Skip to content
Browse files

everytime a cookie is created on a browser, it should be unique and r…

…andom. but obv we dont want to forget all other browser we have logged into already. So we have to have one remember_token constant over all browsers
  • Loading branch information...
1 parent 614a594 commit b6a1dc86a5d9eb3ab12d971a9c384c84ca0c39ac @mooktakim committed
Showing with 16 additions and 9 deletions.
  1. +14 −2 app/models/omnisocial/user.rb
  2. +2 −7 lib/extensions/action_controller/base.rb
View
16 app/models/omnisocial/user.rb
@@ -6,6 +6,10 @@ class User < ActiveRecord::Base
has_many :email_addresses, :dependent => :destroy
accepts_nested_attributes_for :email_addresses
+
+ before_save do
+ self.remember_token = SecureRandom.base64 if self.remember_token.blank?
+ end
def add_email(email)
self.email_addresses.create(:email => email) unless self.email_addresses.exists?(:email => email.downcase)
@@ -68,13 +72,21 @@ def to_param
self.id.to_s
end
end
+
+ def self.find_with_remember_token(tok)
+ return nil if tok.blank?
+ toks = tok.split("|")
+ toks.shift
+ return nil if (tok = toks.join("|")).blank?
+ where(:remember_token => tok).first
+ end
def remember
- update_attributes(:remember_token => ::BCrypt::Password.create("#{Time.now}-#{self.login_account.type}-#{self.login}")) unless new_record?
+ "#{Time.now.to_i}|#{remember_token}"
end
def forget
- update_attributes(:remember_token => nil) unless new_record?
+ update_attributes(:remember_token => SecureRandom.base64) unless new_record?
end
end
end
View
9 lib/extensions/action_controller/base.rb
@@ -48,11 +48,7 @@ def session_login
end
def cookie_login
- return nil if cookies.signed[:remember_token].blank?
- user = User.where(:remember_token => cookies.signed[:remember_token]).first
- current_user = user if user
- rescue
- nil
+ User.find_with_remember_token(cookies.signed[:remember_token])
end
def current_user?
@@ -61,9 +57,8 @@ def current_user?
def current_user=(user)
user.tap do |user|
- user.remember
session[:user_id] = user.id
- cookies.permanent.signed[:remember_token] = user.remember_token
+ cookies.permanent.signed[:remember_token] = user.remember
end
end

0 comments on commit b6a1dc8

Please sign in to comment.
Something went wrong with that request. Please try again.