diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index b1a2a6b1..18c02cd0 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -18,6 +18,7 @@ class SessionsController < ApplicationController def destroy warden.logout + cookies.delete :remember_me redirect_to (params[:return_to] || root_path) end diff --git a/config/initializers/.gitignore b/config/initializers/.gitignore new file mode 100644 index 00000000..118da3eb --- /dev/null +++ b/config/initializers/.gitignore @@ -0,0 +1 @@ +cookie_verification_secret.rb diff --git a/config/initializers/cookie_verification_secret.rb b/config/initializers/cookie_verification_secret.rb deleted file mode 100644 index 3497703e..00000000 --- a/config/initializers/cookie_verification_secret.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Your secret key for verifying the integrity of signed cookies. -# If you change this key, all old signed cookies will become invalid! -# Make sure the secret is at least 30 characters and all random, -# no regular words or you'll be exposed to dictionary attacks. -Rails.application.config.secret_token = '03a62dcef9d831912de9f0c1815e6226981b880195184893803ae0d3c4e696c52102f2deb611ccbeb2c7b90bd9d30a78c7fad62fec908a20d048449e6d10b7f9' diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index 4f5358cb..aba444fe 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -1,5 +1,5 @@ Rails.configuration.middleware.use RailsWarden::Manager do |manager| - manager.default_strategies :openneo_auth_token + manager.default_strategies :openneo_auth_remember, :openneo_auth_token manager.failure_app = SessionsController.action(:failure) end @@ -11,7 +11,11 @@ Openneo::Auth.configure do |config| config.send("#{key}=", value) end - config.user_finder do |user_data| + config.remote_auth_user_finder do |user_data| User.find_or_create_from_remote_auth_data(user_data) end + + config.remember_user_finder do |id| + User.find_by_id(id) + end end diff --git a/lib/openneo-auth.rb b/lib/openneo-auth.rb index 473004cc..7ef1e338 100644 --- a/lib/openneo-auth.rb +++ b/lib/openneo-auth.rb @@ -1,20 +1,30 @@ require 'openneo-auth/session' require 'openneo-auth/strategy' -Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategy +Warden::Strategies.add :openneo_auth_token, Openneo::Auth::Strategies::Token +Warden::Strategies.add :openneo_auth_remember, Openneo::Auth::Strategies::Remember module Openneo module Auth class Config attr_accessor :app, :auth_server, :secret - def find_user(data) - raise "Must set a user finder for Openneo Auth to find a user" unless @user_finder - @user_finder.call(data) + def find_user_with_remote_auth(data) + raise "Must set a remote user finder for Openneo Auth to find a user" unless @remote_auth_user_finder + @remote_auth_user_finder.call(data) end - def user_finder(&block) - @user_finder = block + def find_user_by_remembering(id) + raise "Must set a remember user finder for Openneo Auth to find a user" unless @remember_user_finder + @remember_user_finder.call(id) + end + + def remote_auth_user_finder(&block) + @remote_auth_user_finder = block + end + + def remember_user_finder(&block) + @remember_user_finder = block end end diff --git a/lib/openneo-auth/session.rb b/lib/openneo-auth/session.rb index c4f81998..ddb24e67 100644 --- a/lib/openneo-auth/session.rb +++ b/lib/openneo-auth/session.rb @@ -48,7 +48,7 @@ module Openneo end def user - Auth.config.find_user(@message['user']) + Auth.config.find_user_with_remote_auth(@message['user']) end def self.from_params(params) diff --git a/lib/openneo-auth/strategy.rb b/lib/openneo-auth/strategy.rb index b3e45de3..f32aa5e0 100644 --- a/lib/openneo-auth/strategy.rb +++ b/lib/openneo-auth/strategy.rb @@ -2,19 +2,37 @@ require 'warden' module Openneo module Auth - class Strategy < Warden::Strategies::Base - def valid? - session && session[:session_id] + module Strategies + class Token < Warden::Strategies::Base + def valid? + session && session[:session_id] + end + + def authenticate! + begin + auth_session = Session.find session[:session_id] + rescue Session::NotFound => e + fail! e.message + else + auth_session.destroy! + cookies.permanent.signed[:remember_me] = auth_session.user.id + success! auth_session.user + end + end end - def authenticate! - begin - auth_session = Session.find session[:session_id] - rescue Session::NotFound => e - fail! e.message - else - auth_session.destroy! - success! auth_session.user + class Remember < Warden::Strategies::Base + def valid? + cookies.signed[:remember_me] + end + + def authenticate! + user = Auth.config.find_user_by_remembering cookies.signed[:remember_me] + if user + success! user + else + fail! + end end end end