RubyGems - authie - Versions diffs - 3.1.4 → 3.3.2 - Mend

authie 3.1.4 → 3.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/authie.rb +1 -0
data/lib/authie/controller_delegate.rb +25 -4
data/lib/authie/controller_extension.rb +8 -0
data/lib/authie/engine.rb +0 -1
data/lib/authie/session.rb +51 -12
data/lib/authie/user.rb +9 -0
data/lib/authie/version.rb +1 -1
metadata +20 -33
checksums.yaml.gz.sig +0 -1
data.tar.gz.sig +0 -0
metadata.gz.sig +0 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06d55be51805149b69d8bd60a06a87df1400898a80bb2aa2ae53e3805efa268f
-  data.tar.gz: 573abda148ce414df7745cf836c768d4fb7369cf41454c8b5b1443f56bfc71e8
+  metadata.gz: d7e6e128785f1066cf922e408c6f28ae3ae3da8a6db98b3e51c4c74b7e43feb5
+  data.tar.gz: 35b6e941d8e107432b1249fc6c770009984daac729de967605144a0e79a493fc
 SHA512:
-  metadata.gz: cbfd2c8e200bc82442a2ff4334b1e5f9b8739a7d99828ceef65b68b0304703cd39845f72469a52546bbf9dbd3bfc68337ff3c907140b362918dbc57ee15568d4
-  data.tar.gz: 8c1ae0e5e37a4f3f9b4e7e17ea475904735fe929b26f56fe16eb773609ca3126727b1d6980f28186c077f70d88075d9c1e3f3f269b095574c562b462e72f2745
+  metadata.gz: d66e30a5133c29f904297c48b16c980362a87e8b6900ccf6528ec33cb3bd3a7007fac8dd62e9f84392b4af9db4fd674e2b03105c0ce65a00541bc8c9e8c2dbb9
+  data.tar.gz: dcf1015fa423bd07c8cd5b1fbab5125938006706c1e766ed30892359d2560a56df3a458dc15403538f9cc476ba887730a80ba07d1dc809cc40b508876df3ed88

data/lib/authie.rb CHANGED

@@ -1,6 +1,7 @@
 require 'authie/version'
 require 'authie/config'
 require 'authie/error'
+require 'authie/user'
 if defined?(Rails)
   require 'authie/engine'

data/lib/authie/controller_delegate.rb CHANGED

@@ -1,3 +1,6 @@
+require 'securerandom'
+require 'authie/session'
 module Authie
   class ControllerDelegate
@@ -9,7 +12,7 @@ module Authie
     def set_browser_id
       until cookies[Authie.config.browser_id_cookie_name]
         proposed_browser_id = SecureRandom.uuid
-        unless Session.where(:browser_id => proposed_browser_id).exists?
+        unless Authie::Session.where(:browser_id => proposed_browser_id).exists?
           cookies[Authie.config.browser_id_cookie_name] = {
             :value => proposed_browser_id,
             :expires => 5.years.from_now,
@@ -36,11 +39,28 @@ module Authie
     # Set the currently logged in user
     def current_user=(user)
+      create_auth_session(user)
+      user
+    end
+    # Create a new session for the given user
+    def create_auth_session(user)
       if user
-        @auth_session = Session.start(@controller, :user => user)
+        @auth_session = Authie::Session.start(@controller, :user => user)
       else
         auth_session.invalidate! if logged_in?
-        @auth_session = nil
+        @auth_session = :none
+      end
+    end
+    # Invalidate an existing auth session
+    def invalidate_auth_session
+      if logged_in?
+        auth_session.invalidate!
+        @auth_session = :none
+        true
+      else
+        false
       end
     end
@@ -51,7 +71,8 @@ module Authie
     # Return the currently logged in user session
     def auth_session
-      @auth_session ||= Session.get_session(@controller)
+      @auth_session ||= Authie::Session.get_session(@controller)
+      @auth_session == :none ? nil : @auth_session
     end
     private

