From 0c79df9874c59fbaa5c845e07d8fa1b4bbc23b9c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:11:32 +0200 Subject: use ruby-srp 0.1.3 which returns the user on authenticate call Also removed a few hooks to User.current. Will replace with current_user --- users/app/controllers/sessions_controller.rb | 7 +------ users/leap_web_users.gemspec | 2 +- users/test/functional/sessions_controller_test.rb | 20 ++++++++------------ 3 files changed, 10 insertions(+), 19 deletions(-) (limited to 'users') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 284c0e2..4a1107d 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -8,19 +8,15 @@ class SessionsController < ApplicationController def create @user = User.find_by_param(params[:login]) session[:handshake] = @user.initialize_auth(params['A'].hex) - User.current = @user #? render :json => session[:handshake] rescue RECORD_NOT_FOUND render :json => {:errors => {:login => ["unknown user"]}} end def update - # TODO: validate the id belongs to the session - @user = User.find_by_param(params[:id]) @srp_session = session.delete(:handshake) - @srp_session.authenticate!(params[:client_auth].hex) + @user = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id - User.current = @user #? render :json => @srp_session rescue WRONG_PASSWORD session[:handshake] = nil @@ -29,7 +25,6 @@ class SessionsController < ApplicationController def destroy session[:user_id] = nil - User.current = nil #? redirect_to root_path end end diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index f64a76a..6d35f63 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,5 +17,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.1" + s.add_dependency "ruby-srp", "~> 0.1.3" end diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index b6e56a7..47d7052 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -3,6 +3,7 @@ require 'test_helper' class SessionsControllerTest < ActionController::TestCase def setup + @user = stub :login => "me", :id => 123 @client_hex = 'a123' @client_rnd = @client_hex.hex @server_hex = 'b123' @@ -19,14 +20,13 @@ class SessionsControllerTest < ActionController::TestCase end test "should perform handshake" do - user = stub :login => "me", :id => 123 - user.expects(:initialize_auth). + @user.expects(:initialize_auth). with(@client_rnd). returns(@server_handshake) @server_handshake.expects(:to_json). returns({'B' => @server_hex, 'salt' => @salt}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :create, :login => user.login, 'A' => @client_hex + User.expects(:find_by_param).with(@user.login).returns(@user) + post :create, :login => @user.login, 'A' => @client_hex assert_equal @server_handshake, session[:handshake] assert_response :success assert_json_response :B => @server_hex, :salt => @salt @@ -42,27 +42,23 @@ class SessionsControllerTest < ActionController::TestCase test "should authorize" do session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). - returns(@server_auth) + returns(@user) @server_handshake.expects(:to_json). returns({:M2 => @server_auth}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex + post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_json_response :M2 => @server_auth - assert_equal user.id, session[:user_id] + assert_equal @user.id, session[:user_id] end test "should report wrong password" do session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). raises(WRONG_PASSWORD) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex + post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_nil session[:user_id] assert_json_response :errors => {"password" => ["wrong password"]} -- cgit v1.2.3