Login/Register
remember_me with warden
Asked Answered
Solved ruby-on-railsruby-on-rails-3remember-mewarden
P

2

5

For my lastest project I'm using https://github.com/hassox/rails_warden. It suits my needs very well except that I can't find a good way to implement remember_me. I know that it's notoriously difficult to get remember_me right from a security point of view so I'm hoping there's a project out there that will do the job. Anyone seen anything or get a good idea?

Pallet answered 16/12, 2010 at 14:49 Comment(0)
P
4

Devise, which is an authentication solution on top of Warden, has a rememberable implementation.

Pantaloon answered 16/12, 2010 at 15:5 Comment(2)
I was aware that devise had a rememberable implementation, I hadn't realised it was a warden strategy though. That's perfect, I can just plug it in as the first strategy in my warden config. Will integrate and confirm it works.Pallet
I would be interested in the answer without relying on devise because I am trying implement in a sinatra app.Carnahan
C
6

Ok here's how I solved it

 # User model must have remember_token attribute

 # in config.ru
 use Rack::Cookies
 run MyApp

  # in lib/strategies.rb
  Strategies.add(:cookie) do
    def valid?
      env['rack.cookies']['user.remember.token']      
    end

    def authenticate!
      if user = User.find_by_remember_token(cookies['user.remember.token'])
        success! user
      else
        fail! "Could not log in"
      end
    end
  end

  Manager.after_authentication :scope => :user do |user, auth, opts|
    auth.env['rack.cookies']['user.remember.token'] = user.generate_remember_token! # sets its remember_token attribute to some large random value and returns the value
  end

  Manager.before_logout :scoper => :user do |user, auth, opts|
    user.update_attribute :remember_token, nil
  end
Carnahan answered 8/1, 2011 at 1:56 Comment(0)
P
4

Devise, which is an authentication solution on top of Warden, has a rememberable implementation.

Pantaloon answered 16/12, 2010 at 15:5 Comment(2)
I was aware that devise had a rememberable implementation, I hadn't realised it was a warden strategy though. That's perfect, I can just plug it in as the first strategy in my warden config. Will integrate and confirm it works.Pallet
I would be interested in the answer without relying on devise because I am trying implement in a sinatra app.Carnahan

© 2022 - 2024 — McMap. All rights reserved.