happycze/Gemfile Secret

## app.rb
...
# Autolocale
register Padrino::Contrib::AutoLocale
set :locales, [:cs, :en]
set :locale_exclusive_paths, ["/stylesheets","/javascripts","/sessions","/auth"]
before do
  I18n.locale=cookies[:lng] if cookies[:lng]
end

# Warden config
register Padrino::Warden
set :auth_success_path, "/" #settings.auth_success_path
set :auth_error_message, "Login failed."
...

## authentication.rb
Warden::Strategies.add(:password) do
  def valid?
    params["email"] || params["response"] || params["nonce"]
  end

  def authenticate!
    if user = User.authenticate(params["email"], params["response"], params["nonce"])
      success!(user)
    else
      fail!("Could not log in!")
    end
  end
end

Warden::Manager.serialize_into_session { |user| user.id }
Warden::Manager.serialize_from_session { |id| User[id] }

Warden::Manager.before_failure do |env,opts|
  puts "#{opts.inspect}"
  puts "#{env.inspect}"
  env['REQUEST_METHOD'] = "POST"
end

## Gemfile
source 'https://rubygems.org'

# Distribute your app as a gem
# gemspec

# Server requirements
# gem 'thin' # or mongrel
# gem 'trinidad', :platform => 'jruby'

# Optional JSON codec (faster performance)
# gem 'oj'

# Project requirements
gem 'rake'

# Component requirements
gem 'erubis', '~> 2.7.0'
gem 'sqlite3'
gem 'sequel'

# GEM Dependencies
gem 'bcrypt'
gem 'sinatra-param'
gem 'padrino-warden'
gem 'padrino-contrib'
gem 'padrino-cookies'
gem 'omniauth'
gem 'omniauth-oauth2', '~> 1.3.1'
gem 'omniauth-google-oauth2'
gem 'omniauth-twitter'

gem 'bing_translator'

# Test requirements
gem 'minitest', :require => 'minitest/autorun', :group => 'test'
gem 'rack-test', :require => 'rack/test', :group => 'test'

# Padrino Stable Gem
gem 'padrino', '0.12.3'

# Or Padrino Edge
# gem 'padrino', :github => 'padrino/padrino-framework'

# Or Individual Gems
# %w(core support gen helpers cache mailer admin).each do |g|
#   gem 'padrino-' + g, '0.12.3'
# end

## login.erb
<% form_tag "/sessions/login", :method=>:post, id: "login", :class=>"form-horizontal"  do%>
  <div class="form-group">
    <div class="col-sm-offset-3 col-sm-9">
      <%= flash_tag :error, id: 'flash-error', class: "alert alert-danger", bootstrap: true %>
      <%= flash_tag :notice, id: 'flash-notice', class: "alert alert-success", bootstrap: true %>
    </div>
  </div>
  <div class="form-group">
    <div class="col-sm-offset-3 col-sm-2">
      <%=label_tag "Email", class: "control-label"%>
    </div>
    <div class="col-sm-4">
      <div class="input-group">
        <span class="input-group-addon">@</span>
        <%= email_field_tag :email, id: "email", class: "form-control", value: @email, placeholder: @email_placeholder, maxlenght: 255, required: true %>
      </div>
    </div>
    <div class="col-sm-3"></div>
  </div>
  <div class="form-group">
    <div class="col-sm-offset-3 col-sm-2">
      <%=label_tag "Pass", class: "control-label"%>
    </div>
    <div class="col-sm-4">
      <%= password_field_tag :password, id: "password", class: "form-control", required: true %>
      <%= hidden_field_tag :nonce, id: "nonce", value: nonce%>
      <%= hidden_field_tag :response, id: "response", value: ""%>
    </div>
    <div class="col-sm-3"></div>
  </div>
  <div class="form-group vertical-align">
    <div class="col-sm-offset-5 col-sm-2">
      <%= submit_tag "Login", class: "btn btn-primary"%>
    </div>
    <div class="col-sm-2">
      <%= link_to "Register", "/#{I18n.locale}/register", class: "pull-right"%>
    </div>
    <div class="col-sm-3"></div>
  </div>
<%end%>

## user.rb
class User < Sequel::Model
  # General authentication
  def self.authenticate(login, response, nonce)
    user = self.first(login: login)
    cached_nonce = Padrino.cache[nonce] # Ensure one time usage of nonce
    Padrino.cache.delete(nonce)

    user if user && (Digest::SHA256.hexdigest(cached_nonce+user.password)) == response
  end
end
	...
	# Autolocale
	register Padrino::Contrib::AutoLocale
	set :locales, [:cs, :en]
	set :locale_exclusive_paths, ["/stylesheets","/javascripts","/sessions","/auth"]
	before do
	I18n.locale=cookies[:lng] if cookies[:lng]
	end

