f52181db94
that hash is bcrypted. Bcrypted hashes are stored in a new column on users. This separate column is only to allow for rollbacks, eventually the old SHA1 hash column will be removed. Sensitive cookie details are now encrypted to prevent user tampering and more stringent checks on secret_token and session_secret_key are enforced.
29 lines
704 B
Ruby
29 lines
704 B
Ruby
class SessionCreator
|
|
attr_reader :session, :cookies, :name, :password, :remember
|
|
|
|
def initialize(session, cookies, name, password, remember)
|
|
@session = session
|
|
@cookies = cookies
|
|
@name = name
|
|
@password = password
|
|
@remember = remember
|
|
end
|
|
|
|
def authenticate
|
|
if User.authenticate(name, password)
|
|
user = User.find_by_name(name)
|
|
user.update_column(:last_logged_in_at, Time.now)
|
|
|
|
if remember.present?
|
|
cookies.permanent.signed[:user_name] = user.name
|
|
cookies.permanent.signed[:password_hash] = user.bcrypt_password_hash
|
|
end
|
|
|
|
session[:user_id] = user.id
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
end
|