Sha256: 35e44c9743a6ecb4589f35883853bb36268bf781dc20a23f28c78cbcce4f00dc
Contents?: true
Size: 1.1 KB
Versions: 3
Compression:
Stored size: 1.1 KB
Contents
class UserTasks < Volt::TaskHandler # Login a user, takes a login and password. Login can be either a username # or an e-mail based on Volt.config.public.auth.use_username def login(login, password) query = { User.login_field => login } # During login we need access to the user's info even though we aren't the user Volt.skip_permissions do store._users.find(query).fetch_first do |user| fail 'User could not be found' unless user match_pass = BCrypt::Password.new(user._hashed_password) fail 'Password did not match' unless match_pass == password fail 'app_secret is not configured' unless Volt.config.app_secret # TODO: returning here should be possible, but causes some issues # Salt the user id with the app_secret so the end user can't # tamper with the cookie signature = Digest::SHA256.hexdigest(salty_user_id(user._id)) # Return user_id:hash on user id next "#{user._id}:#{signature}" end end end private def salty_user_id(user_id) "#{Volt.config.app_secret}::#{user_id}" end end
Version data entries
3 entries across 3 versions & 1 rubygems
Version | Path |
---|---|
volt-0.8.27.beta6 | app/volt/tasks/user_tasks.rb |
volt-0.8.27.beta5 | app/volt/tasks/user_tasks.rb |
volt-0.8.27.beta4 | app/volt/tasks/user_tasks.rb |