exvo_auth 0.16.0 → 0.16.1

data/README.md

@@ -182,18 +182,31 @@ You have a handy methods available in controllers (and views in Rails): `sign_in
 
 ## Require authentication in your controllers
 
-In `ApplicationController` (for all controllers) or in some controller just add:
+If you want to protect your controllers from unauthorized access, you can add in your `ApplicationController` (for all controllers) or in some controller:
 
 ```ruby
 before_filter :authenticate_user!
 ```
 
+If your application requires being accessed by a not logged in users, but you would still like to display a "logged in" state for users, which are logged in, you can unobtrusively authenticate such users by adding this in your controller(s):
+
+```ruby
+before_filter :unobtrusively_authenticate_user_from_cookie
+```
+
+
+## Signle Sign On
+
+All Exvo applications use the Single Sign On mechanism with a shared cookie visible to all apps using the exvo.com domain. This is a signed cookie (HMAC), that cannot be tampered with.
+
+After signing in or signin up Exvo Auth, this cookie is set and from this moment each application will authenticate the user based only on this cookie. Signing out will delete this cookie.
+
+
 ## Fetching user information
 
 All info about any particular user can be obtained using auth api (`/users/uid.json` path).
 
 
-
 ## Inter-Application Communication
 
 You need to have "App Authorization" created by Exvo first.

data/lib/exvo_auth/controllers/base.rb

@@ -21,15 +21,23 @@ module ExvoAuth::Controllers::Base
   # when user signs out, but his session remains in one or more apps)
   def authenticate_user_from_cookie
     if cookies[:user_uid]
-      session[:user_uid] = verifier.verify(cookies[:user_uid])
+      set_user_session_from_cookie
     else
       sign_out_user
     end
   end
 
-  # Usually this method is called from your sessions#create.
+  # Single Sign On - Authenticate user from cookie if cookie is present
+  # but don't do anything if the cookie is not present
+  def unobtrusively_authenticate_user_from_cookie
+    if cookies[:user_uid]
+      set_user_session_from_cookie
+    end
+  end
+
+  # Omniauth - Usually this method is called from your sessions#create.
   def sign_in_and_redirect!
-    set_user_session
+    set_user_session_from_oauth
     set_user_cookie
 
     url = if params[:state] == "popup"
@@ -100,10 +108,14 @@ module ExvoAuth::Controllers::Base
     raise "Implement find_or_create_user_by_uid in a controller"
   end
 
-  def set_user_session
+  def set_user_session_from_oauth
     session[:user_uid] = auth_hash["uid"]
   end
 
+  def set_user_session_from_cookie
+    session[:user_uid] = verifier.verify(cookies[:user_uid])
+  end
+
   def set_user_cookie
     cookies[:user_uid] = {
       :value => verifier.generate(current_user.uid),
@@ -117,7 +129,7 @@ module ExvoAuth::Controllers::Base
   end
 
   def sign_out_user
-    session.clear
+    session.delete(:user_uid)
     cookies.delete(:user_uid, :domain => Exvo::Helpers.sso_cookie_domain)
     remove_instance_variable(:@current_user) if instance_variable_defined?(:@current_user)
   end

data/lib/exvo_auth/version.rb

@@ -1,3 +1,3 @@
 module ExvoAuth
-  VERSION = "0.16.0"
+  VERSION = "0.16.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: exvo_auth
 version: !ruby/object:Gem::Version
-  version: 0.16.0
+  version: 0.16.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-06-18 00:00:00.000000000 Z
+date: 2012-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty