Unsign auth token cookies per discussion on #215
This commit is contained in:
parent
20d6152bb4
commit
3e6641c07e
|
@ -117,7 +117,7 @@ class ApplicationController < ActionController::Base
|
|||
user.auth_token = SecureRandom.hex(16)
|
||||
user.save!
|
||||
end
|
||||
cookies.permanent.signed[:_t] = { :value => user.auth_token, :httponly => true }
|
||||
cookies.permanent[:_t] = { :value => user.auth_token, :httponly => true }
|
||||
end
|
||||
|
||||
# This is odd, but it seems that in Rails `render json: obj` is about
|
||||
|
|
|
@ -2,6 +2,7 @@ module CurrentUser
|
|||
|
||||
def self.lookup_from_env(env)
|
||||
request = Rack::Request.new(env)
|
||||
puts request.inspect
|
||||
auth_token = request.cookies[:_t]
|
||||
user = nil
|
||||
if auth_token && auth_token.length == 32
|
||||
|
@ -16,7 +17,7 @@ module CurrentUser
|
|||
|
||||
if session[:current_user_id].blank?
|
||||
# maybe we have a cookie?
|
||||
auth_token = cookies.signed[:_t]
|
||||
auth_token = cookies[:_t]
|
||||
if auth_token && auth_token.length == 32
|
||||
@current_user = User.where(auth_token: auth_token).first
|
||||
session[:current_user_id] = @current_user.id if @current_user
|
||||
|
|
|
@ -38,7 +38,7 @@ describe SessionController do
|
|||
end
|
||||
|
||||
it 'sets a cookie with the auth token' do
|
||||
cookies.signed[:_t].should == user.auth_token
|
||||
cookies[:_t].should == user.auth_token
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue