Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

* fixed session authorization

  • Loading branch information...
commit 59aecaae6bb4141ba1f51abbafc21692f47574ca 1 parent 0cf0572
Dmitry Vorotilin authored
View
6 README.rdoc
@@ -66,12 +66,6 @@ Put link somewhere, where you want:
By default it uses action create of user_sessions controller. Parameters are identical link_to without block.
-* User session
-
-In create action:
-
- @user_session = UserSession.new(params[:status] ? cookies : params[:user_session])
-
== Contributing to aavkontakte
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
View
4 lib/vkontakte.js
@@ -20,6 +20,8 @@ function vkLogin(options) {
if(response.session) {
/* User is logged in */
// need ajax request? $.post(url, response, "script" );
+ response.user_session = response.session;
+ delete response.session;
post(options['url'], response, options['authenticity_token'], options['session_key'], options['session_id']);
if (response.settings){ /* Selected user access settings */ }
}
@@ -41,7 +43,7 @@ function post(url, params, token, session_key, session_id) {
authField.setAttribute("value", token);
form.appendChild(authField);
- var sessionField = document.createElement("input");
+ var sessionField = document.createElement("input");
sessionField.setAttribute("type", "hidden");
sessionField.setAttribute("name", session_key);
sessionField.setAttribute("value", session_id);
View
2  lib/vkontakte/authentication.rb
@@ -56,7 +56,7 @@ def validate_password_not_vkontakte?
end
def authenticating_with_vkontakte?
- vk_id.present?
+ vk_id.present?
end
end
end
View
34 lib/vkontakte/session.rb
@@ -4,7 +4,6 @@ def self.included(klass)
klass.class_eval do
extend Config
include InstanceMethods
- after_destroy :destroy_vkontakte_cookies
validate :validate_by_vk_cookie, :if => :authenticating_with_vkontakte?
end
end
@@ -26,27 +25,24 @@ def vk_id_field(value = nil)
module InstanceMethods
private
- def credentials=(value)
- super
- cookies = value.is_a?(Array) ? value.first : value
- if record_class.vkontakte_enabled_value && cookies && cookies[record_class.vk_app_cookie]
- @vk_cookies = CGI::parse(cookies[record_class.vk_app_cookie])
- end
- end
-
def authenticating_with_vkontakte?
- record_class.vkontakte_enabled_value && @vk_cookies
+ if record_class.vkontakte_enabled_value && controller.cookies[record_class.vk_app_cookie].present?
+ delete_cookie(record_class.vk_app_cookie)
+ return true
+ else
+ return false
+ end
end
def validate_by_vk_cookie
- result = "expire=%smid=%ssecret=%ssid=%s%s" % [@vk_cookies['expire'], @vk_cookies['mid'], @vk_cookies['secret'], @vk_cookies['sid'], record_class.vk_app_password]
- if MD5.md5(result).to_s == @vk_cookies['sig'].to_s
+ user_session = controller.params[:user_session]
+ result = "expire=%smid=%ssecret=%ssid=%s%s" % [user_session[:expire], user_session[:mid], user_session[:secret], user_session[:sid], record_class.vk_app_password]
+ if MD5.md5(result).to_s == user_session[:sig].to_s
raise(NotInitializedError, "You must define vk_id column in your User model") unless record_class.respond_to? find_by_vk_id_method
- mid_cookie = @vk_cookies['mid'].first
- possible_record = search_for_record(find_by_vk_id_method, mid_cookie)
+ possible_record = search_for_record(find_by_vk_id_method, user_session[:mid])
if possible_record.nil?
possible_record = record_class.new
- possible_record.send "#{vk_id_field}=", mid_cookie
+ possible_record.send "#{vk_id_field}=", user_session[:mid]
possible_record.send :persistence_token=, Authlogic::Random.hex_token if possible_record.respond_to? :persistence_token=
possible_record.send :save, false
end
@@ -65,9 +61,11 @@ def vk_id_field
def record_class
self.class.klass
end
-
- def destroy_vkontakte_cookies
- controller.cookies.delete record_class.vk_app_cookie
+
+ def delete_cookie(key)
+ return unless key
+ domain = controller.request.domain
+ [".#{domain}", "#{domain}"].each { |d| controller.cookies.delete(key, :domain => d) }
end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.