ca734764a9b1046184fb8ffe874f4f27717d3659 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/8eee21c8147f2ddb7780a19a0843e1c7b83e577c 8eee21c8147f2ddb7780a19a0843e1c7b83e577c 2008-05-16T11:41:55-07:00 2008-05-16T11:41:55-07:00 forward (sigh) porting some things I noticed fixin' up the restful_authentication b8c4055018db2a437269135969b25ced120f724f Philip (flip) Kromer flip@infochimps.org bcc76a19721dae92b1141bf88f77824dc1832726 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/ca734764a9b1046184fb8ffe874f4f27717d3659 ca734764a9b1046184fb8ffe874f4f27717d3659 2008-05-16T11:21:51-07:00 2008-05-16T11:21:51-07:00 forward (sigh) porting some things I noticed fixin' up the restful_authentication 900cf48878fddf637780e2ea93bcf80c3fe28a3d Philip (flip) Kromer flip@infochimps.org e8c752693e61c440d59dbe830e2c96c35b6d2901 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/bcc76a19721dae92b1141bf88f77824dc1832726 bcc76a19721dae92b1141bf88f77824dc1832726 2008-05-16T10:50:11-07:00 2008-05-16T10:50:11-07:00 forward (sigh) porting some things I noticed fixin' up the restful_authentication efa6e5c21fa51fef1ae8bb4164c28d5ddeee918e Philip (flip) Kromer flip@infochimps.org 3bcbd6f0d6eb6d22e50e6696b0c127f4ebcf5b7f Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/e8c752693e61c440d59dbe830e2c96c35b6d2901 e8c752693e61c440d59dbe830e2c96c35b6d2901 2008-05-15T07:54:28-07:00 2008-05-15T07:54:28-07:00 Make checkbox submit right value from last :remember_me on resubmit 0f7f052d5acb71ce330ce2a2b2315832defea871 Philip (flip) Kromer flip@infochimps.org c2ea0d63a1bd6ac68c6bc331ad17957fd0e76d40 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/3bcbd6f0d6eb6d22e50e6696b0c127f4ebcf5b7f 3bcbd6f0d6eb6d22e50e6696b0c127f4ebcf5b7f 2008-05-15T05:45:47-07:00 2008-05-15T05:45:47-07:00 Make (safe) params come back on failed creation 5040b1c0ac00f386ac44e08003aa4eadfe145183 Philip (flip) Kromer flip@infochimps.org f5035d856cac0304c8c344e3f7f1700e4963e92d Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/c2ea0d63a1bd6ac68c6bc331ad17957fd0e76d40 c2ea0d63a1bd6ac68c6bc331ad17957fd0e76d40 2008-05-15T05:43:22-07:00 2008-05-15T05:43:22-07:00 * single point of entry for cookie functions * make it so you are always thoughtful about resetting the session when you logout! * format.any (in access_denied) doesn't work for rails versions < http://dev.rubyonrails.org/changeset/8987 * using single point of entry for auth_token cookie functions * cookies should be regenerated while keeping same expiry date each time we cross quarantine (i.e. log in by password or cookie). Added routines for same. * To the citizens of the future: it is better to send (remember_token) but store hash(remember_token, request_IP) so that a CSRF cookie spoofer has to at least also spoof the user's originating IP * Made specs for all of this * Added specs for the access_denied, access control and http_basic_auth functions bc6d4ca342379f807ae0b7326483259bdc007209 Philip (flip) Kromer flip@infochimps.org c97cd40ac9a8e623d2bf67923401f0eb32e44d3e Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/f5035d856cac0304c8c344e3f7f1700e4963e92d f5035d856cac0304c8c344e3f7f1700e4963e92d 2008-05-15T05:43:22-07:00 2008-05-15T05:43:22-07:00 Pushing in some best practices and DRY code * Differentiated between making a digest (which is one-way & repeatable) and making a token (which should never be repeatable). * Also, used a bit more entropy in the token generation * Used a site specific key for the digest (and token) preparation, and used a different site-key for password and token generation. * using single point of entry for auth_token cookie functions * cookies should be regenerated while keeping same expiry date each time we cross quarantine (i.e. log in by password or cookie). Added routines for same. fcd9367574c182b8268dfe3a3e26c19130c54f76 Philip (flip) Kromer flip@infochimps.org 634387c28339d56b51e9f8fe0c2b6b23273fbeea Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/c97cd40ac9a8e623d2bf67923401f0eb32e44d3e c97cd40ac9a8e623d2bf67923401f0eb32e44d3e 2008-05-15T05:02:54-07:00 2008-05-15T05:02:54-07:00 Made session handling and auth_token cookie handling fit best practices * put in some notes for when we can haz auth policy * we were sending the password back in the response text on errors, which can't be smart (and crosses you up on 'password doesn't mach confirmation' error) * were testing for a case that couldn't happen (found activated user by activation code); fixd * also was sending passwd in re-rendered edit 90dbd93dd6399b2fd755f56bdb719c0c573769ee Philip (flip) Kromer flip@infochimps.org 3e881ae4ee5e976a49101d1c25148f5cceda0b72 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/634387c28339d56b51e9f8fe0c2b6b23273fbeea 634387c28339d56b51e9f8fe0c2b6b23273fbeea 2008-05-15T04:55:00-07:00 2008-05-15T04:55:00-07:00 Got full coverage on users_helper funcs, cleaning up specs to use mocks more a98a7cd38f724ca0619ad236db9ab5069792fdab Philip (flip) Kromer flip@infochimps.org f53f96a67a1753a6354dd2d1a703dac18d415e95 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/3e881ae4ee5e976a49101d1c25148f5cceda0b72 3e881ae4ee5e976a49101d1c25148f5cceda0b72 2008-05-15T04:54:59-07:00 2008-05-15T04:54:59-07:00 Added spec for activate/ with bogus key, cleaning up specs to use mocks more 807a3a17d87d75a8940d73382dfb64952d1619e9 Philip (flip) Kromer flip@infochimps.org 8a30de87b3a48182fcc2a740025fe86792337382 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/f53f96a67a1753a6354dd2d1a703dac18d415e95 f53f96a67a1753a6354dd2d1a703dac18d415e95 2008-05-15T04:54:59-07:00 2008-05-15T04:54:59-07:00 Added tests for new authenticated_system (now have 100% coverage through unit and functional combined 6881d5f2ebac89a03050d8709fbc3d04b0c5cba3 Philip (flip) Kromer flip@infochimps.org 273b41cd1260e10c503cb8f50f7f744847cd7932 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/8a30de87b3a48182fcc2a740025fe86792337382 8a30de87b3a48182fcc2a740025fe86792337382 2008-05-15T04:54:59-07:00 2008-05-15T04:54:59-07:00 Tests for new session handling, got code coverage to 100% and wrote (I think) more vernacular rspec 7e4ce3833601f06c1ae66a814930b3232f9cb1f9 Philip (flip) Kromer flip@infochimps.org f274dd313fb4ef93c99e89ec35045f91c715ccbd Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/273b41cd1260e10c503cb8f50f7f744847cd7932 273b41cd1260e10c503cb8f50f7f744847cd7932 2008-05-15T04:54:58-07:00 2008-05-15T04:54:58-07:00 Made session handline and auth_token cookie handling fit best practices: * session is reset and cookie, if it exists is refreshed keeping same expiry. * Made a single point of entry for token functions. * We don't need to reset_session on signin form, so we can render (and nicely feed the params back to the user) d3ecb45dbbe1527fe908995f474184e646595002 Philip (flip) Kromer flip@infochimps.org 79eb2d16793feb6ae878a6f03d342e9c1cb168fa Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/f274dd313fb4ef93c99e89ec35045f91c715ccbd f274dd313fb4ef93c99e89ec35045f91c715ccbd 2008-05-14T08:00:53-07:00 2008-05-14T08:00:53-07:00 Added lots more users code tests e68962c3ab2aa0ee0487c62c626e60a848c53fd5 Philip (flip) Kromer flip@infochimps.org 5c54669e39342965398c981d8a0d0659d63bc0a1 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/79eb2d16793feb6ae878a6f03d342e9c1cb168fa 79eb2d16793feb6ae878a6f03d342e9c1cb168fa 2008-05-14T07:59:13-07:00 2008-05-14T07:59:13-07:00 fixed rspecs for users helper, put foo_to_IP_addr into one function 46e06f6b94ee16034365e2e6aa1168580ac08c76 Philip (flip) Kromer flip@infochimps.org 196d686b621aadaf4efe94e8bc7ec1c9bdf37ccd Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/5c54669e39342965398c981d8a0d0659d63bc0a1 5c54669e39342965398c981d8a0d0659d63bc0a1 2008-05-14T04:29:13-07:00 2008-05-14T04:29:13-07:00 Killing test case for a bug I've since found was fixed in Edge rails b68f0e031bec4871893a039a21ef634b7308e64a Philip (flip) Kromer flip@infochimps.org 6d7d00bca1cf62a43072c13793a2c37d1e00abad Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/196d686b621aadaf4efe94e8bc7ec1c9bdf37ccd 196d686b621aadaf4efe94e8bc7ec1c9bdf37ccd 2008-05-14T04:28:52-07:00 2008-05-14T04:28:52-07:00 Adding this so I can kill it -- test case for a bug I've since found was fixed in Edge rails 08f8b0abb3a546112e11405376cf169db25c27cd Philip (flip) Kromer flip@infochimps.org 87ce0c76297d04a6b148c9da55681f1d34ffbcd5 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/6d7d00bca1cf62a43072c13793a2c37d1e00abad 6d7d00bca1cf62a43072c13793a2c37d1e00abad 2008-05-13T09:20:31-07:00 2008-05-13T09:20:31-07:00 No index on auth_token -- it's written as often as read. I r dum. b68f0e031bec4871893a039a21ef634b7308e64a Philip (flip) Kromer flip@infochimps.org a93ae959eb59513888493a44c135612cbf158962 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/87ce0c76297d04a6b148c9da55681f1d34ffbcd5 87ce0c76297d04a6b148c9da55681f1d34ffbcd5 2008-05-13T08:26:13-07:00 2008-05-13T08:21:27-07:00 Some notes and comments towards more robust auth b6438b3cb998c12cd2c42addeb3b69990086c40a Philip (flip) Kromer flip@infochimps.org aebcf06e4a5305cb6fdb3b949d63e6cbd42e6b16 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/a93ae959eb59513888493a44c135612cbf158962 a93ae959eb59513888493a44c135612cbf158962 2008-05-13T08:25:55-07:00 2008-05-13T08:21:02-07:00 Some notes and comments towards more robust auth 35b421c5848697b4dcc88dee09fb1197b0df4a49 Philip (flip) Kromer flip@infochimps.org c7bbbb4aef233fd983d2139b14ab0cda29c66a51 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/aebcf06e4a5305cb6fdb3b949d63e6cbd42e6b16 aebcf06e4a5305cb6fdb3b949d63e6cbd42e6b16 2008-05-13T08:25:51-07:00 2008-05-13T08:25:51-07:00 Cherry picking bc2b06ae454e07c2854e78e062d5124891f5573e Philip (flip) Kromer flip@infochimps.org 6344807f87054dd988a3a9327eacce7e902bb815 