Session: Login and Logout user

[wanze]

Enable a user to login by check credentials on the Cybercoach webservice. If success, store information in local session.

This approach could later be secured with Session fingerprinting, e.g. check Users IP and/or Browser against session data in every request.

[wanze]

I've implemented a simple auth mechanism on a separate branch, see 216d531ca51bf6ac5746ff262beb1f62d49f0345

To test:

• Open localhost:3000
• Try to access for example localhost:3000/credits, you should be redirected to the homepage with an error message
• Open localhost:3000/session/login and enter some credentials
• If logged in, you should now be able to access localhost:3000/credits
• Open localhost:3000/session/logout to clear session and logout the user

It's very strange but atm every request to authenticate a user on the CyberCoach service, no matter what credentials are defined, returns the status code 200... never a 401! Is there a fault on my side or does it happen for you guys too? :smile:

[lexruee]

This evening I will push what I have done so far related to the REST adapter. I will also split up the feature into serveral little features.

2014-10-11 11:46 GMT+02:00 Stefan Wanzenried notifications@github.com:

I've implemented a simple auth mechanism on a separate branch, see 216d531 https://github.com/Bergrebell/CyberCoach/commit/216d531ca51bf6ac5746ff262beb1f62d49f0345

To test:

1. Open localhost:3000
2. Try to access for example localhost:3000/credits, you should be redirected to the homepage with an error message
3. Open localhost:3000/session/login and enter some credentials
4. If logged in, you should now be able to access localhost:3000/credits
5. Open localhost:3000/session/logout to clear session and logout the user

It's very strange but atm every request to authenticate a user on the CyberCoach service, no matter what credentials are defined, returns the status code 200... never a 401! Is there a fault on my side or does it happen for you guys too? [image: :smile:]

— Reply to this email directly or view it on GitHub https://github.com/Bergrebell/CyberCoach/issues/18#issuecomment-58744283 .

[wanze]

No hurry :) If everyone is okay using a simple auth mechanism like this instead of devise, I will integrate it into the dev branch after you pushed.

Btw Why is my avatar not displayed anymore nearby the comments??? :sob:

[svetakrasikova]

I also always get status 200. Trying to understand what is happening exactly ...

[lexruee]

Should not be a issue:

1) perform get request to: /resources/authenticateduser/

2) add headers: Authorization: Basic x Accept: application/xml

For x use: x = base64( username + ':' + password)

3) enjoy

[lexruee]

@wanze I incorporated your solution. I thinking if we should go for proxy and adapter approach.

For each remote resource we have an adapter which adapts it (eg.: CyberCoachUser). Besides that we use a proxy that access the adapted object (eg.: User). So the class User acts as a proxy and delegates all requets to the adapter object CyberCoachUser.

The benefit is that we can develop independently from each otther (in theory :-)).

[lexruee]

Sorry for the spam, I wrote a simple auth_tester.rb: https://github.com/Bergrebell/CyberCoach/blob/dev/tools/auth_tester.rb

[lexruee]

Example user: username: mikeShiva password: 12345