Skip to content
Browse files

Merge pull request #31 from phlipper/move-sessions-to-cookies

use signed cookies directly vs. accessing session:
  • Loading branch information...
2 parents c8b1e0e + caf2c51 commit 013dd8d10b4ea389c0491b4a0369a73126aadf9b @elskwid elskwid committed
View
11 lib/thincloud/authentication/authenticatable_controller.rb
@@ -17,8 +17,8 @@ module AuthenticatableController
#
# Returns: An instance of `User` or `nil`.
def current_user
- return nil if session[:uid].blank?
- @current_user ||= User.find(session[:uid])
+ return nil if cookies.signed[:uid].blank?
+ @current_user ||= User.find(cookies.signed[:uid])
end
# Protected: Determine if the current request has a logged in user.
@@ -48,7 +48,11 @@ def authenticate!
# Returns: The `id` of the provided user.
def login_as(user)
reset_session # avoid session fixation
- session[:uid] = user.id
+ cookies.signed[:uid] = {
+ value: user.id,
+ secure: request.ssl?,
+ httponly: true
+ }
end
# Protected: Clear the session of an authenticated user.
@@ -56,6 +60,7 @@ def login_as(user)
# Returns: A new empty session instance.
def logout
reset_session
+ cookies.delete(:uid)
end
# Protected: Provides the URL to redirect to after logging in.
View
6 test/controllers/thincloud/authentication/registrations_controller_test.rb
@@ -41,7 +41,7 @@ module Thincloud::Authentication
post :create
end
- it { session[:uid].wont_be_nil }
+ it { cookies.signed[:uid].must_equal user.id }
it { assert_response :redirect }
it { assert_redirected_to "/" }
it { flash[:notice].must_equal "You have been logged in." }
@@ -110,7 +110,7 @@ module Thincloud::Authentication
it { assert_response :redirect }
it { assert_redirected_to "/" }
- it { session[:uid].must_be_nil }
+ it { cookies.signed[:uid].must_be_nil }
it { flash[:notice].must_equal "Check your email to verify your registration." }
it { User.count.must_equal 1 }
it { Identity.count.must_equal 1 }
@@ -138,7 +138,7 @@ module Thincloud::Authentication
it { assert_response :redirect }
it { assert_redirected_to "/" }
- it { session[:uid].must_equal assigns[:identity].user.id }
+ it { cookies.signed[:uid].must_equal assigns[:identity].user.id }
it { flash[:alert].must_be_nil }
it { User.count.must_equal 1 }
it { Identity.count.must_equal 1 }
View
4 test/controllers/thincloud/authentication/sessions_controller_test.rb
@@ -9,6 +9,7 @@ module Thincloud::Authentication
it { assert_response :success }
it { assert_template :new }
+ it { cookies.signed[:uid].must_be_nil }
end
describe "when logged in" do
@@ -26,6 +27,7 @@ module Thincloud::Authentication
it { assert_redirected_to "/" }
it { flash[:notice].must_equal "You have been logged out." }
+ it { cookies.signed[:uid].must_be_nil }
end
describe "GET authenticated" do
@@ -40,7 +42,7 @@ module Thincloud::Authentication
describe "logged in" do
before do
User.stubs(:find).with(123).returns(User.new)
- session[:uid] = 123
+ cookies.signed[:uid] = 123
get :authenticated
end

0 comments on commit 013dd8d

Please sign in to comment.
Something went wrong with that request. Please try again.