exvo_auth 0.16.1 → 0.16.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +3 -6
- data/lib/exvo_auth/controllers/base.rb +4 -10
- data/lib/exvo_auth/version.rb +1 -1
- metadata +2 -2
data/README.md
CHANGED
@@ -38,6 +38,7 @@ ENV['AUTH_CLIENT_SECRET'] = "bar"
|
|
38
38
|
ENV['AUTH_DEBUG'] = "true" # [OPTIONAL] dumps all HTTP traffic to STDERR, useful during development; it *has to be a string, not a boolean*
|
39
39
|
ENV['AUTH_REQUIRE_SSL'] = "false" # [OPTIONAL] disable SSL, useful in development (note that all apps API urls must be http, not https); it *has to be a string, not a boolean*
|
40
40
|
ENV['AUTH_HOST'] = "test.exvo.com" # [OPTIONAL] override the default auth host
|
41
|
+
ENV['SSO_COOKIE_SECRET'] = "secret" # Generate using `SecureRandom.hex(16)`
|
41
42
|
```
|
42
43
|
|
43
44
|
But you can also set things directly in the `config/application.rb` file (before the middleware declaration):
|
@@ -48,13 +49,9 @@ Exvo::Helpers.auth_client_secret = "bar"
|
|
48
49
|
Exvo::Helpers.auth_debug = true # boolean
|
49
50
|
Exvo::Helpers.auth_require_ssl = false # boolean
|
50
51
|
Exvo::Helpers.auth_host = "test.exvo.com"
|
52
|
+
Exvo::Helpers.sso_cookie_secret = "secret"
|
51
53
|
```
|
52
54
|
|
53
|
-
Add this line to `config/application.rb`:
|
54
|
-
|
55
|
-
```ruby
|
56
|
-
config.middleware.use ExvoAuth::Middleware
|
57
|
-
```
|
58
55
|
|
59
56
|
Add routes (Rails example):
|
60
57
|
|
@@ -191,7 +188,7 @@ before_filter :authenticate_user!
|
|
191
188
|
If your application requires being accessed by a not logged in users, but you would still like to display a "logged in" state for users, which are logged in, you can unobtrusively authenticate such users by adding this in your controller(s):
|
192
189
|
|
193
190
|
```ruby
|
194
|
-
before_filter :
|
191
|
+
before_filter :unobtrusively_authenticate_user!
|
195
192
|
```
|
196
193
|
|
197
194
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
module ExvoAuth::Controllers::Base
|
2
2
|
# A before filter to protect your sensitive actions.
|
3
3
|
def authenticate_user!(opts = {})
|
4
|
-
|
4
|
+
unobtrusively_authenticate_user!
|
5
5
|
|
6
6
|
if !signed_in?
|
7
7
|
store_request!
|
@@ -19,7 +19,8 @@ module ExvoAuth::Controllers::Base
|
|
19
19
|
# Single Sign On - Authenticate user from cookie if a cookie is present
|
20
20
|
# and delete local session if it's not (this should prevent orphan session problem,
|
21
21
|
# when user signs out, but his session remains in one or more apps)
|
22
|
-
|
22
|
+
# unobtrusively means that there is no redirect to Exvo Auth if user is not logged in
|
23
|
+
def unobtrusively_authenticate_user!
|
23
24
|
if cookies[:user_uid]
|
24
25
|
set_user_session_from_cookie
|
25
26
|
else
|
@@ -27,14 +28,6 @@ module ExvoAuth::Controllers::Base
|
|
27
28
|
end
|
28
29
|
end
|
29
30
|
|
30
|
-
# Single Sign On - Authenticate user from cookie if cookie is present
|
31
|
-
# but don't do anything if the cookie is not present
|
32
|
-
def unobtrusively_authenticate_user_from_cookie
|
33
|
-
if cookies[:user_uid]
|
34
|
-
set_user_session_from_cookie
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
31
|
# Omniauth - Usually this method is called from your sessions#create.
|
39
32
|
def sign_in_and_redirect!
|
40
33
|
set_user_session_from_oauth
|
@@ -125,6 +118,7 @@ module ExvoAuth::Controllers::Base
|
|
125
118
|
end
|
126
119
|
|
127
120
|
def verifier
|
121
|
+
raise "ENV['SSO_COOKIE_SECRET'] is not set" if Exvo::Helpers.sso_cookie_secret.blank?
|
128
122
|
@verifier ||= ActiveSupport::MessageVerifier.new(Exvo::Helpers.sso_cookie_secret)
|
129
123
|
end
|
130
124
|
|
data/lib/exvo_auth/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: exvo_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.16.
|
4
|
+
version: 0.16.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2012-06-
|
13
|
+
date: 2012-06-22 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: httparty
|