From 1bf82535b25cb17c58a196fdaab639040f48e769 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 6 Feb 2013 16:16:34 +0100 Subject: using ruby-srp 0.1.5 SRP::Client to wrap user in session --- users/lib/warden/strategies/secure_remote_password.rb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'users/lib') diff --git a/users/lib/warden/strategies/secure_remote_password.rb b/users/lib/warden/strategies/secure_remote_password.rb index 594e27e..483336d 100644 --- a/users/lib/warden/strategies/secure_remote_password.rb +++ b/users/lib/warden/strategies/secure_remote_password.rb @@ -25,13 +25,18 @@ module Warden end def validate! - user = session[:handshake].authenticate(params['client_auth'].hex) - user ? success!(user) : fail!(:password => "wrong_password") + client = session[:handshake].authenticate(params['client_auth'].hex) + client ? + success!(User.find_by_login(client.username)) : + fail!(:password => "wrong_password") end def initialize! if user = User.find_by_login(id) - session[:handshake] = user.initialize_auth(params['A'].hex) + client = SRP::Client.new user.username, + :verifier => user.verifier, + :salt => user.salt + session[:handshake] = SRP::Session.new(client, params['A'].hex) custom! json_response(session[:handshake]) else fail! :login => "user_not_found" -- cgit v1.2.3