From 194e924cb7c36eafa01b68c74774505e170e47ac Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 12:32:10 +0100 Subject: adding in warden with a basic strategy currently failing because we are not setting the content-type header. --- users/lib/leap_web_users/engine.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'users/lib') diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 9b7545e..25c110e 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -1,6 +1,7 @@ # thou shall require all your dependencies in an engine. require "leap_web_core" require "leap_web_core/ui_dependencies" +require "warden" require "ruby-srp" module LeapWebUsers -- cgit v1.2.3 From bcc0f11caeef1b09712b9b62e1607237885d1af5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 30 Oct 2012 14:42:04 +0100 Subject: using rails_warden bit of refactoring without rails_warden the failure app action was not getting set properly. --- users/lib/leap_web_users/engine.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/lib') diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 25c110e..42ca072 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -1,7 +1,7 @@ # thou shall require all your dependencies in an engine. require "leap_web_core" require "leap_web_core/ui_dependencies" -require "warden" +require "rails_warden" require "ruby-srp" module LeapWebUsers -- cgit v1.2.3 From 5b300b554682c232c0955bdb0dd3d8263dde901e Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 16:45:54 +0100 Subject: seperated the warden classes from the initializer also commented the sessions controller test a bit and fixed it --- users/lib/leap_web_users/engine.rb | 3 ++ users/lib/warden/session_serializer.rb | 13 +++++ .../warden/strategies/secure_remote_password.rb | 57 ++++++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 users/lib/warden/session_serializer.rb create mode 100644 users/lib/warden/strategies/secure_remote_password.rb (limited to 'users/lib') diff --git a/users/lib/leap_web_users/engine.rb b/users/lib/leap_web_users/engine.rb index 42ca072..7033576 100644 --- a/users/lib/leap_web_users/engine.rb +++ b/users/lib/leap_web_users/engine.rb @@ -4,6 +4,9 @@ require "leap_web_core/ui_dependencies" require "rails_warden" require "ruby-srp" +require "warden/session_serializer" +require "warden/strategies/secure_remote_password" + module LeapWebUsers class Engine < ::Rails::Engine diff --git a/users/lib/warden/session_serializer.rb b/users/lib/warden/session_serializer.rb new file mode 100644 index 0000000..81d7076 --- /dev/null +++ b/users/lib/warden/session_serializer.rb @@ -0,0 +1,13 @@ +module Warden + # Setup Session Serialization + class SessionSerializer + def serialize(record) + [record.class.name, record.id] + end + + def deserialize(keys) + klass, id = keys + klass.constantize.find(id) + end + end +end diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb new file mode 100644 index 0000000..8266e2d --- /dev/null +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -0,0 +1,57 @@ +module Warden + module Strategies + class SecureRemotePassword < Warden::Strategies::Base + + def valid? + handshake? || authentication? + end + + def authenticate! + if authentication? + validate! + else # handshake + initialize! + end + end + + protected + + def handshake? + params['A'] && params['login'] + end + + def authentication? + params['client_auth'] && session[:handshake] + end + + def validate! + user = session[:handshake].authenticate(params['client_auth'].hex) + user ? success!(user) : fail!(:password => "Could not log in") + end + + def initialize! + user = User.find_by_param(id) + session[:handshake] = user.initialize_auth(params['A'].hex) + custom! json_response(session[:handshake]) + rescue RECORD_NOT_FOUND + fail! :login => "User not found!" + end + + def json_response(object) + [ 200, + {"Content-Type" => "application/json; charset=utf-8"}, + [object.to_json] + ] + end + + def id + params["id"] || params["login"] + end + end + end + Warden::Strategies.add :secure_remote_password, + Warden::Strategies::SecureRemotePassword + +end + + -- cgit v1.2.3 From 6d5f8d0f993093b51d1f11bb528c535dcf88a969 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 13:05:32 +0100 Subject: beautify login workflow * translating error messages * not caching login and password in js anymore * catching non responses --- users/lib/warden/strategies/secure_remote_password.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'users/lib') diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 8266e2d..95570e0 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -26,7 +26,7 @@ module Warden def validate! user = session[:handshake].authenticate(params['client_auth'].hex) - user ? success!(user) : fail!(:password => "Could not log in") + user ? success!(user) : fail!(:password => "wrong_password") end def initialize! @@ -34,7 +34,7 @@ module Warden session[:handshake] = user.initialize_auth(params['A'].hex) custom! json_response(session[:handshake]) rescue RECORD_NOT_FOUND - fail! :login => "User not found!" + fail! :login => "user_not_found" end def json_response(object) -- cgit v1.2.3 From ee3c9146e4bbe93ec1f00ee45386a82ec4363c4d Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 23 Nov 2012 12:11:11 +0100 Subject: identify user by id so rerendering the form does not use new invalid login --- users/lib/warden/strategies/secure_remote_password.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/lib') diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 95570e0..953e2e9 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -30,7 +30,7 @@ module Warden end def initialize! - user = User.find_by_param(id) + user = User.find_by_login(id) session[:handshake] = user.initialize_auth(params['A'].hex) custom! json_response(session[:handshake]) rescue RECORD_NOT_FOUND -- cgit v1.2.3 From cdda8f095d49cdda94c3527ecb92cb15c300327b Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 12:15:54 +0100 Subject: fixed login error message on wrong username --- users/lib/warden/strategies/secure_remote_password.rb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'users/lib') diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 953e2e9..594e27e 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -30,11 +30,12 @@ module Warden end def initialize! - user = User.find_by_login(id) - session[:handshake] = user.initialize_auth(params['A'].hex) - custom! json_response(session[:handshake]) - rescue RECORD_NOT_FOUND - fail! :login => "user_not_found" + if user = User.find_by_login(id) + session[:handshake] = user.initialize_auth(params['A'].hex) + custom! json_response(session[:handshake]) + else + fail! :login => "user_not_found" + end end def json_response(object) -- cgit v1.2.3