From 194e924cb7c36eafa01b68c74774505e170e47ac Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 12:32:10 +0100 Subject: adding in warden with a basic strategy currently failing because we are not setting the content-type header. --- users/config/initializers/warden.rb | 52 +++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 users/config/initializers/warden.rb (limited to 'users/config/initializers') diff --git a/users/config/initializers/warden.rb b/users/config/initializers/warden.rb new file mode 100644 index 0000000..bb7dc13 --- /dev/null +++ b/users/config/initializers/warden.rb @@ -0,0 +1,52 @@ +Rails.configuration.middleware.use Warden::Manager do |manager| + manager.default_strategies :secure_remote_password + manager.failure_app = SessionsController +end + +# Setup Session Serialization +class Warden::SessionSerializer + def serialize(record) + [record.class.name, record.id] + end + + def deserialize(keys) + klass, id = keys + klass.find(id) + end +end + +Warden::Strategies.add(:secure_remote_password) do + + def valid? + id && ( params['A'] || params['client_auth'] ) + end + + def authenticate! + if params['client_auth'] && session[:handshake] + validate! + else + initialize! + end + end + + protected + + def validate! + srp_session = session.delete(:handshake) + user = srp_session.authenticate(params['client_auth'].hex) + user.nil? ? fail!("Could not log in") : success!(u) + end + + def initialize! + user = User.find_by_param(id) + session[:handshake] = user.initialize_auth(params['A'].hex) + custom! [200, {}, [session[:handshake].to_json]] + rescue RECORD_NOT_FOUND + fail! "User not found" + end + + def id + params["id"] || params["login"] + end +end + -- cgit v1.2.3