thincloud-authentication 0.4.0 → 0.5.0

data/app/controllers/thincloud/authentication/registrations_controller.rb

@@ -32,7 +32,7 @@ module Thincloud::Authentication
         if omniauth
           login_as @identity.user
         else
-          RegistrationsMailer.verification_token(@identity).deliver
+          RegistrationsMailer.verification_token(@identity.id).deliver
           flash[:notice] = "Check your email to verify your registration."
         end
         redirect_to after_registration_path

data/app/mailers/thincloud/authentication/registrations_mailer.rb

@@ -4,8 +4,8 @@ module Thincloud::Authentication
     default from: Thincloud::Authentication.configuration.mailer_sender
 
     # New registration verification token
-    def verification_token(identity)
-      @identity = identity
+    def verification_token(identity_id)
+      @identity = Identity.find(identity_id)
       mail to: @identity.email, subject: "Identity Verification"
     end
   end

data/app/models/thincloud/authentication/identity.rb

@@ -5,9 +5,6 @@ module Thincloud::Authentication
 
     belongs_to :user
 
-    # Limit the ability to mass-assign sensitive fields.
-    attr_accessible :name, :email, :password, :password_confirmation
-
     validates :name, presence: true
     validates :email, presence: true, uniqueness: true, format: /@/
 

data/lib/thincloud/authentication/authenticatable_controller.rb

@@ -17,8 +17,8 @@ module Thincloud
       #
       # Returns: An instance of `User` or `nil`.
       def current_user
-        return nil if session[:uid].blank?
-        @current_user ||= User.find(session[:uid])
+        return nil if cookies.signed[:uid].blank?
+        @current_user ||= User.find(cookies.signed[:uid])
       end
 
       # Protected:  Determine if the current request has a logged in user.
@@ -48,7 +48,11 @@ module Thincloud
       # Returns: The `id` of the provided user.
       def login_as(user)
         reset_session  # avoid session fixation
-        session[:uid] = user.id
+        cookies.signed[:uid] = {
+          value: user.id,
+          secure: request.ssl?,
+          httponly: true
+        }
       end
 
       # Protected: Clear the session of an authenticated user.
@@ -56,6 +60,7 @@ module Thincloud
       # Returns: A new empty session instance.
       def logout
         reset_session
+        cookies.delete(:uid)
       end
 
       # Protected: Provides the URL to redirect to after logging in.

data/lib/thincloud/authentication/engine.rb

@@ -1,3 +1,6 @@
+require "rails"
+require "strong_parameters"
+
 module Thincloud
   module Authentication
 

data/lib/thincloud/authentication/version.rb

@@ -1,5 +1,5 @@
 module Thincloud
   module Authentication
-    VERSION = "0.4.0"
+    VERSION = "0.5.0"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: thincloud-authentication
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-09 00:00:00.000000000 Z
+date: 2013-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -139,7 +139,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 4510440857469135512
+      hash: 95031212902232703
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -148,10 +148,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 4510440857469135512
+      hash: 95031212902232703
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Rails Engine to provide authentication for Thincloud applications