Fixing rememberable strategy.

The rememberable strategy was broken because we clear the session/cookies before going to the second step so the remember_token was being cleared from the cookies. In this commit I make sure the remember me option is respected when the second step is completed. Ref twilio#10
xinminlabs · Dec 13, 2013 · 5107dea · 5107dea
1 parent 8bd2b8a
commit 5107dea
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 11 deletions.
diff --git a/app/controllers/devise/devise_authy_controller.rb b/app/controllers/devise/devise_authy_controller.rb
@@ -28,9 +28,12 @@ def POST_verify_authy
       @resource.update_attribute(:last_sign_in_with_authy, DateTime.now)
 
       remember_device if params[:remember_device].to_i == 1
+      if session.delete("#{resource_name}_remember_me") == true && @resource.respond_to?(:remember_me=)
+        @resource.remember_me = true
+      end
+      sign_in(resource_name, @resource)
 
       set_flash_message(:notice, :signed_in) if is_navigational_format?
-      sign_in(resource_name, @resource)
       respond_with resource, :location => after_sign_in_path_for(@resource)
     else
       set_flash_message(:error, :invalid_token)

diff --git a/authy-devise-demo/Gemfile.lock b/authy-devise-demo/Gemfile.lock
@@ -1,11 +1,9 @@
 PATH
   remote: ..
   specs:
-    devise-authy (1.1.0)
+    devise-authy (1.3.0)
       authy
       devise
-      devise-authy
-      rails (~> 3.2.6)
 
 GEM
   remote: https://rubygems.org/
@@ -38,8 +36,8 @@ GEM
       i18n (= 0.6.1)
       multi_json (~> 1.0)
     arel (3.0.2)
-    authy (2.0.1)
-      httpclient (>= 2.2.6)
+    authy (2.2.0)
+      httpclient (>= 2.3.4)
     bcrypt-ruby (3.0.1)
     builder (3.0.4)
     coderay (1.0.9)
@@ -59,7 +57,7 @@ GEM
     execjs (1.4.0)
       multi_json (~> 1.0)
     hike (1.2.2)
-    httpclient (2.3.3)
+    httpclient (2.3.4.1)
     i18n (0.6.1)
     journey (1.0.4)
     jquery-rails (2.2.1)

diff --git a/lib/devise-authy.rb b/lib/devise-authy.rb
@@ -1,6 +1,5 @@
 require 'active_support/concern'
 require 'active_support/core_ext/integer/time'
-require 'devise-authy/version'
 require 'devise'
 require 'authy'
 

diff --git a/lib/devise-authy/controllers/helpers.rb b/lib/devise-authy/controllers/helpers.rb
@@ -41,11 +41,15 @@ def check_request_and_redirect_to_verify_token
            require_token?
           # login with 2fa
           id = warden.session(resource_name)[:id]
+
+          remember_me = (params.fetch(resource_name, {})[:remember_me].to_s == "1")
           warden.logout
           warden.reset_session! # make sure the session resetted
+
           session["#{resource_name}_id"] = id
           # this is safe to put in the session because the cookie is signed
           session["#{resource_name}_password_checked"] = true
+          session["#{resource_name}_remember_me"] = remember_me
           session["#{resource_name}_return_to"] = request.path if request.get?
 
           redirect_to verify_authy_path_for(resource_name)

diff --git a/lib/devise-authy/version.rb b/lib/devise-authy/version.rb