	# Warden config
	register Padrino::Warden
	set :auth_success_path, "/" #settings.auth_success_path
	set :auth_error_message, "Login failed."
	...
	Warden::Strategies.add(:password) do
	def valid?
	params["email"] \|\| params["response"] \|\| params["nonce"]
	end

	def authenticate!
	if user = User.authenticate(params["email"], params["response"], params["nonce"])
	success!(user)
	else
	fail!("Could not log in!")
	end
	end
	end

	Warden::Manager.serialize_into_session { \|user\| user.id }
	Warden::Manager.serialize_from_session { \|id\| User[id] }

	Warden::Manager.before_failure do \|env,opts\|
	puts "#{opts.inspect}"
	puts "#{env.inspect}"
	env['REQUEST_METHOD'] = "POST"
	end
	source 'https://rubygems.org'

	# Distribute your app as a gem
	# gemspec

	# Server requirements
	# gem 'thin' # or mongrel
	# gem 'trinidad', :platform => 'jruby'

	# Optional JSON codec (faster performance)
	# gem 'oj'

	# Project requirements
	gem 'rake'

	# Component requirements
	gem 'erubis', '~> 2.7.0'
	gem 'sqlite3'
	gem 'sequel'

	# GEM Dependencies
	gem 'bcrypt'
	gem 'sinatra-param'
	gem 'padrino-warden'
	gem 'padrino-contrib'
	gem 'padrino-cookies'
	gem 'omniauth'
	gem 'omniauth-oauth2', '~> 1.3.1'
	gem 'omniauth-google-oauth2'
	gem 'omniauth-twitter'

	gem 'bing_translator'

	# Test requirements
	gem 'minitest', :require => 'minitest/autorun', :group => 'test'
	gem 'rack-test', :require => 'rack/test', :group => 'test'

	# Padrino Stable Gem
	gem 'padrino', '0.12.3'

	# Or Padrino Edge
	# gem 'padrino', :github => 'padrino/padrino-framework'

	# Or Individual Gems
	# %w(core support gen helpers cache mailer admin).each do \|g\|
	# gem 'padrino-' + g, '0.12.3'
	# end
	<% form_tag "/sessions/login", :method=>:post, id: "login", :class=>"form-horizontal" do%>
	<div class="form-group">
	<div class="col-sm-offset-3 col-sm-9">
	<%= flash_tag :error, id: 'flash-error', class: "alert alert-danger", bootstrap: true %>
	<%= flash_tag :notice, id: 'flash-notice', class: "alert alert-success", bootstrap: true %>
	</div>
	</div>
	<div class="form-group">
	<div class="col-sm-offset-3 col-sm-2">
	<%=label_tag "Email", class: "control-label"%>
	</div>
	<div class="col-sm-4">
	<div class="input-group">
	<span class="input-group-addon">@</span>
	<%= email_field_tag :email, id: "email", class: "form-control", value: @email, placeholder: @email_placeholder, maxlenght: 255, required: true %>
	</div>
	</div>
	<div class="col-sm-3"></div>
	</div>
	<div class="form-group">
	<div class="col-sm-offset-3 col-sm-2">
	<%=label_tag "Pass", class: "control-label"%>
	</div>
	<div class="col-sm-4">
	<%= password_field_tag :password, id: "password", class: "form-control", required: true %>
	<%= hidden_field_tag :nonce, id: "nonce", value: nonce%>
	<%= hidden_field_tag :response, id: "response", value: ""%>
	</div>
	<div class="col-sm-3"></div>
	</div>
	<div class="form-group vertical-align">
	<div class="col-sm-offset-5 col-sm-2">
	<%= submit_tag "Login", class: "btn btn-primary"%>
	</div>
	<div class="col-sm-2">
	<%= link_to "Register", "/#{I18n.locale}/register", class: "pull-right"%>
	</div>
	<div class="col-sm-3"></div>
	</div>
	<%end%>
	class User < Sequel::Model
	# General authentication
	def self.authenticate(login, response, nonce)
	user = self.first(login: login)
	cached_nonce = Padrino.cache[nonce] # Ensure one time usage of nonce
	Padrino.cache.delete(nonce)

	user if user && (Digest::SHA256.hexdigest(cached_nonce+user.password)) == response
	end
	end