team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

making sure this is up to date

Browse Source
This commit is contained in:
cktricky
2014-03-14 14:00:51 -04:00
parent ec8a187833
commit d0e825fc17
4 changed files with 40 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/application_controller.rb
+4 -1
View File
@@ -9,7 +9,10 @@ class ApplicationController < ActionController::Base
private private
def current_user def current_user
@current_user ||= (User.find_by_auth_token(cookies[:auth_token].to_s) || User.find_by_user_id(session[:user_id].to_s)) @current_user ||= (
User.find_by_auth_token(cookies[:auth_token].to_s) ||
User.find_by_user_id(session[:user_id].to_s)
)
end end
def authenticated def authenticated
app/controllers/sessions_controller.rb
+1 -3
View File
@@ -8,7 +8,6 @@ class SessionsController < ApplicationController
redirect_to home_dashboard_index_path if current_user redirect_to home_dashboard_index_path if current_user
end end
def create def create
path = params[:url].present? ? params[:url] : home_dashboard_index_path path = params[:url].present? ? params[:url] : home_dashboard_index_path
begin begin
@@ -20,10 +19,9 @@ class SessionsController < ApplicationController
if user if user
if params[:remember_me] if params[:remember_me]
cookies.permanent[:auth_token] = user.auth_token if User.where(:user_id => user.user_id).exists? cookies.permanent[:auth_token] = user.auth_token if User.where(:user_id => user.user_id).exists?
else else
session[:user_id] = user.user_id if User.where(:user_id => user.user_id).exists? session[:user_id] = user.user_id if User.where(:user_id => user.user_id).exists?
#cookies[:auth_token] = user.auth_token if User.where(:user_id => user.user_id).exists?
end end
redirect_to path redirect_to path
else else
app/models/key_management.rb
+1
View File
@@ -1,5 +1,6 @@
class KeyManagement < ActiveRecord::Base class KeyManagement < ActiveRecord::Base
attr_accessible :iv, :user_id attr_accessible :iv, :user_id
belongs_to :work_info belongs_to :work_info
belongs_to :user
end end
app/models/user.rb
+34 -3
View File
@@ -64,8 +64,6 @@ private
end end
=end =end
def assign_user_id def assign_user_id
unless @skip_user_id_assign.present? || self.user_id.present? unless @skip_user_id_assign.present? || self.user_id.present?
user = User.order("user_id").last user = User.order("user_id").last
@@ -82,9 +80,42 @@ private
end end
end end
# Added a re-usable encryption routine, shouldn't be an issue!
def encrypt_sensitive_value(val="")
aes = OpenSSL::Cipher::Cipher.new(cipher_type)
aes.encrypt
aes.key = key
aes.iv = iv if iv != nil
#self.encrypted_ssn = aes.update(self.SSN) + aes.final
#self.SSN = nil
end
def decrypt_ssn
aes = OpenSSL::Cipher::Cipher.new(cipher_type)
aes.decrypt
aes.key = key
aes.iv = iv if iv != nil
#aes.update(self.encrypted_ssn) + aes.final
end
# Should be able to just re-use the same key we already have!
def key
raise "Key Missing" if !(KEY)
KEY
end
def iv
raise "No IV for this User" if !(self.key_management.iv)
#self.key_management.iv
end
def cipher_type
'aes-256-cbc'
end
def generate_token(column) def generate_token(column)
begin begin
self[column] = SecureRandom.urlsafe_base64 #self[column] =
end while User.exists?(column => self[column]) end while User.exists?(column => self[column])
end end