blob: b8043f56361dabf8f849d65dc98ee93a25125359 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
class SessionsController < ApplicationController
skip_before_filter :verify_authenticity_token
def new
end
def create
@user = User.find_by_param(params[:login])
session[:handshake] = @user.initialize_auth(params['A'].hex)
User.current = @user #?
render :json => { :B => session[:handshake].bb.to_s(16), :salt => @user.password_salt }
rescue RECORD_NOT_FOUND
render :json => {:errors => {:login => ["unknown user"]}}
end
def update
# TODO: validate the id belongs to the session
@user = User.find_by_param(params[:id])
@srp_session = session.delete(:handshake)
@server_auth = @srp_session.authenticate!(params[:client_auth].hex)
session[:user_id] = @user.id
User.current = @user #?
render :json => {:M2 => "%064x" % @server_auth}
rescue WRONG_PASSWORD
session[:handshake] = nil
render :json => {:errors => {"password" => ["wrong password"]}}
end
def destroy
session[:user_id] = nil
User.current = nil #?
redirect_to root_path
end
end
|