exvo_auth 0.16.1 → 0.16.2

data/README.md

@@ -38,6 +38,7 @@ ENV['AUTH_CLIENT_SECRET'] = "bar"
 ENV['AUTH_DEBUG']         = "true"          # [OPTIONAL] dumps all HTTP traffic to STDERR, useful during development; it *has to be a string, not a boolean*
 ENV['AUTH_REQUIRE_SSL']   = "false"         # [OPTIONAL] disable SSL, useful in development (note that all apps API urls must be http, not https); it *has to be a string, not a boolean*
 ENV['AUTH_HOST']          = "test.exvo.com" # [OPTIONAL] override the default auth host
+ENV['SSO_COOKIE_SECRET']  = "secret"        # Generate using `SecureRandom.hex(16)`
 ```
 
 But you can also set things directly in the `config/application.rb` file (before the middleware declaration):
@@ -48,13 +49,9 @@ Exvo::Helpers.auth_client_secret = "bar"
 Exvo::Helpers.auth_debug         = true            # boolean
 Exvo::Helpers.auth_require_ssl   = false           # boolean
 Exvo::Helpers.auth_host          = "test.exvo.com"
+Exvo::Helpers.sso_cookie_secret  = "secret"
 ```
 
-Add this line to `config/application.rb`:
-
-```ruby
-config.middleware.use ExvoAuth::Middleware
-```
 
 Add routes (Rails example):
 
@@ -191,7 +188,7 @@ before_filter :authenticate_user!
 If your application requires being accessed by a not logged in users, but you would still like to display a "logged in" state for users, which are logged in, you can unobtrusively authenticate such users by adding this in your controller(s):
 
 ```ruby
-before_filter :unobtrusively_authenticate_user_from_cookie
+before_filter :unobtrusively_authenticate_user!
 ```
 
 

data/lib/exvo_auth/controllers/base.rb

@@ -1,7 +1,7 @@
 module ExvoAuth::Controllers::Base
   # A before filter to protect your sensitive actions.
   def authenticate_user!(opts = {})
-    authenticate_user_from_cookie
+    unobtrusively_authenticate_user!
 
     if !signed_in?
       store_request!
@@ -19,7 +19,8 @@ module ExvoAuth::Controllers::Base
   # Single Sign On - Authenticate user from cookie if a cookie is present
   # and delete local session if it's not (this should prevent orphan session problem,
   # when user signs out, but his session remains in one or more apps)
-  def authenticate_user_from_cookie
+  # unobtrusively means that there is no redirect to Exvo Auth if user is not logged in
+  def unobtrusively_authenticate_user!
     if cookies[:user_uid]
       set_user_session_from_cookie
     else
@@ -27,14 +28,6 @@ module ExvoAuth::Controllers::Base
     end
   end
 
-  # Single Sign On - Authenticate user from cookie if cookie is present
-  # but don't do anything if the cookie is not present
-  def unobtrusively_authenticate_user_from_cookie
-    if cookies[:user_uid]
-      set_user_session_from_cookie
-    end
-  end
-
   # Omniauth - Usually this method is called from your sessions#create.
   def sign_in_and_redirect!
     set_user_session_from_oauth
@@ -125,6 +118,7 @@ module ExvoAuth::Controllers::Base
   end
 
   def verifier
+    raise "ENV['SSO_COOKIE_SECRET'] is not set" if Exvo::Helpers.sso_cookie_secret.blank?
     @verifier ||= ActiveSupport::MessageVerifier.new(Exvo::Helpers.sso_cookie_secret)
   end
 

data/lib/exvo_auth/version.rb

@@ -1,3 +1,3 @@
 module ExvoAuth
-  VERSION = "0.16.1"
+  VERSION = "0.16.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: exvo_auth
 version: !ruby/object:Gem::Version
-  version: 0.16.1
+  version: 0.16.2
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-06-20 00:00:00.000000000 Z
+date: 2012-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty