Permalink
Browse files

remember user login based off of token in permanent cookie instead of…

… temporary session - closes #5
  • Loading branch information...
1 parent a51f468 commit 0910438c66c85b84d739ccca63ec2e222ec719d9 @ryanb committed Oct 28, 2010
@@ -15,7 +15,7 @@ def create
end
def destroy
- session[:user_id] = nil
+ forget_user
flash[:notice] = "You have been logged out."
redirect_to root_url
end
@@ -17,7 +17,7 @@ def new
def create
@user = User.new(params[:user])
if @user.save
- session[:user_id] = @user.id
+ remember_user(@user)
flash[:notice] = "Thank you for signing up! You are now logged in."
redirect_to root_url
else
@@ -1,9 +1,11 @@
class AddTokenToUsers < ActiveRecord::Migration
def self.up
add_column :users, :token, :string
+ add_index :users, :token
end
def self.down
+ remove_index :user, :token
remove_column :users, :token
end
end
@@ -21,7 +21,15 @@ def self.included(controller)
end
def current_user
- @current_user ||= User.find(session[:user_id]) if session[:user_id]
+ @current_user ||= fetch_current_user
+ end
+
+ def fetch_current_user
+ if session[:user_id]
+ User.find_by_id(session[:user_id])
+ elsif cookies[:token]
+ User.find_by_token(cookies[:token])
+ end
end
def current_user_or_guest
@@ -54,7 +62,12 @@ def redirect_to_target_or_default(default)
end
def remember_user(user)
- session[:user_id] = user.id
+ cookies.permanent[:token] = user.token
+ end
+
+ def forget_user
+ session[:user_id] = nil
+ cookies.delete(:token)
end
private
@@ -15,7 +15,7 @@
request.env["omniauth.auth"] = {"provider" => "foo", "uid" => "123"}
post :create
response.should redirect_to(root_url)
- session[:user_id].should == user.id
+ cookies["token"].should == user.token
end
it "create action should add authentication when logged in to a full user" do
@@ -31,7 +31,7 @@
request.env["omniauth.auth"] = {"provider" => "bar", "uid" => "789", "user_info" => {}}
post :create
response.should redirect_to(edit_current_user_url)
- session[:user_id].should_not be_nil
+ cookies["token"].should_not be_nil
session[:omniauth].should_not be_nil
end
@@ -41,7 +41,7 @@
request.env["omniauth.auth"] = {"provider" => "bar", "uid" => "123", "user_info" => {"email" => "foo@example.com", "nickname" => "foo"}}
post :create
response.should redirect_to(root_url)
- session[:user_id].should_not be_nil
+ cookies["token"].should_not be_nil
session[:omniauth].should be_nil
end
@@ -63,7 +63,7 @@
request.env["omniauth.auth"] = {"provider" => "foo", "uid" => "123"}
post :create
response.should redirect_to(root_url)
- session[:user_id].should == user.id
+ cookies["token"].should == user.token
game.reload.black_player.should == user
end
end
@@ -12,7 +12,7 @@
it "should add a move and respond with javascript" do
game = Factory(:game)
- session[:user_id] = game.current_player.id
+ @controller.stubs(:current_user).returns(game.current_player)
post "create", :game_id => game.id, :format => "js", :move => "aa"
response.should be_success
end
@@ -13,13 +13,14 @@
User.stubs(:authenticate).returns(nil)
post :create
response.should render_template(:new)
- session['user_id'].should be_nil
+ cookies["token"].should be_nil
end
it "create action should redirect when authentication is valid" do
- User.stubs(:authenticate).returns(User.first)
+ user = Factory(:user)
+ User.stubs(:authenticate).returns(user)
post :create
response.should redirect_to("/")
- session['user_id'].should == User.first.id
+ cookies["token"].should == user.token
end
end
@@ -31,7 +31,7 @@
User.any_instance.stubs(:valid?).returns(true)
post :create
response.should redirect_to("/")
- session['user_id'].should == assigns['user'].id
+ cookies["token"].should == assigns["user"].token
end
it "edit action should redirect when not logged in" do

0 comments on commit 0910438

Please sign in to comment.