* fixed session authorization

route · Jan 31, 2011 · 59aecaa · 59aecaa
1 parent 0cf0572
commit 59aecaa
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 26 deletions.
diff --git a/README.rdoc b/README.rdoc
@@ -66,12 +66,6 @@ Put link somewhere, where you want:
 
 By default it uses action create of user_sessions controller. Parameters are identical link_to without block.
 
-* User session
-
-In create action:
-
-  @user_session = UserSession.new(params[:status] ? cookies : params[:user_session])
-
 == Contributing to aavkontakte
 
 * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet

diff --git a/lib/vkontakte.js b/lib/vkontakte.js
@@ -20,6 +20,8 @@ function vkLogin(options) {
     if(response.session) {
       /* User is logged in */
       // need ajax request? $.post(url, response, "script" );
+      response.user_session = response.session;
+      delete response.session;      
       post(options['url'], response, options['authenticity_token'], options['session_key'], options['session_id']);
       if (response.settings){ /* Selected user access settings */ }
     }
@@ -41,7 +43,7 @@ function post(url, params, token, session_key, session_id) {
   authField.setAttribute("value", token);
   form.appendChild(authField);
 
-    var sessionField = document.createElement("input");
+  var sessionField = document.createElement("input");
   sessionField.setAttribute("type", "hidden");
   sessionField.setAttribute("name", session_key);
   sessionField.setAttribute("value", session_id);

diff --git a/lib/vkontakte/authentication.rb b/lib/vkontakte/authentication.rb
@@ -56,7 +56,7 @@ def validate_password_not_vkontakte?
       end
 
       def authenticating_with_vkontakte?
-        vk_id.present? 
+        vk_id.present?
       end
     end
   end

diff --git a/lib/vkontakte/session.rb b/lib/vkontakte/session.rb
@@ -4,7 +4,6 @@ def self.included(klass)
       klass.class_eval do
         extend Config
         include InstanceMethods
-        after_destroy :destroy_vkontakte_cookies
         validate :validate_by_vk_cookie, :if => :authenticating_with_vkontakte?
       end
     end
@@ -26,27 +25,24 @@ def vk_id_field(value = nil)
 
     module InstanceMethods
       private
-      def credentials=(value)
-        super
-        cookies = value.is_a?(Array) ? value.first : value
-        if record_class.vkontakte_enabled_value && cookies && cookies[record_class.vk_app_cookie]
-          @vk_cookies = CGI::parse(cookies[record_class.vk_app_cookie])
-        end
-      end
-
       def authenticating_with_vkontakte?
-        record_class.vkontakte_enabled_value && @vk_cookies
+        if record_class.vkontakte_enabled_value && controller.cookies[record_class.vk_app_cookie].present?
+          delete_cookie(record_class.vk_app_cookie)
+          return true
+        else
+          return false
+        end
       end
 
       def validate_by_vk_cookie
-        result = "expire=%smid=%ssecret=%ssid=%s%s" % [@vk_cookies['expire'], @vk_cookies['mid'], @vk_cookies['secret'], @vk_cookies['sid'], record_class.vk_app_password]
-        if MD5.md5(result).to_s == @vk_cookies['sig'].to_s
+        user_session = controller.params[:user_session]
+        result = "expire=%smid=%ssecret=%ssid=%s%s" % [user_session[:expire], user_session[:mid], user_session[:secret], user_session[:sid], record_class.vk_app_password]
+        if MD5.md5(result).to_s == user_session[:sig].to_s
           raise(NotInitializedError, "You must define vk_id column in your User model") unless record_class.respond_to? find_by_vk_id_method
-          mid_cookie = @vk_cookies['mid'].first
-          possible_record = search_for_record(find_by_vk_id_method, mid_cookie)
+          possible_record = search_for_record(find_by_vk_id_method, user_session[:mid])
           if possible_record.nil?
             possible_record = record_class.new
-            possible_record.send "#{vk_id_field}=", mid_cookie
+            possible_record.send "#{vk_id_field}=", user_session[:mid]
             possible_record.send :persistence_token=, Authlogic::Random.hex_token if possible_record.respond_to? :persistence_token=
             possible_record.send :save, false
           end
@@ -65,9 +61,11 @@ def vk_id_field
       def record_class
         self.class.klass
       end
-
-      def destroy_vkontakte_cookies
-        controller.cookies.delete record_class.vk_app_cookie
+
+      def delete_cookie(key)
+        return unless key
+        domain = controller.request.domain
+        [".#{domain}", "#{domain}"].each { |d| controller.cookies.delete(key, :domain => d) }
       end
     end
   end