Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
  • 12 commits
  • 14 files changed
  • 0 commit comments
  • 2 contributors
Commits on Apr 26, 2013
@phlipper use new .ruby-(version|gemset) file format for RVM 982fd0b
@phlipper ignore bundler artifacts 17f58bb
Commits on Apr 28, 2013
@phlipper filter vendor files, update block syntax aeebe6d
Commits on Apr 29, 2013
@elskwid elskwid Merge pull request #28 from phlipper/project-cleanup
Project Cleanup
30c6abd
@phlipper drop attr_accessible in favor of strong_parameters 127d019
@phlipper add support for background mailer compatibility
* fixes #18
682b9e2
@elskwid elskwid Merge pull request #29 from phlipper/background-mailer-compat
Background Mailer Compatibility
b877ff3
Commits on May 02, 2013
@phlipper explicitly require dependencies:
* this prevents the need to have strong_parameters
  listed in the Gemfile even though it comes along
  as a dependency with this gem.
eb7539b
Commits on May 06, 2013
@elskwid elskwid Merge pull request #30 from phlipper/require-dependencies
explicitly require dependencies:
c8b1e0e
@phlipper use signed cookies directly vs. accessing session:
* this addresses an issue where certain session
  stores would not logout properly via the
  `reset_session` call.
caf2c51
@elskwid elskwid Merge pull request #31 from phlipper/move-sessions-to-cookies
use signed cookies directly vs. accessing session:
013dd8d
@phlipper bump version to 0.5.0 cf4af89
View
2  .gitignore
@@ -9,3 +9,5 @@ test/dummy/tmp/
test/dummy/.sass-cache
coverage/
.rbx/
+bin/
+vendor/bundle/
View
1  .ruby-gemset
@@ -0,0 +1 @@
+thincloud-authentication
View
2  .ruby-version
@@ -1 +1 @@
-1.9.3@thincloud-authentication
+ruby-1.9.3
View
2  app/controllers/thincloud/authentication/registrations_controller.rb
@@ -32,7 +32,7 @@ def create
if omniauth
login_as @identity.user
else
- RegistrationsMailer.verification_token(@identity).deliver
+ RegistrationsMailer.verification_token(@identity.id).deliver
flash[:notice] = "Check your email to verify your registration."
end
redirect_to after_registration_path
View
4 app/mailers/thincloud/authentication/registrations_mailer.rb
@@ -4,8 +4,8 @@ class RegistrationsMailer < ActionMailer::Base
default from: Thincloud::Authentication.configuration.mailer_sender
# New registration verification token
- def verification_token(identity)
- @identity = identity
+ def verification_token(identity_id)
+ @identity = Identity.find(identity_id)
mail to: @identity.email, subject: "Identity Verification"
end
end
View
3  app/models/thincloud/authentication/identity.rb
@@ -5,9 +5,6 @@ class Identity < ::OmniAuth::Identity::Models::ActiveRecord
belongs_to :user
- # Limit the ability to mass-assign sensitive fields.
- attr_accessible :name, :email, :password, :password_confirmation
-
validates :name, presence: true
validates :email, presence: true, uniqueness: true, format: /@/
View
11 lib/thincloud/authentication/authenticatable_controller.rb
@@ -17,8 +17,8 @@ module AuthenticatableController
#
# Returns: An instance of `User` or `nil`.
def current_user
- return nil if session[:uid].blank?
- @current_user ||= User.find(session[:uid])
+ return nil if cookies.signed[:uid].blank?
+ @current_user ||= User.find(cookies.signed[:uid])
end
# Protected: Determine if the current request has a logged in user.
@@ -48,7 +48,11 @@ def authenticate!
