Skip to content

Instantly share code, notes, and snippets.

@suhovius
Forked from ku1ik/warden.rb
Created July 11, 2014 16:30
Show Gist options
  • Save suhovius/a287475f94adcf5d74cc to your computer and use it in GitHub Desktop.
Save suhovius/a287475f94adcf5d74cc to your computer and use it in GitHub Desktop.
Rails.configuration.middleware.use Rack::OpenID
Rails.configuration.middleware.use RailsWarden::Manager do |manager|
manager.default_strategies :remember_me_token, :password_form, :api_token, :openid
manager.failure_app = ExceptionsController
end
# Setup Session Serialization
class Warden::SessionSerializer
def serialize(record)
[record.class, record.id]
end
def deserialize(keys)
klass, id = keys
klass.get(id)
end
end
# Remember-me cookie strategy
class RememberMeTokenStrategy < Warden::Strategies::Base
def authenticate!
if cookies[:remember_me_token]
u = User.authenticate_with_remember_me_token(cookies[:remember_me_token])
u && success!(u)
end
end
end
Warden::Strategies.add(:remember_me_token, RememberMeTokenStrategy)
# Password form strategy
class PasswordFormStrategy < Warden::Strategies::Base
def authenticate!
if (login = request.params[:login]) && (password = request.params[:password])
user = User.first(:email => login)
if user
if user.active?
if User.authenticate(login, password)
if request.params[:remember_me] == "1"
user.remember_me!
cookies['remember_me_token'] = { :value => user.remember_me_token, :expires => Time.parse(user.remember_me_token_expires_at.to_s) }
end
success! user
else
fail! "Invalid email/password combination"
end
else
fail! "Sorry, you need to activate your account first"
end
else
fail! "Invalid email/password combination"
end
end
end
end
Warden::Strategies.add(:password_form, PasswordFormStrategy)
# API token strategy
class ApiTokenStrategy < Warden::Strategies::Base
def authenticate!
if token = request.params[:api_token]
user = User.authenticate_with_api_token(token.strip)
user.nil? ? fail! : success!(user)
end
end
end
Warden::Strategies.add(:api_token, ApiTokenStrategy)
# OpenID strategy
class OpenIDStrategy < Warden::Strategies::Base
def authenticate!
if resp = request.env['rack.openid.response']
if [:failure, :missing].include?(resp.status)
fail! "OpenID authentication failed"
elsif resp.status == :cancel
fail! "OpenID authentication canceled"
elsif resp.status == :success
if user = User.first(:identity_url => resp.identity_url)
success! user
else
request.session['openid.url'] = resp.identity_url
sreg_response = ::OpenID::SReg::Response.from_success_response(resp)
request.session['openid.email'] = sreg_response.data["email"]
custom!([302, { "Location" => Rails::Application.routes.generate({ :use_route => :signup }) }, []])
end
end
elsif openid_url = request.params[:openid_url]
if openid_url.blank?
fail! "Please enter OpenID URL"
else
return_to = request.url
if request.params[:remember_me] == "1"
return_to << "?remember_me=1"
end
custom!([401, { "WWW-Authenticate" => Rack::OpenID.build_header(:identifier => openid_url, :return_to => return_to, :optional => ["email"]) }, []])
end
end
end
end
Warden::Strategies.add(:openid, OpenIDStrategy)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment