From 0c79df9874c59fbaa5c845e07d8fa1b4bbc23b9c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:11:32 +0200 Subject: use ruby-srp 0.1.3 which returns the user on authenticate call Also removed a few hooks to User.current. Will replace with current_user --- users/app/controllers/sessions_controller.rb | 7 +------ users/leap_web_users.gemspec | 2 +- users/test/functional/sessions_controller_test.rb | 20 ++++++++------------ 3 files changed, 10 insertions(+), 19 deletions(-) (limited to 'users') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 284c0e2..4a1107d 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -8,19 +8,15 @@ class SessionsController < ApplicationController def create @user = User.find_by_param(params[:login]) session[:handshake] = @user.initialize_auth(params['A'].hex) - User.current = @user #? render :json => session[:handshake] rescue RECORD_NOT_FOUND render :json => {:errors => {:login => ["unknown user"]}} end def update - # TODO: validate the id belongs to the session - @user = User.find_by_param(params[:id]) @srp_session = session.delete(:handshake) - @srp_session.authenticate!(params[:client_auth].hex) + @user = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id - User.current = @user #? render :json => @srp_session rescue WRONG_PASSWORD session[:handshake] = nil @@ -29,7 +25,6 @@ class SessionsController < ApplicationController def destroy session[:user_id] = nil - User.current = nil #? redirect_to root_path end end diff --git a/users/leap_web_users.gemspec b/users/leap_web_users.gemspec index f64a76a..6d35f63 100644 --- a/users/leap_web_users.gemspec +++ b/users/leap_web_users.gemspec @@ -17,5 +17,5 @@ Gem::Specification.new do |s| s.add_dependency "leap_web_core", LeapWeb::VERSION - s.add_dependency "ruby-srp", "~> 0.1.1" + s.add_dependency "ruby-srp", "~> 0.1.3" end diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index b6e56a7..47d7052 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -3,6 +3,7 @@ require 'test_helper' class SessionsControllerTest < ActionController::TestCase def setup + @user = stub :login => "me", :id => 123 @client_hex = 'a123' @client_rnd = @client_hex.hex @server_hex = 'b123' @@ -19,14 +20,13 @@ class SessionsControllerTest < ActionController::TestCase end test "should perform handshake" do - user = stub :login => "me", :id => 123 - user.expects(:initialize_auth). + @user.expects(:initialize_auth). with(@client_rnd). returns(@server_handshake) @server_handshake.expects(:to_json). returns({'B' => @server_hex, 'salt' => @salt}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :create, :login => user.login, 'A' => @client_hex + User.expects(:find_by_param).with(@user.login).returns(@user) + post :create, :login => @user.login, 'A' => @client_hex assert_equal @server_handshake, session[:handshake] assert_response :success assert_json_response :B => @server_hex, :salt => @salt @@ -42,27 +42,23 @@ class SessionsControllerTest < ActionController::TestCase test "should authorize" do session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). - returns(@server_auth) + returns(@user) @server_handshake.expects(:to_json). returns({:M2 => @server_auth}.to_json) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex + post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_json_response :M2 => @server_auth - assert_equal user.id, session[:user_id] + assert_equal @user.id, session[:user_id] end test "should report wrong password" do session[:handshake] = @server_handshake - user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). raises(WRONG_PASSWORD) - User.expects(:find_by_param).with(user.login).returns(user) - post :update, :id => user.login, :client_auth => @client_hex + post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_nil session[:user_id] assert_json_response :errors => {"password" => ["wrong password"]} -- cgit v1.2.3 From 28b51dc38ad71b8a7468aa91d8ce8d3059d9bb69 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 11 Oct 2012 17:41:00 +0200 Subject: current_user and authenticate methods --- users/app/controllers/application_controller.rb | 14 ++++++++++++++ users/config/routes.rb | 6 +++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 users/app/controllers/application_controller.rb (limited to 'users') diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb new file mode 100644 index 0000000..64e1a55 --- /dev/null +++ b/users/app/controllers/application_controller.rb @@ -0,0 +1,14 @@ +class ApplicationController < ActionController::Base + protect_from_forgery + + private + + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end + helper_method :current_user + + def authorize + redirect_to login_url, alert: "Not authorized" if current_user.nil? + end +end diff --git a/users/config/routes.rb b/users/config/routes.rb index cfc0407..522c40c 100644 --- a/users/config/routes.rb +++ b/users/config/routes.rb @@ -1,10 +1,10 @@ Rails.application.routes.draw do - get "log_in" => "sessions#new", :as => "log_in" - get "log_out" => "sessions#destroy", :as => "log_out" + get "login" => "sessions#new", :as => "login" + get "logout" => "sessions#destroy", :as => "logout" resources :sessions, :only => [:new, :create, :update, :destroy] - get "sign_up" => "users#new", :as => "sign_up" + get "signup" => "users#new", :as => "signup" resources :users, :only => [:new, :create] end -- cgit v1.2.3 From 42cf5141bd7743d16259b0771607ea6a8cbc0fd3 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Oct 2012 11:44:07 +0200 Subject: updated srp_js --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d6a7804..6feb770 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d6a78049f3356d9d645143362eca74434410bf62 +Subproject commit 6feb77060140fe8026812970c4d5ea83da3cd200 -- cgit v1.2.3 From 8841958868fdd11ec49ee6de32ff79f1aa6083fa Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Oct 2012 12:55:03 +0200 Subject: adding login function for srp --- users/app/assets/javascripts/users.js.coffee | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'users') diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 160a7f0..07dbc32 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -27,7 +27,7 @@ validate_password = (event) -> insert_verifier = (event) -> # TODO: verify password confimation - srp = new SRP + srp = new SRP(jqueryRest()) salt = srp.session.getSalt() $('#srp_salt').val(salt) $('#srp_password_verifier').val(srp.session.getV().toString(16)) @@ -35,7 +35,14 @@ insert_verifier = (event) -> $('#srp_password').val('cleared out - use verifier instead') $('#srp_password_confirmation').val('using srp - store verifier') +login = (event) -> + srp = new SRP(jqueryRest()) + srp.identify() + false + + $(document).ready -> $('#new_user').submit validate_password $('#new_user').submit insert_verifier + $('#new_session').submit login -- cgit v1.2.3 From b85316cc00f53343bc6555b10c79f9aadd86e06f Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 16 Oct 2012 17:29:11 +0200 Subject: working version of srp_js --- users/app/assets/javascripts/srp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index 6feb770..d21474a 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit 6feb77060140fe8026812970c4d5ea83da3cd200 +Subproject commit d21474a0290edab1c765741d484335d83f50be75 -- cgit v1.2.3 From fdfdc86eb96f670a580eb58b1b3d41560a269ac1 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 12:39:40 +0200 Subject: improved signup and login js --- users/app/assets/javascripts/srp | 2 +- users/app/assets/javascripts/users.js.coffee | 16 ++++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) (limited to 'users') diff --git a/users/app/assets/javascripts/srp b/users/app/assets/javascripts/srp index d21474a..5a0ceeb 160000 --- a/users/app/assets/javascripts/srp +++ b/users/app/assets/javascripts/srp @@ -1 +1 @@ -Subproject commit d21474a0290edab1c765741d484335d83f50be75 +Subproject commit 5a0ceeb1ca0055719a9b8977a799362163955766 diff --git a/users/app/assets/javascripts/users.js.coffee b/users/app/assets/javascripts/users.js.coffee index 07dbc32..1c00663 100644 --- a/users/app/assets/javascripts/users.js.coffee +++ b/users/app/assets/javascripts/users.js.coffee @@ -25,24 +25,20 @@ validate_password = (event) -> return true -insert_verifier = (event) -> - # TODO: verify password confimation +signup = (event) -> srp = new SRP(jqueryRest()) - salt = srp.session.getSalt() - $('#srp_salt').val(salt) - $('#srp_password_verifier').val(srp.session.getV().toString(16)) - # clear the password so we do not submit it - $('#srp_password').val('cleared out - use verifier instead') - $('#srp_password_confirmation').val('using srp - store verifier') + srp.register() + false login = (event) -> srp = new SRP(jqueryRest()) - srp.identify() + srp.identify -> + window.location = '/' false $(document).ready -> $('#new_user').submit validate_password - $('#new_user').submit insert_verifier + $('#new_user').submit signup $('#new_session').submit login -- cgit v1.2.3 From fe23b7896a04a50980c28a8b66c08ce2885ad0d3 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 12:40:12 +0200 Subject: complete signup, login, logout workflow --- users/app/views/users/new.html.haml | 2 -- 1 file changed, 2 deletions(-) (limited to 'users') diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index f6ece3a..af53331 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -4,7 +4,5 @@ = f.input :login, :input_html => { :id => :srp_username } = f.input :password, :required => true, :input_html => { :id => :srp_password } = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.input :password_verifier, :as => :hidden, :input_html => { :id => :srp_password_verifier } - = f.input :password_salt, :as => :hidden, :input_html => { :id => :srp_salt } = f.button :submit, :value => t(:signup), :class => 'btn-primary' = link_to t(:cancel), root_url, :class => :btn -- cgit v1.2.3 From dc0584f7d993ef7c75fbdd9d341ebb3337f3448d Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Oct 2012 15:19:09 +0200 Subject: UI tweaks including newer version of bootstrap --- users/app/views/sessions/new.html.haml | 15 ++++++++------- users/app/views/users/new.html.haml | 17 +++++++++-------- users/config/locales/en.yml | 6 ++++++ 3 files changed, 23 insertions(+), 15 deletions(-) create mode 100644 users/config/locales/en.yml (limited to 'users') diff --git a/users/app/views/sessions/new.html.haml b/users/app/views/sessions/new.html.haml index 39ee7bf..c91d3f2 100644 --- a/users/app/views/sessions/new.html.haml +++ b/users/app/views/sessions/new.html.haml @@ -1,7 +1,8 @@ -%h2=t :login -= simple_form_for :session, :url => sessions_path, :html => { :id => :new_session } do |f| - %legend=t :login_message - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :input_html => { :id => :srp_password } - = f.button :submit, :value => t(:login), :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn +.span8.offset2 + %h2=t :login + = simple_form_for :session, :url => sessions_path, :html => { :id => :new_session, :class => 'form-horizontal' } do |f| + %legend=t :login_message + = f.input :login, :input_html => { :id => :srp_username } + = f.input :password, :required => true, :input_html => { :id => :srp_password } + = f.button :submit, :value => t(:login), :class => 'btn-primary' + = link_to t(:cancel), root_url, :class => :btn diff --git a/users/app/views/users/new.html.haml b/users/app/views/users/new.html.haml index af53331..835e99a 100644 --- a/users/app/views/users/new.html.haml +++ b/users/app/views/users/new.html.haml @@ -1,8 +1,9 @@ -%h2=t :signup -= simple_form_for @user do |f| - %legend=t :signup_message - = f.input :login, :input_html => { :id => :srp_username } - = f.input :password, :required => true, :input_html => { :id => :srp_password } - = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } - = f.button :submit, :value => t(:signup), :class => 'btn-primary' - = link_to t(:cancel), root_url, :class => :btn +.span8.offset2 + %h2=t :signup + = simple_form_for @user, :html => {:class => 'form-horizontal'} do |f| + %legend=t :signup_message + = f.input :login, :input_html => { :id => :srp_username } + = f.input :password, :required => true, :input_html => { :id => :srp_password } + = f.input :password_confirmation, :required => true, :input_html => { :id => :srp_password_confirmation } + = f.button :submit, :value => t(:signup), :class => 'btn-primary' + = link_to t(:cancel), root_url, :class => :btn diff --git a/users/config/locales/en.yml b/users/config/locales/en.yml new file mode 100644 index 0000000..172b85f --- /dev/null +++ b/users/config/locales/en.yml @@ -0,0 +1,6 @@ +en: + signup: "Sign up" + signup_message: "Please create an account." + cancel: "Cancel" + login: "Login" + login_message: "Please login with your account." -- cgit v1.2.3