data/lib/authie/controller_extension.rb CHANGED

@@ -31,6 +31,14 @@ module Authie
       auth_session_delegate.current_user = user
     end
+    def create_auth_session(user)
+      auth_session_delegate.create_auth_session(user)
+    end
+    def invalidate_auth_session
+      auth_session_delegate.invalidate_auth_session
+    end
     def logged_in?
       auth_session_delegate.logged_in?
     end

data/lib/authie/engine.rb CHANGED

@@ -12,7 +12,6 @@ module Authie
         require 'authie/controller_extension'
         include Authie::ControllerExtension
       end
     end
   end

data/lib/authie/session.rb CHANGED

@@ -1,3 +1,5 @@
+require 'secure_random_string'
 module Authie
   class Session < ActiveRecord::Base
@@ -15,10 +17,6 @@ module Authie
     self.table_name = "authie_sessions"
     # Relationships
-    user_options = {:polymorphic => true}.merge(Authie.config.user_relationship_options)
-    user_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
-    belongs_to :user, user_options
     parent_options = {:class_name => "Authie::Session"}
     parent_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
     belongs_to :parent, parent_options
@@ -26,6 +24,7 @@ module Authie
     # Scopes
     scope :active, -> { where(:active => true) }
     scope :asc, -> { order(:last_activity_at => :desc) }
+    scope :for_user, -> (user) { where(:user_type => user.class.name, :user_id => user.id) }
     # Attributes
     serialize :data, Hash
@@ -36,10 +35,14 @@ module Authie
       if self.user_agent.is_a?(String)
         self.user_agent = self.user_agent[0,255]
       end
+      if self.last_activity_path.is_a?(String)
+        self.last_activity_path = self.last_activity_path[0,255]
+      end
     end
     before_create do
-      self.temporary_token = SecureRandom.base64(32)
+      self.temporary_token = SecureRandomString.new(44)
       self.token_hash = self.class.hash_token(self.temporary_token)
       if controller
         self.user_agent = controller.request.user_agent
@@ -51,6 +54,25 @@ module Authie
       cookies.delete(:user_session) if controller
     end
+    # Return the user that
+    def user
+      if self.user_id && self.user_type
+        @user ||= self.user_type.constantize.find_by(:id => self.user_id) || :none
+        @user == :none ? nil : @user
+      end
+    end
+    # Set the user
+    def user=(user)
+      if user
+        self.user_type = user.class.name
+        self.user_id = user.id
+      else
+        self.user_type = nil
+        self.user_id = nil
+      end
+    end
     # This method should be called each time a user performs an
     # action while authenticated with this session.
     def touch!
@@ -65,9 +87,9 @@ module Authie
     end
     # Sets the cookie on the associated controller.
-    def set_cookie!
+    def set_cookie!(value = self.temporary_token)
       cookies[:user_session] = {
-        :value => self.temporary_token,
+        :value => value,
         :secure => controller.request.ssl?,
         :httponly => true,
         :expires => self.expires_at
@@ -76,6 +98,18 @@ module Authie
       true
     end
+    # Sets the cookie for the parent session on the associated controller.
+    def set_parent_cookie!
+      cookies[:parent_user_session] = {
+        :value => cookies[:user_session],
+        :secure => controller.request.ssl?,
+        :httponly => true,
+        :expires => self.expires_at
+      }
+      Authie.config.events.dispatch(:parent_session_cookie_updated, self)
+      true
+    end
     # Check the security of the session to ensure it can be used.
     def check_security!
       if controller
@@ -168,7 +202,7 @@ module Authie
     # Invalidate all sessions but this one for this user
     def invalidate_others!
-      self.class.where("id != ?", self.id).where(:user => self.user).each do |s|
+      self.class.where("id != ?", self.id).for_user(self.user).each do |s|
         s.invalidate!
       end
     end
@@ -202,16 +236,18 @@ module Authie
     # Create a new session for impersonating for the given user
     def impersonate!(user)
+      set_parent_cookie!
       self.class.start(controller, :user => user, :parent => self)
     end
     # Revert back to the parent session
     def revert_to_parent!
-      if self.parent
+      if self.parent && cookies[:parent_user_session]
         self.invalidate!
         self.parent.activate!
         self.parent.controller = self.controller
-        self.parent.set_cookie!
+        self.parent.set_cookie!(cookies[:parent_user_session])
+        cookies.delete(:parent_user_session)
         self.parent
       else
         raise NoParentSessionForRevert, "Session does not have a parent therefore cannot be reverted."
@@ -220,12 +256,12 @@ module Authie
     # Is this the first session for this session's browser?
     def first_session_for_browser?
-      self.class.where("id < ?", self.id).where(:user => self.user, :browser_id => self.browser_id).empty?
+      self.class.where("id < ?", self.id).for_user(self.user).where(:browser_id => self.browser_id).empty?
     end
     # Is this the first session for the IP?
     def first_session_for_ip?
-      self.class.where("id < ?", self.id).where(:user => self.user, :login_ip => self.login_ip).empty?
+      self.class.where("id < ?", self.id).for_user(self.user).where(:login_ip => self.login_ip).empty?
     end
     # Find a session from the database for the given controller instance.
@@ -252,7 +288,10 @@ module Authie
     def self.start(controller, params = {})
       cookies = controller.send(:cookies)
       self.active.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
+      user_object = params.delete(:user)
       session = self.new(params)
+      session.user = user_object
       session.controller = controller
       session.browser_id = cookies[:browser_id]
       session.login_at = Time.now

