devise-login-cookie 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +4 -3
- data/devise-login-cookie.gemspec +1 -0
- data/lib/devise-login-cookie.rb +21 -2
- data/lib/devise-login-cookie/version.rb +1 -1
- metadata +18 -5
data/README.md
CHANGED
|
@@ -7,7 +7,6 @@ An extension for Devise which sets a signed login cookie upon authentication, ma
|
|
|
7
7
|
Installation
|
|
8
8
|
------------
|
|
9
9
|
|
|
10
|
-
# TODO: publish gem so this works:
|
|
11
10
|
gem install devise-login-cookie
|
|
12
11
|
|
|
13
12
|
echo 'gem "devise-login-cookie"' >> Gemfile
|
|
@@ -23,13 +22,15 @@ Information
|
|
|
23
22
|
While Devise sets a cookie for Remember Me logins, standard logins are only tracked in the session.
|
|
24
23
|
This extension sets a separate cookie upon authentication.
|
|
25
24
|
|
|
25
|
+
For the `:user` scope, the cookie is named `login_user_token`, consistent with `remember_user_token` from rememberable.
|
|
26
|
+
|
|
27
|
+
The cookie is deleted via the before_logout Warden hook.
|
|
28
|
+
|
|
26
29
|
|
|
27
30
|
TODO
|
|
28
31
|
----
|
|
29
32
|
|
|
30
|
-
* Cookie is being set on signin; need to delete on signout.
|
|
31
33
|
* Cookie is write-only; create a Warden strategy to consume cookie for login.
|
|
32
|
-
* Rails signed cookies use Marshal.dump; implement a simpler cross-platform HMAC signing.
|
|
33
34
|
|
|
34
35
|
|
|
35
36
|
Meh
|
data/devise-login-cookie.gemspec
CHANGED
data/lib/devise-login-cookie.rb
CHANGED
|
@@ -3,15 +3,21 @@ module DeviseLoginCookie
|
|
|
3
3
|
def success!(resource)
|
|
4
4
|
super
|
|
5
5
|
if succeeded?
|
|
6
|
-
cookies
|
|
6
|
+
cookies["login_#{scope}_token"] = cookie_values(resource)
|
|
7
7
|
end
|
|
8
8
|
end
|
|
9
9
|
|
|
10
|
+
def delete_cookie(record, warden, options)
|
|
11
|
+
cookie_options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
|
12
|
+
warden.cookies.delete("login_#{options[:scope]}_token", cookie_options)
|
|
13
|
+
end
|
|
14
|
+
module_function :delete_cookie
|
|
15
|
+
|
|
10
16
|
#########
|
|
11
17
|
protected
|
|
12
18
|
|
|
13
19
|
def cookie_values(resource)
|
|
14
|
-
value = [ resource.id, Time.now.to_i ]
|
|
20
|
+
value = sign [ resource.id, Time.now.to_i ]
|
|
15
21
|
options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
|
16
22
|
options.merge! :value => value
|
|
17
23
|
options
|
|
@@ -21,6 +27,19 @@ module DeviseLoginCookie
|
|
|
21
27
|
@result == :success
|
|
22
28
|
end
|
|
23
29
|
|
|
30
|
+
#######
|
|
31
|
+
private
|
|
32
|
+
|
|
33
|
+
def sign(input)
|
|
34
|
+
require 'signed_json'
|
|
35
|
+
signer = SignedJson::Signer.new(Rails.configuration.secret_token)
|
|
36
|
+
signer.encode input
|
|
37
|
+
end
|
|
38
|
+
|
|
24
39
|
end
|
|
25
40
|
|
|
26
41
|
Devise::Strategies::Authenticatable.send :include, DeviseLoginCookie
|
|
42
|
+
|
|
43
|
+
Warden::Manager.before_logout do |record, warden, options|
|
|
44
|
+
DeviseLoginCookie::delete_cookie record, warden, options
|
|
45
|
+
end
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
9
|
-
version: 0.0.
|
|
8
|
+
- 2
|
|
9
|
+
version: 0.0.2
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Paul Annesley
|
|
@@ -14,13 +14,26 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2010-11-
|
|
17
|
+
date: 2010-11-07 00:00:00 +11:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
|
-
name:
|
|
21
|
+
name: signed_json
|
|
22
22
|
prerelease: false
|
|
23
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
+
none: false
|
|
25
|
+
requirements:
|
|
26
|
+
- - ">="
|
|
27
|
+
- !ruby/object:Gem::Version
|
|
28
|
+
segments:
|
|
29
|
+
- 0
|
|
30
|
+
version: "0"
|
|
31
|
+
type: :runtime
|
|
32
|
+
version_requirements: *id001
|
|
33
|
+
- !ruby/object:Gem::Dependency
|
|
34
|
+
name: devise
|
|
35
|
+
prerelease: false
|
|
36
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
24
37
|
none: false
|
|
25
38
|
requirements:
|
|
26
39
|
- - ~>
|
|
@@ -31,7 +44,7 @@ dependencies:
|
|
|
31
44
|
- 0
|
|
32
45
|
version: 1.1.0
|
|
33
46
|
type: :runtime
|
|
34
|
-
version_requirements: *
|
|
47
|
+
version_requirements: *id002
|
|
35
48
|
description: Devise sets a "remember_token" cookie for Remember Me logins, but not for standard logins. This extension sets a separate cookie on login, which makes sharing login state between same-domain web applications easier.
|
|
36
49
|
email:
|
|
37
50
|
- paul@annesley.cc
|