Commit 10030db9
Changed files (8)
app
config
initializers
spec
models
app/controllers/application_controller.rb
@@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base
helper_method :current_user, :user_signed_in?
rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
- def user_session(session_key = cookies.signed[:raphael])
+ def user_session(session_key = session[:raphael])
@user_session ||= UserSession.authenticate(session_key)
end
@@ -31,7 +31,7 @@ class ApplicationController < ActionController::Base
end
def extend_session_cookie
- cookies.signed[:raphael] = user_session.access(request) if user_signed_in?
+ session[:raphael] = user_session.access(request) if user_signed_in?
end
def record_not_found
app/controllers/registrations_controller.rb
@@ -2,7 +2,7 @@ class RegistrationsController < ApplicationController
def create
user = User.create(secure_params)
if user.save
- cookies.signed[:raphael] = User.login(secure_params[:email], secure_params[:password]).access(request)
+ session[:raphael] = User.login(secure_params[:email], secure_params[:password]).access(request)
redirect_to my_dashboard_path
else
flash[:error] = user.errors.full_messages
app/controllers/sessions_controller.rb
@@ -6,7 +6,7 @@ class SessionsController < ApplicationController
def create
if @session = User.login(session_params[:username], session_params[:password])
- cookies.signed[:raphael] = @session.access(request)
+ session[:raphael] = @session.access(request)
redirect_to my_dashboard_path
else
flash[:error] = "Ooops... invalid email or password."
@@ -16,7 +16,7 @@ class SessionsController < ApplicationController
def destroy
user_session.revoke!
- cookies.delete(:raphael)
+ reset_session
redirect_to root_path
end
app/models/user_session.rb
@@ -15,16 +15,7 @@ class UserSession < ActiveRecord::Base
self.ip = request.ip
self.user_agent = request.user_agent
self.location = Location.build_from_ip(request.ip)
- if save
- {
- value: key,
- secure: Rails.env.production? || Rails.env.staging?,
- httponly: true,
- expires: 2.weeks.from_now,
- }
- else
- {}
- end
+ save ? key : nil
end
def browser
config/initializers/session_store.rb
@@ -1,7 +1,7 @@
# Be sure to restart your server when you modify this file.
configuration = {
key: "_cake_eater_#{Rails.env}",
- expire_after: 1.day,
+ expire_after: 2.weeks,
secure: Rails.env.production? || Rails.env.staging?,
}
Rails.application.config.session_store :cookie_store, configuration
spec/controllers/registrations_controller_spec.rb
@@ -11,8 +11,8 @@ describe RegistrationsController do
expect(User.count).to eql(1)
expect(response).to redirect_to(my_dashboard_path)
- expect(cookies.signed[:raphael]).to_not be_nil
- expect(cookies.signed[:raphael]).to eql(user_session.access)
+ expect(session[:raphael]).to_not be_nil
+ expect(session[:raphael]).to eql(user_session.access)
end
it 'displays errors' do
spec/controllers/sessions_controller_spec.rb
@@ -34,8 +34,7 @@ describe SessionsController do
end
it "returns a valid session" do
- expect(cookies.signed[:raphael]).to_not be_nil
- expect(cookies.signed[:raphael]).to eql(user_session.key)
+ expect(session[:raphael]).to eql(user_session.key)
end
it "redirects to the dashboard" do
@@ -60,12 +59,12 @@ describe SessionsController do
let(:user_session) { create(:user_session) }
before :each do
- request.cookies[:raphael] = user_session.key
+ session[:raphael] = user_session.key
allow(controller).to receive(:user_session).and_return(user_session)
delete :destroy, id: "me"
end
- it { expect(cookies[:raphael]).to be_nil }
+ it { expect(session[:raphael]).to be_nil }
it { expect(user_session.reload.revoked_at).to_not be_nil }
spec/models/user_session_spec.rb
@@ -37,9 +37,7 @@ describe UserSession do
end
it "returns a hash to store in the cookie" do
- expect(because[:value]).to eql(subject.key)
- expect(because[:httponly]).to be_truthy
- expect(because[:expires].to_i).to eql(2.weeks.from_now.to_i)
+ expect(because).to eql(subject.key)
end
end