Unsign auth token cookies per discussion on #215

This commit is contained in:
tms 2013-02-23 13:40:21 -05:00
parent 20d6152bb4
commit 3e6641c07e
3 changed files with 4 additions and 3 deletions

View File

@ -117,7 +117,7 @@ class ApplicationController < ActionController::Base
user.auth_token = SecureRandom.hex(16)
user.save!
end
cookies.permanent.signed[:_t] = { :value => user.auth_token, :httponly => true }
cookies.permanent[:_t] = { :value => user.auth_token, :httponly => true }
end
# This is odd, but it seems that in Rails `render json: obj` is about

View File

@ -2,6 +2,7 @@ module CurrentUser
def self.lookup_from_env(env)
request = Rack::Request.new(env)
puts request.inspect
auth_token = request.cookies[:_t]
user = nil
if auth_token && auth_token.length == 32
@ -16,7 +17,7 @@ module CurrentUser
if session[:current_user_id].blank?
# maybe we have a cookie?
auth_token = cookies.signed[:_t]
auth_token = cookies[:_t]
if auth_token && auth_token.length == 32
@current_user = User.where(auth_token: auth_token).first
session[:current_user_id] = @current_user.id if @current_user

View File

@ -38,7 +38,7 @@ describe SessionController do
end
it 'sets a cookie with the auth token' do
cookies.signed[:_t].should == user.auth_token
cookies[:_t].should == user.auth_token
end
end