devise-login-cookie 0.0.1 → 0.0.2

data/README.md

@@ -7,7 +7,6 @@ An extension for Devise which sets a signed login cookie upon authentication, ma
 Installation
 ------------
 
-    # TODO: publish gem so this works:
     gem install devise-login-cookie
 
     echo 'gem "devise-login-cookie"' >> Gemfile
@@ -23,13 +22,15 @@ Information
 While Devise sets a cookie for Remember Me logins, standard logins are only tracked in the session.
 This extension sets a separate cookie upon authentication.
 
+For the `:user` scope, the cookie is named `login_user_token`, consistent with `remember_user_token` from rememberable.
+
+The cookie is deleted via the before_logout Warden hook.
+
 
 TODO
 ----
 
-* Cookie is being set on signin; need to delete on signout.
 * Cookie is write-only; create a Warden strategy to consume cookie for login.
-* Rails signed cookies use Marshal.dump; implement a simpler cross-platform HMAC signing.
 
 
 Meh

data/devise-login-cookie.gemspec

@@ -19,6 +19,7 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
 
+  s.add_dependency("signed_json")
   s.add_runtime_dependency("devise", ["~> 1.1.0"])
 
 end

data/lib/devise-login-cookie.rb

@@ -3,15 +3,21 @@ module DeviseLoginCookie
   def success!(resource)
     super
     if succeeded?
-      cookies.signed["login_#{scope}_token"] = cookie_values(resource)
+      cookies["login_#{scope}_token"] = cookie_values(resource)
     end
   end
 
+  def delete_cookie(record, warden, options)
+    cookie_options = Rails.configuration.session_options.slice(:path, :domain, :secure)
+    warden.cookies.delete("login_#{options[:scope]}_token", cookie_options)
+  end
+  module_function :delete_cookie
+
   #########
   protected
 
   def cookie_values(resource)
-    value = [ resource.id, Time.now.to_i ]
+    value = sign [ resource.id, Time.now.to_i ]
     options = Rails.configuration.session_options.slice(:path, :domain, :secure)
     options.merge! :value => value
     options
@@ -21,6 +27,19 @@ module DeviseLoginCookie
     @result == :success
   end
 
+  #######
+  private
+
+  def sign(input)
+    require 'signed_json'
+    signer = SignedJson::Signer.new(Rails.configuration.secret_token)
+    signer.encode input
+  end
+
 end
 
 Devise::Strategies::Authenticatable.send :include, DeviseLoginCookie
+
+Warden::Manager.before_logout do |record, warden, options|
+  DeviseLoginCookie::delete_cookie record, warden, options
+end

data/lib/devise-login-cookie/version.rb

@@ -1,3 +1,3 @@
 module DeviseLoginCookie
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - Paul Annesley
@@ -14,13 +14,26 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-04 00:00:00 +11:00
+date: 2010-11-07 00:00:00 +11:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: devise
+  name: signed_json
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -31,7 +44,7 @@ dependencies:
         - 0
         version: 1.1.0
   type: :runtime
-  version_requirements: *id001
+  version_requirements: *id002
 description: Devise sets a "remember_token" cookie for Remember Me logins, but not for standard logins.  This extension sets a separate cookie on login, which makes sharing login state between same-domain web applications easier.
 email: 
 - paul@annesley.cc