From bcc0f11caeef1b09712b9b62e1607237885d1af5 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 30 Oct 2012 14:42:04 +0100
Subject: using rails_warden bit of refactoring

without rails_warden the failure app action was not getting set properly.
---
 users/config/initializers/warden.rb | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

(limited to 'users/config/initializers/warden.rb')

diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb
index bb7dc13..98dd99c 100644
--- a/users/config/initializers/warden.rb
+++ b/users/config/initializers/warden.rb
@@ -1,6 +1,8 @@
-Rails.configuration.middleware.use Warden::Manager do |manager|
-  manager.default_strategies :secure_remote_password
-  manager.failure_app = SessionsController
+Rails.configuration.middleware.use RailsWarden::Manager do |config|
+  config.default_strategies :secure_remote_password
+  config.failure_app = SessionsController
+  config.default_scope = :user
+  config.scope_defaults :user, :action => :new
 end
 
 # Setup Session Serialization
@@ -18,31 +20,46 @@ end
 Warden::Strategies.add(:secure_remote_password) do
 
   def valid?
-    id && ( params['A'] || params['client_auth'] )
+    handshake? || authentication?
   end
 
   def authenticate!
-    if params['client_auth'] && session[:handshake]
+    if authentication?
       validate!
-    else
+    else  # handshake
       initialize!
     end
   end
 
   protected
 
+  def handshake?
+    params['A'] && params['login']
+  end
+
+  def authentication?
+    params['client_auth'] && session[:handshake]
+  end
+
   def validate!
     srp_session = session.delete(:handshake)
     user = srp_session.authenticate(params['client_auth'].hex)
-    user.nil? ? fail!("Could not log in") : success!(u)
+    user.nil? ? fail!("Could not log in") : success!(user)
   end
 
   def initialize!
     user = User.find_by_param(id)
     session[:handshake] = user.initialize_auth(params['A'].hex)
-    custom! [200, {}, [session[:handshake].to_json]]
+    custom! json_response(session[:handshake])
   rescue RECORD_NOT_FOUND
-    fail! "User not found"
+    fail! "User not found!"
+  end
+
+  def json_response(object)
+    [ 200,
+      {"Content-Type" => "application/json; charset=utf-8"},
+      [object.to_json]
+    ]
   end
 
   def id
-- 
cgit v1.2.3