Warden Cookie Session is a warden strategy to store auth in custom encrypted cookie(instead of rack:session).
The main puprpose to allow store authorization between multiple rails applications, without sharing secret_key_base
.
Setup Warden::CookieSession
in initializer and provide wrapper.
Warden::CookieSession.configure do |config|
config.cookie = Rails.application.secrets['shared_cookie']
config.secret = Rails.application.secrets['shared_secret']
config.wrapper = Warden::CookieSession::DefaultWrapper.new(User)
end
Default wrapper just fetch user from model:
module Warden
module CookieSession
class DefaultWrapper
def initialize(klass = nil)
@klass = klass
end
def serialize_record(record)
# like in https://github.com/plataformatec/devise/blob/master/lib/devise/models/authenticatable.rb
[record.to_key, record.authenticatable_salt]
end
def fetch_record(key)
@klass.find(key.first)
end
def validate_record(record, salt)
# like in https://github.com/plataformatec/devise/blob/master/lib/devise/models/authenticatable.rb
record if record && record.authenticatable_salt == salt
end
end
end
end
With Warden::CookieSession
we can fetch user data remotly ex. from API:
Warden::CookieSession.configure do |config|
config.cookie = Rails.application.secrets['shared_cookie']
config.secret = Rails.application.secrets['shared_secret']
class RemoteWrapper
def serialize_record(record)
[record.to_key, record.authenticatable_salt]
end
def fetch_record(key)
FetchRemoteUserAndSalt.run!(key)
end
def validate_record(record, salt)
record if record && record.authenticatable_salt == salt
end
end
config.wrapper = Warden::CookieSession::DefaultWrapper.new(User)
end
It's a gem:
gem install warden_cookie_session
There's also the wonders of the Gemfile:
gem 'warden_cookie_session'