# Returns: The `id` of the provided user.
def login_as(user)
reset_session # avoid session fixation
- session[:uid] = user.id
+ cookies.signed[:uid] = {
+ value: user.id,
+ secure: request.ssl?,
+ httponly: true
+ }
end
# Protected: Clear the session of an authenticated user.
@@ -56,6 +60,7 @@ def login_as(user)
# Returns: A new empty session instance.
def logout
reset_session
+ cookies.delete(:uid)
end
# Protected: Provides the URL to redirect to after logging in.
View
3  lib/thincloud/authentication/engine.rb
@@ -1,3 +1,6 @@
+require "rails"
+require "strong_parameters"
+
module Thincloud
module Authentication
View
2  lib/thincloud/authentication/version.rb
@@ -1,5 +1,5 @@
module Thincloud
module Authentication
- VERSION = "0.4.0"
+ VERSION = "0.5.0"
end
end
View
6 test/controllers/thincloud/authentication/registrations_controller_test.rb
@@ -41,7 +41,7 @@ module Thincloud::Authentication
post :create
end
- it { session[:uid].wont_be_nil }
+ it { cookies.signed[:uid].must_equal user.id }
it { assert_response :redirect }
it { assert_redirected_to "/" }
it { flash[:notice].must_equal "You have been logged in." }
@@ -110,7 +110,7 @@ module Thincloud::Authentication
it { assert_response :redirect }
it { assert_redirected_to "/" }
- it { session[:uid].must_be_nil }
+ it { cookies.signed[:uid].must_be_nil }
it { flash[:notice].must_equal "Check your email to verify your registration." }
it { User.count.must_equal 1 }
it { Identity.count.must_equal 1 }
@@ -138,7 +138,7 @@ module Thincloud::Authentication
it { assert_response :redirect }
it { assert_redirected_to "/" }
- it { session[:uid].must_equal assigns[:identity].user.id }
+ it { cookies.signed[:uid].must_equal assigns[:identity].user.id }
it { flash[:alert].must_be_nil }
it { User.count.must_equal 1 }
it { Identity.count.must_equal 1 }
View
4 test/controllers/thincloud/authentication/sessions_controller_test.rb
@@ -9,6 +9,7 @@ module Thincloud::Authentication
it { assert_response :success }
it { assert_template :new }
+ it { cookies.signed[:uid].must_be_nil }
end
describe "when logged in" do
@@ -26,6 +27,7 @@ module Thincloud::Authentication
it { assert_redirected_to "/" }
it { flash[:notice].must_equal "You have been logged out." }
+ it { cookies.signed[:uid].must_be_nil }
end
describe "GET authenticated" do
@@ -40,7 +42,7 @@ module Thincloud::Authentication
describe "logged in" do
before do
User.stubs(:find).with(123).returns(User.new)
- session[:uid] = 123
+ cookies.signed[:uid] = 123
get :authenticated
end
View
2  test/dummy/config/application.rb
@@ -56,7 +56,7 @@ class Application < Rails::Application
# This will create an empty whitelist of attributes available for mass-assignment for all models
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
# parameters by using an attr_accessible or attr_protected declaration.
- config.active_record.whitelist_attributes = true
+ config.active_record.whitelist_attributes = false
# Enable the asset pipeline
config.assets.enabled = true
View
9 test/mailers/thincloud/authentication/registrations_mailer_test.rb
@@ -4,8 +4,13 @@ module Thincloud::Authentication
describe RegistrationsMailer do
describe "#verification_token" do
- let(:identity) { Identity.new(name: "Name", email: "email@example.com") }
- let(:mail) { RegistrationsMailer.verification_token(identity) }
+ let(:identity) {
+ Identity.create!(
+ name: "Name", email: "email@example.com", user_id: 123,
+ password: "test123", password_confirmation: "test123"
+ )
+ }
+ let(:mail) { RegistrationsMailer.verification_token(identity.id) }
it { mail.subject.must_equal "Identity Verification" }
it { mail.to.must_equal ["email@example.com"] }
View
10 test/minitest_helper.rb
@@ -1,10 +1,12 @@
if RUBY_ENGINE == "ruby"
begin
require "simplecov"
- SimpleCov.add_filter "test"
- SimpleCov.add_filter "config"
- SimpleCov.command_name "MiniTest"
- SimpleCov.start
+ SimpleCov.start "rails" do
+ add_filter "test"
+ add_filter "config"
+ add_filter "vendor"
+ command_name "MiniTest"
+ end
rescue LoadError
warn "unable to load SimpleCov"
end

No commit comments for this range

Something went wrong with that request. Please try again.