devise-login-cookie 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -7,7 +7,6 @@ An extension for Devise which sets a signed login cookie upon authentication, ma
7
7
  Installation
8
8
  ------------
9
9
 
10
- # TODO: publish gem so this works:
11
10
  gem install devise-login-cookie
12
11
 
13
12
  echo 'gem "devise-login-cookie"' >> Gemfile
@@ -23,13 +22,15 @@ Information
23
22
  While Devise sets a cookie for Remember Me logins, standard logins are only tracked in the session.
24
23
  This extension sets a separate cookie upon authentication.
25
24
 
25
+ For the `:user` scope, the cookie is named `login_user_token`, consistent with `remember_user_token` from rememberable.
26
+
27
+ The cookie is deleted via the before_logout Warden hook.
28
+
26
29
 
27
30
  TODO
28
31
  ----
29
32
 
30
- * Cookie is being set on signin; need to delete on signout.
31
33
  * Cookie is write-only; create a Warden strategy to consume cookie for login.
32
- * Rails signed cookies use Marshal.dump; implement a simpler cross-platform HMAC signing.
33
34
 
34
35
 
35
36
  Meh
@@ -19,6 +19,7 @@ Gem::Specification.new do |s|
19
19
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
20
20
  s.require_paths = ["lib"]
21
21
 
22
+ s.add_dependency("signed_json")
22
23
  s.add_runtime_dependency("devise", ["~> 1.1.0"])
23
24
 
24
25
  end
@@ -3,15 +3,21 @@ module DeviseLoginCookie
3
3
  def success!(resource)
4
4
  super
5
5
  if succeeded?
6
- cookies.signed["login_#{scope}_token"] = cookie_values(resource)
6
+ cookies["login_#{scope}_token"] = cookie_values(resource)
7
7
  end
8
8
  end
9
9
 
10
+ def delete_cookie(record, warden, options)
11
+ cookie_options = Rails.configuration.session_options.slice(:path, :domain, :secure)
12
+ warden.cookies.delete("login_#{options[:scope]}_token", cookie_options)
13
+ end
14
+ module_function :delete_cookie
15
+
10
16
  #########
11
17
  protected
12
18
 
13
19
  def cookie_values(resource)
14
- value = [ resource.id, Time.now.to_i ]
20
+ value = sign [ resource.id, Time.now.to_i ]
15
21
  options = Rails.configuration.session_options.slice(:path, :domain, :secure)
16
22
  options.merge! :value => value
17
23
  options
@@ -21,6 +27,19 @@ module DeviseLoginCookie
21
27
  @result == :success
22
28
  end
23
29
 
30
+ #######
31
+ private
32
+
33
+ def sign(input)
34
+ require 'signed_json'
35
+ signer = SignedJson::Signer.new(Rails.configuration.secret_token)
36
+ signer.encode input
37
+ end
38
+
24
39
  end
25
40
 
26
41
  Devise::Strategies::Authenticatable.send :include, DeviseLoginCookie
42
+
43
+ Warden::Manager.before_logout do |record, warden, options|
44
+ DeviseLoginCookie::delete_cookie record, warden, options
45
+ end
@@ -1,3 +1,3 @@
1
1
  module DeviseLoginCookie
2
- VERSION = "0.0.1"
2
+ VERSION = "0.0.2"
3
3
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 0
8
- - 1
9
- version: 0.0.1
8
+ - 2
9
+ version: 0.0.2
10
10
  platform: ruby
11
11
  authors:
12
12
  - Paul Annesley
@@ -14,13 +14,26 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-11-04 00:00:00 +11:00
17
+ date: 2010-11-07 00:00:00 +11:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
- name: devise
21
+ name: signed_json
22
22
  prerelease: false
23
23
  requirement: &id001 !ruby/object:Gem::Requirement
24
+ none: false
25
+ requirements:
26
+ - - ">="
27
+ - !ruby/object:Gem::Version
28
+ segments:
29
+ - 0
30
+ version: "0"
31
+ type: :runtime
32
+ version_requirements: *id001
33
+ - !ruby/object:Gem::Dependency
34
+ name: devise
35
+ prerelease: false
36
+ requirement: &id002 !ruby/object:Gem::Requirement
24
37
  none: false
25
38
  requirements:
26
39
  - - ~>
@@ -31,7 +44,7 @@ dependencies:
31
44
  - 0
32
45
  version: 1.1.0
33
46
  type: :runtime
34
- version_requirements: *id001
47
+ version_requirements: *id002
35
48
  description: Devise sets a "remember_token" cookie for Remember Me logins, but not for standard logins. This extension sets a separate cookie on login, which makes sharing login state between same-domain web applications easier.
36
49
  email:
37
50
  - paul@annesley.cc