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/c7bbbb4aef233fd983d2139b14ab0cda29c66a51 c7bbbb4aef233fd983d2139b14ab0cda29c66a51 2008-05-12T02:02:20-07:00 2008-05-12T02:02:20-07:00 Tweaked views a055513606f624cb7084487f90f588c0532da6c1 Philip (flip) Kromer flip@infochimps.org 1e30cae0f47f6b2eda7b15b2dcba4f0c4a753d56 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/6344807f87054dd988a3a9327eacce7e902bb815 6344807f87054dd988a3a9327eacce7e902bb815 2008-05-12T01:50:25-07:00 2008-05-12T01:50:25-07:00 Added a comment about how to make redirect_back_or_default work d3d769e06b0b44d0f6683946799f5ee37f4eba47 Philip (flip) Kromer flip@infochimps.org 1a103a9e83f6b95a31259b310154fb2b1622bb74 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/1e30cae0f47f6b2eda7b15b2dcba4f0c4a753d56 1e30cae0f47f6b2eda7b15b2dcba4f0c4a753d56 2008-05-12T01:49:47-07:00 2008-05-12T01:49:47-07:00 Adding tests for browsing-users-as-resources f8adca6eeec62423ce9fcff288447cb3baa91812 Philip (flip) Kromer flip@infochimps.org 7407d717d5c0631226a24bdf37b59e5647a72155 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/1a103a9e83f6b95a31259b310154fb2b1622bb74 1a103a9e83f6b95a31259b310154fb2b1622bb74 2008-05-12T01:48:19-07:00 2008-05-12T01:48:19-07:00 Layout oopsie 14b0c3afa98d9c4a4708c6ea7da5f090a469e58c Philip (flip) Kromer flip@infochimps.org b2652ee005d124cfde0cba59fb12009e92f14841 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/7407d717d5c0631226a24bdf37b59e5647a72155 7407d717d5c0631226a24bdf37b59e5647a72155 2008-05-12T01:48:04-07:00 2008-05-12T01:48:04-07:00 skinnied the controller a tiny bit 2038b0418f771e3897cd852e5f4ece41c23d4c8f Philip (flip) Kromer flip@infochimps.org 58dd38fd4d76ee21f973b6eac9de34bfc066e8d1 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/b2652ee005d124cfde0cba59fb12009e92f14841 b2652ee005d124cfde0cba59fb12009e92f14841 2008-05-12T01:44:12-07:00 2008-05-12T01:44:12-07:00 Notes on security, trust, etc. 5f5188a3a7df33ebd445f117ad801c4133045875 Philip (flip) Kromer flip@infochimps.org 6dc79d826b1ab16c67c679db9f8812540af814b1 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/58dd38fd4d76ee21f973b6eac9de34bfc066e8d1 58dd38fd4d76ee21f973b6eac9de34bfc066e8d1 2008-05-11T04:44:45-07:00 2008-05-11T04:44:45-07:00 Made the snippet macro prettier. 6755829e06f22f4e8b084df03e329fc6b473d68a Philip (flip) Kromer flip@infochimps.org 603f81c30e5650fd40e61e764778f58392000820 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/6dc79d826b1ab16c67c679db9f8812540af814b1 6dc79d826b1ab16c67c679db9f8812540af814b1 2008-05-11T04:43:31-07:00 2008-05-11T04:43:31-07:00 Made the snippet macro prettier, fixed users_helper_spec.rb f9092d82deb0aaddc0bd19be7c6f86cbf14a10a2 Philip (flip) Kromer flip@infochimps.org 6eb8ae801272b9623b90ce71de206093ea71fb79 Philip (flip) Kromer flip@infochimps.org http://github.com/mrflip/restful_authentication_example/commit/603f81c30e5650fd40e61e764778f58392000820 603f81c30e5650fd40e61e764778f58392000820 2008-05-11T04:03:07-07:00 2008-05-11T04:03:07-07:00 Added a dynamic 'Hello Bob [signout]'vs'Not logged in [signin]' dynamic snippet (using javascript and client-side cookies for smooth page loading 04da47c498a9f1ad60dc14d2cc847433b3e0b551 Philip (flip) Kromer flip@infochimps.org