exvo_auth 0.16.0 → 0.16.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +15 -2
- data/lib/exvo_auth/controllers/base.rb +17 -5
- data/lib/exvo_auth/version.rb +1 -1
- metadata +2 -2
data/README.md
CHANGED
@@ -182,18 +182,31 @@ You have a handy methods available in controllers (and views in Rails): `sign_in
|
|
182
182
|
|
183
183
|
## Require authentication in your controllers
|
184
184
|
|
185
|
-
|
185
|
+
If you want to protect your controllers from unauthorized access, you can add in your `ApplicationController` (for all controllers) or in some controller:
|
186
186
|
|
187
187
|
```ruby
|
188
188
|
before_filter :authenticate_user!
|
189
189
|
```
|
190
190
|
|
191
|
+
If your application requires being accessed by a not logged in users, but you would still like to display a "logged in" state for users, which are logged in, you can unobtrusively authenticate such users by adding this in your controller(s):
|
192
|
+
|
193
|
+
```ruby
|
194
|
+
before_filter :unobtrusively_authenticate_user_from_cookie
|
195
|
+
```
|
196
|
+
|
197
|
+
|
198
|
+
## Signle Sign On
|
199
|
+
|
200
|
+
All Exvo applications use the Single Sign On mechanism with a shared cookie visible to all apps using the exvo.com domain. This is a signed cookie (HMAC), that cannot be tampered with.
|
201
|
+
|
202
|
+
After signing in or signin up Exvo Auth, this cookie is set and from this moment each application will authenticate the user based only on this cookie. Signing out will delete this cookie.
|
203
|
+
|
204
|
+
|
191
205
|
## Fetching user information
|
192
206
|
|
193
207
|
All info about any particular user can be obtained using auth api (`/users/uid.json` path).
|
194
208
|
|
195
209
|
|
196
|
-
|
197
210
|
## Inter-Application Communication
|
198
211
|
|
199
212
|
You need to have "App Authorization" created by Exvo first.
|
@@ -21,15 +21,23 @@ module ExvoAuth::Controllers::Base
|
|
21
21
|
# when user signs out, but his session remains in one or more apps)
|
22
22
|
def authenticate_user_from_cookie
|
23
23
|
if cookies[:user_uid]
|
24
|
-
|
24
|
+
set_user_session_from_cookie
|
25
25
|
else
|
26
26
|
sign_out_user
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
30
|
-
#
|
30
|
+
# Single Sign On - Authenticate user from cookie if cookie is present
|
31
|
+
# but don't do anything if the cookie is not present
|
32
|
+
def unobtrusively_authenticate_user_from_cookie
|
33
|
+
if cookies[:user_uid]
|
34
|
+
set_user_session_from_cookie
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
# Omniauth - Usually this method is called from your sessions#create.
|
31
39
|
def sign_in_and_redirect!
|
32
|
-
|
40
|
+
set_user_session_from_oauth
|
33
41
|
set_user_cookie
|
34
42
|
|
35
43
|
url = if params[:state] == "popup"
|
@@ -100,10 +108,14 @@ module ExvoAuth::Controllers::Base
|
|
100
108
|
raise "Implement find_or_create_user_by_uid in a controller"
|
101
109
|
end
|
102
110
|
|
103
|
-
def
|
111
|
+
def set_user_session_from_oauth
|
104
112
|
session[:user_uid] = auth_hash["uid"]
|
105
113
|
end
|
106
114
|
|
115
|
+
def set_user_session_from_cookie
|
116
|
+
session[:user_uid] = verifier.verify(cookies[:user_uid])
|
117
|
+
end
|
118
|
+
|
107
119
|
def set_user_cookie
|
108
120
|
cookies[:user_uid] = {
|
109
121
|
:value => verifier.generate(current_user.uid),
|
@@ -117,7 +129,7 @@ module ExvoAuth::Controllers::Base
|
|
117
129
|
end
|
118
130
|
|
119
131
|
def sign_out_user
|
120
|
-
session.
|
132
|
+
session.delete(:user_uid)
|
121
133
|
cookies.delete(:user_uid, :domain => Exvo::Helpers.sso_cookie_domain)
|
122
134
|
remove_instance_variable(:@current_user) if instance_variable_defined?(:@current_user)
|
123
135
|
end
|
data/lib/exvo_auth/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: exvo_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.16.
|
4
|
+
version: 0.16.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2012-06-
|
13
|
+
date: 2012-06-20 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: httparty
|