Changesets can be listed by changeset number.
The Git repository is here.
Changeset 476
Various fixes:
* Clear cookies on login
* Warn about cookie use before login
* HTTPS / other parameter improvements for own cookie
- Comitted by: rool
- Date: Wednesday June 19 05:51:04 2019 (over 5 years ago)
Affected files:
rool/rails/hub/trunk/app/controllers/account_controller.rb (diff)
-
rool/rails/hub/trunk/app/views/account/login.html.erb (diff)
-
rool/rails/hub/trunk/app/views/account/signup.html.erb (diff)
-
rool/rails/hub/trunk/config/initializers/01_session_store.rb (diff)
rool/rails/hub/trunk/app/controllers/account_controller.rb:
| prev. | current | |
| # | ||
| def login | ||
| @title = 'Log in' | ||
| 54 | | |
| 55 | # GET methods just show the login screen. We dump all known application | |
| 56 | # cookies at this point, since they can be stale and logins might not be | |
| 57 | # recognised within those applications otherwise. | |
| 58 | # | |
| 59 | unless request.post? | |
| 60 | cookies.delete( '_canvass_session' ) | |
| 61 | cookies.delete( '_radiantapp_session_id' ) | |
| 62 | cookies.delete( '_instikiapp_session_id' ) | |
| 63 | cookies.delete( 'beastapp_session_id' ) | |
| 64 | cookies.delete( 'typoapp_session_id' ) | |
| 65 | cookies.delete( 'gulleryapp_session_id' ) | |
| 66 | cookies.delete( 'collaboaapp_session_id' ) | |
| 67 | cookies.delete( 'rcvswebapp_session_id' ) | |
| 68 | ||
| 69 | return | |
| 70 | end | |
| 71 | ||
| @email = params[:email] | ||
| self.hubssolib_current_user = from_real_user(User.authenticate(@email, params[:password])) | ||
rool/rails/hub/trunk/app/views/account/login.html.erb:
| prev. | current | |
| 1 | <p style="border: 1px solid black; background: #eee; padding: 15px"> | |
| 2 | <font color="#800">We use cookies to keep you signed in across the | |
| 3 | various sections of the RISC OS Open web site, so if you proceed we will | |
| 4 | assume that you are happy with this. For more information, please see our | |
| 5 | <a href="https://www.riscosopen.org/content/documents/privacy">privacy | |
| 6 | policy</a> page.</font> | |
| 7 | </p> | |
| 8 | ||
| Please enter your e-mail address and account password in the table below, then | ||
| use the "Log in" button below to proceed. | ||
| ... | ... | |
| <td> </td> | ||
| <td><%= make_action_link('account', 'signup', 80, 80, 'Sign up!') %></td> | ||
| </tr> | ||
| 33 | | |
| 42 | </table> |
rool/rails/hub/trunk/app/views/account/signup.html.erb:
| prev. | current | |
| 1 | <p style="border: 1px solid black; background: #eee; padding: 15px"> | |
| 2 | <font color="#800">We use cookies to keep you signed in across the | |
| 3 | various sections of the RISC OS Open web site, so if you proceed we will | |
| 4 | assume that you are happy with this. For more information, please see our | |
| 5 | <a href="https://www.riscosopen.org/content/documents/privacy">privacy | |
| 6 | policy</a> page.</font> | |
| 7 | </p> | |
| 8 | ||
| Please supply the information required in the form below to create a new | ||
| web site account, then use the "Sign up" button to create the account and | ||
| log in. |
rool/rails/hub/trunk/config/initializers/01_session_store.rb:
| prev. | current | |
| # Make sure the secret is at least 30 characters and all random, | ||
| # no regular words or you'll be exposed to dictionary attacks. | ||
| ActionController::Base.session = { | ||
| 8 | | |
| 9 | | |
| 8 | :key => '_hub_session', | |
| 9 | :secret => 'changeme', | |
| 10 | :secure => RAILS_ENV == 'production', | |
| 11 | :httponly => true | |
| } | ||
| # Use the database for sessions instead of the cookie-based default, |
