-
-  def handshake?
-    params['A'] && params['login']
-  end
-
-  def authentication?
-    params['client_auth'] && session[:handshake]
-  end
-
-  def validate!
-    user = session[:handshake].authenticate(params['client_auth'].hex)
-    user ? success!(user) : fail!(:password => "Could not log in")
-  end
-
-  def initialize!
-    user = User.find_by_param(id)
-    session[:handshake] = user.initialize_auth(params['A'].hex)
-    custom! json_response(session[:handshake])
-  rescue RECORD_NOT_FOUND
-    fail! :login => "User not found!"
-  end
-
-  def json_response(object)
-    [ 200,
-      {"Content-Type" => "application/json; charset=utf-8"},
-      [object.to_json]
-    ]
-  end
-
-  def id
-    params["id"] || params["login"]
-  end
-end
-
-- 
cgit v1.2.3