remember me on login

2010-11-13 19:42:56 -05:00 · 2010-11-13 19:42:56 -05:00 · d81c08f866
commit d81c08f866
parent 9b0cf8b597
7 changed files with 54 additions and 27 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -18,6 +18,7 @@ class SessionsController < ApplicationController
  
  def destroy
    warden.logout
+    cookies.delete :remember_me
    redirect_to (params[:return_to] || root_path)
  end
  
--- a/config/initializers/.gitignore
+++ b/config/initializers/.gitignore
@ -0,0 +1 @@
+cookie_verification_secret.rb
--- a/config/initializers/cookie_verification_secret.rb
+++ b/config/initializers/cookie_verification_secret.rb
@ -1,7 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random, 
-# no regular words or you'll be exposed to dictionary attacks.
-Rails.application.config.secret_token = '03a62dcef9d831912de9f0c1815e6226981b880195184893803ae0d3c4e696c52102f2deb611ccbeb2c7b90bd9d30a78c7fad62fec908a20d048449e6d10b7f9'
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@ -1,5 +1,5 @@
 Rails.configuration.middleware.use RailsWarden::Manager do |manager|
-  manager.default_strategies :openneo_auth_token
+  manager.default_strategies :openneo_auth_remember, :openneo_auth_token
  manager.failure_app = SessionsController.action(:failure)
 end

@ -11,7 +11,11 @@ Openneo::Auth.configure do |config|
    config.send("#{key}=", value)
  end
  
-  config.user_finder do |user_data|
+  config.remote_auth_user_finder do |user_data|
    User.find_or_create_from_remote_auth_data(user_data)
  end
+  
+  config.remember_user_finder do |id|
+    User.find_by_id(id)
+  end
 end
--- a/lib/openneo-auth.rb
+++ b/lib/openneo-auth.rb
@ -1,20 +1,30 @@
 require 'openneo-auth/session'
 require 'openneo-auth/strategy'

-Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategy
+Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategies::Token
+Warden::Strategies.add :openneo_auth_remember, Openneo::Auth::Strategies::Remember

 module Openneo
  module Auth
    class Config
      attr_accessor :app, :auth_server, :secret
      
-      def find_user(data)
-        raise "Must set a user finder for Openneo Auth to find a user" unless @user_finder
-        @user_finder.call(data)
+      def find_user_with_remote_auth(data)
+        raise "Must set a remote user finder for Openneo Auth to find a user" unless @remote_auth_user_finder
+        @remote_auth_user_finder.call(data)
      end
      
-      def user_finder(&block)
-        @user_finder = block
+      def find_user_by_remembering(id)
+        raise "Must set a remember user finder for Openneo Auth to find a user" unless @remember_user_finder
+        @remember_user_finder.call(id)
+      end
+      
+      def remote_auth_user_finder(&block)
+        @remote_auth_user_finder = block
+      end
+      
+      def remember_user_finder(&block)
+        @remember_user_finder = block
      end
    end
      
--- a/lib/openneo-auth/session.rb
+++ b/lib/openneo-auth/session.rb
@ -48,7 +48,7 @@ module Openneo
      end
      
      def user
-        Auth.config.find_user(@message['user'])
+        Auth.config.find_user_with_remote_auth(@message['user'])
      end
      
      def self.from_params(params)
--- a/lib/openneo-auth/strategy.rb
+++ b/lib/openneo-auth/strategy.rb
@ -2,19 +2,37 @@ require 'warden'

 module Openneo
  module Auth
-    class Strategy < Warden::Strategies::Base
-      def valid?
-        session && session[:session_id]
+    module Strategies
+      class Token < Warden::Strategies::Base
+        def valid?
+          session && session[:session_id]
+        end
+        
+        def authenticate!
+          begin
+            auth_session = Session.find session[:session_id]
+          rescue Session::NotFound => e
+            fail! e.message
+          else
+            auth_session.destroy!
+            cookies.permanent.signed[:remember_me] = auth_session.user.id
+            success! auth_session.user
+          end
+        end
      end
      
-      def authenticate!
-        begin
-          auth_session = Session.find session[:session_id]
-        rescue Session::NotFound => e
-          fail! e.message
-        else
-          auth_session.destroy!
-          success! auth_session.user
+      class Remember < Warden::Strategies::Base
+        def valid?
+          cookies.signed[:remember_me]
+        end
+        
+        def authenticate!
+          user = Auth.config.find_user_by_remembering cookies.signed[:remember_me]
+          if user
+            success! user
+          else
+            fail!
+          end
        end
      end
    end