-
-
Save suhovius/a287475f94adcf5d74cc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Rails.configuration.middleware.use Rack::OpenID | |
Rails.configuration.middleware.use RailsWarden::Manager do |manager| | |
manager.default_strategies :remember_me_token, :password_form, :api_token, :openid | |
manager.failure_app = ExceptionsController | |
end | |
# Setup Session Serialization | |
class Warden::SessionSerializer | |
def serialize(record) | |
[record.class, record.id] | |
end | |
def deserialize(keys) | |
klass, id = keys | |
klass.get(id) | |
end | |
end | |
# Remember-me cookie strategy | |
class RememberMeTokenStrategy < Warden::Strategies::Base | |
def authenticate! | |
if cookies[:remember_me_token] | |
u = User.authenticate_with_remember_me_token(cookies[:remember_me_token]) | |
u && success!(u) | |
end | |
end | |
end | |
Warden::Strategies.add(:remember_me_token, RememberMeTokenStrategy) | |
# Password form strategy | |
class PasswordFormStrategy < Warden::Strategies::Base | |
def authenticate! | |
if (login = request.params[:login]) && (password = request.params[:password]) | |
user = User.first(:email => login) | |
if user | |
if user.active? | |
if User.authenticate(login, password) | |
if request.params[:remember_me] == "1" | |
user.remember_me! | |
cookies['remember_me_token'] = { :value => user.remember_me_token, :expires => Time.parse(user.remember_me_token_expires_at.to_s) } | |
end | |
success! user | |
else | |
fail! "Invalid email/password combination" | |
end | |
else | |
fail! "Sorry, you need to activate your account first" | |
end | |
else | |
fail! "Invalid email/password combination" | |
end | |
end | |
end | |
end | |
Warden::Strategies.add(:password_form, PasswordFormStrategy) | |
# API token strategy | |
class ApiTokenStrategy < Warden::Strategies::Base | |
def authenticate! | |
if token = request.params[:api_token] | |
user = User.authenticate_with_api_token(token.strip) | |
user.nil? ? fail! : success!(user) | |
end | |
end | |
end | |
Warden::Strategies.add(:api_token, ApiTokenStrategy) | |
# OpenID strategy | |
class OpenIDStrategy < Warden::Strategies::Base | |
def authenticate! | |
if resp = request.env['rack.openid.response'] | |
if [:failure, :missing].include?(resp.status) | |
fail! "OpenID authentication failed" | |
elsif resp.status == :cancel | |
fail! "OpenID authentication canceled" | |
elsif resp.status == :success | |
if user = User.first(:identity_url => resp.identity_url) | |
success! user | |
else | |
request.session['openid.url'] = resp.identity_url | |
sreg_response = ::OpenID::SReg::Response.from_success_response(resp) | |
request.session['openid.email'] = sreg_response.data["email"] | |
custom!([302, { "Location" => Rails::Application.routes.generate({ :use_route => :signup }) }, []]) | |
end | |
end | |
elsif openid_url = request.params[:openid_url] | |
if openid_url.blank? | |
fail! "Please enter OpenID URL" | |
else | |
return_to = request.url | |
if request.params[:remember_me] == "1" | |
return_to << "?remember_me=1" | |
end | |
custom!([401, { "WWW-Authenticate" => Rack::OpenID.build_header(:identifier => openid_url, :return_to => return_to, :optional => ["email"]) }, []]) | |
end | |
end | |
end | |
end | |
Warden::Strategies.add(:openid, OpenIDStrategy) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment