authie 2.0.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb +5 -0
  3. data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb +5 -0
  4. data/lib/authie/session.rb +34 -8
  5. data/lib/authie/version.rb +1 -1
  6. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: db86dfa1839811d7896e1906d7e42a3b7ebcffc1
4
- data.tar.gz: 7482919291dc9fffe55f5a9c7307a64fa882abac
3
+ metadata.gz: 9d1aceff4f3015b34c0f529d573ba5b38342a995
4
+ data.tar.gz: 4fcfced43fd5b139af44c8b2cdf0a5dd664eb8ad
5
5
  SHA512:
6
- metadata.gz: d1ff02b07834284e53746ee7dcf9f894ba9801a535dc0fa786ef189328a15684fe9342e4894cdf454d61e06d72eb6220cc5c6ccde9decd31a812228b7875a41a
7
- data.tar.gz: 5334c04d22104d0c7e9a4c2c0ff33975100bf44ad5d582ccaca31d17dced23ae840847ddfa404394423759cf664cb976a315477e9e101b52f38a22b9f07cf766
6
+ metadata.gz: 5156c899cbfa6dd8175790aec3f3b11ea4efb0dd05e28d1af6cd5334928ad3d0fce4a0f78f465a9be883a9f2fa3ae47ce2641b34019ec752cc497c8238b43bcb
7
+ data.tar.gz: 9a9865e44ea9fc20e7c5d2c3c1dd3f8bc0677837fd388a3f6a49c31667384273af913ca2cfe4de9a6f7430b321da216774714da85d96417108a95d643e610391
data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb ADDED
@@ -0,0 +1,5 @@
1
+ class AddTokenHashesToAuthieSessions < ActiveRecord::Migration
2
+ def change
3
+ add_column :authie_sessions, :token_hash, :string
4
+ end
5
+ end
data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb ADDED
@@ -0,0 +1,5 @@
1
+ class AddIndexToTokenHashesOnAuthieSessions < ActiveRecord::Migration
2
+ def change
3
+ add_index :authie_sessions, :token_hash
4
+ end
5
+ end
data/lib/authie/session.rb CHANGED
@@ -11,11 +11,12 @@ module Authie
11
11
  self.table_name = "authie_sessions"
12
12
 
13
13
  # Relationships
14
- belongs_to :user, {:polymorphic => true}.merge(Authie.config.user_relationship_options)
14
+ user_options = {:polymorphic => true}.merge(Authie.config.user_relationship_options)
15
+ user_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
16
+ belongs_to :user, user_options
17
+
15
18
  parent_options = {:class_name => "Authie::Session"}
16
- if ActiveRecord::VERSION::MAJOR >= 5
17
- parent_options[:optional] = true
18
- end
19
+ parent_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
19
20
  belongs_to :parent, parent_options
20
21
 
21
22
  # Scopes
@@ -25,6 +26,7 @@ module Authie
25
26
  # Attributes
26
27
  serialize :data, Hash
27
28
  attr_accessor :controller
29
+ attr_accessor :temporary_token
28
30
 
29
31
  before_validation do
30
32
  if self.user_agent.is_a?(String)
@@ -33,7 +35,8 @@ module Authie
33
35
  end
34
36
 
35
37
  before_create do
36
- self.token = SecureRandom.base64(32)
38
+ self.temporary_token = SecureRandom.base64(32)
39
+ self.token_hash = self.class.hash_token(self.temporary_token)
37
40
  if controller
38
41
  self.user_agent = controller.request.user_agent
39
42
  set_cookie!
@@ -58,7 +61,7 @@ module Authie
58
61
  # Sets the cookie on the associated controller.
59
62
  def set_cookie!
60
63
  cookies[:user_session] = {
61
- :value => token,
64
+ :value => self.temporary_token,
62
65
  :secure => controller.request.ssl?,
63
66
  :httponly => true,
64
67
  :expires => self.expires_at
@@ -145,7 +148,7 @@ module Authie
145
148
 
146
149
  # Invalidate all sessions but this one for this user
147
150
  def invalidate_others!
148
- self.class.where.not(:id => self.id).where(:user => self.user).each do |s|
151
+ self.class.where("id != ?", self.id).where(:user => self.user).each do |s|
149
152
  s.invalidate!
150
153
  end
151
154
  end
@@ -195,7 +198,8 @@ module Authie
195
198
  # Returns a session object or :none if no session is found.
196
199
  def self.get_session(controller)
197
200
  cookies = controller.send(:cookies)
198
- if cookies[:user_session] && session = self.active.where(:token => cookies[:user_session]).first
201
+ if cookies[:user_session] && session = self.find_session_by_token(cookies[:user_session])
202
+ session.temporary_token = cookies[:user_session]
199
203
  session.controller = controller
200
204
  session
201
205
  else
@@ -203,6 +207,12 @@ module Authie
203
207
  end
204
208
  end
205
209
 
210
+ # Find a session by a token (either from a hash or from the raw token)
211
+ def self.find_session_by_token(token)
212
+ return nil if token.blank?
213
+ self.active.where("token = ? OR token_hash = ?", token, self.hash_token(token)).first
214
+ end
215
+
206
216
  # Create a new session and return the newly created session object.
207
217
  # Any other sessions for the browser will be invalidated.
208
218
  def self.start(controller, params = {})
@@ -219,7 +229,23 @@ module Authie
219
229
 
220
230
  # Cleanup any old sessions.
221
231
  def self.cleanup
232
+ # Invalidate transient sessions that haven't been used
222
233
  self.active.where("expires_at IS NULL AND last_activity_at < ?", Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
234
+ # Invalidate persistent sessions that have expired
235
+ self.active.where("expires_at IS NOT NULL AND expires_at < ?", Time.now).each(&:invalidate!)
236
+ end
237
+
238
+ # Return a hash of a given token
239
+ def self.hash_token(token)
240
+ Digest::SHA256.hexdigest(token)
241
+ end
242
+
243
+ # Convert all existing active sessions to store their tokens in the database
244
+ def self.convert_tokens_to_hashes
245
+ active.where(:token_hash => nil).where("token is not null").each do |s|
246
+ hash = self.hash_token(s.token)
247
+ self.where(:id => s.id).update_all(:token_hash => hash, :token => nil)
248
+ end
223
249
  end
224
250
 
225
251
  private
data/lib/authie/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Authie
2
- VERSION = '2.0.1'
2
+ VERSION = '3.0.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authie
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Cooke
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-24 00:00:00.000000000 Z
11
+ date: 2017-04-21 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: A Rails library for storing user sessions in a backend database
14
14
  email:
@@ -21,6 +21,8 @@ files:
21
21
  - db/migrate/20141013115205_add_indexes_to_authie_sessions.rb
22
22
  - db/migrate/20150109144120_add_parent_id_to_authie_sessions.rb
23
23
  - db/migrate/20150305135400_add_two_factor_auth_fields_to_authie.rb
24
+ - db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb
25
+ - db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb
24
26
  - lib/authie.rb
25
27
  - lib/authie/config.rb
26
28
  - lib/authie/controller_delegate.rb
@@ -50,7 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
50
52
  version: '0'
51
53
  requirements: []
52
54
  rubyforge_project:
53
- rubygems_version: 2.4.5
55
+ rubygems_version: 2.5.2
54
56
  signing_key:
55
57
  specification_version: 4
56
58
  summary: A Rails library for storing user sessions in a backend database