data/lib/authie/user.rb ADDED

@@ -0,0 +1,9 @@
+module Authie
+  module User
+    def self.included(base)
+      base.has_many :user_sessions, :class_name => 'Authie::Session', :as => :user, :dependent => :delete_all
+    end
+  end
+end

data/lib/authie/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Authie
-  VERSION = '3.1.4'
+  VERSION = '3.3.2'
 end

metadata CHANGED

@@ -1,42 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: authie
 version: !ruby/object:Gem::Version
-  version: 3.1.4
+  version: 3.3.2
 platform: ruby
 authors:
 - Adam Cooke
 autorequire:
 bindir: bin
-cert_chain:
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIEZDCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQDDAJtZTEZ
-  MBcGCgmSJomT8ixkARkWCWFkYW1jb29rZTESMBAGCgmSJomT8ixkARkWAmlvMB4X
-  DTE4MDMwNTE3MzAwNVoXDTE5MDMwNTE3MzAwNVowPDELMAkGA1UEAwwCbWUxGTAX
-  BgoJkiaJk/IsZAEZFglhZGFtY29va2UxEjAQBgoJkiaJk/IsZAEZFgJpbzCCAaIw
-  DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOH6HpXwjmVYrUQxUHm25mLm9qYK
-  WS66Me1IfMUX3ZREZ/GzqiJZdV6itPuaaaKpbcm2A/KjgGSPOi9FZBneZ5KvbIeK
-  /GsixL98kxB06q9DZwJbFz7Inklxkd/S0anm+PxtWkQP1TLkMsviRcBPEAqSLON9
-  dCKC7+3kibhatdlsbqIQaeEhSoCUipYMi7ZyFHu5Qz+zMwc8JwHvQ4yi8cMa/QZ+
-  s1tN4mkp/6vWWj4G4lF3YjFYyt2txJcK5ELDtyBy7a3vbMImPy9pplFx1/M6SNpn
-  7Pck0LqDprRzJXsGjq3CbC0nUaudFjUPr31KwxMYq1u13aQL9YuO3GeQCQ3gvdlJ
-  TSd7zoGgLwrMGmXqgd392Psr29yp+WBLcvhFUJnNPDV8nlph/cqmRzoIewP1kdPq
-  pEIUIJQdyKJU7gmFlJ1FurarkuT0a2Rgs99WokCoXLxuPmRWQRN1sH2nHL70jgAR
-  UuvyXEtyALHoCn3VqBR7ZvpfDblUzfANQDhBgwIDAQABo3EwbzAJBgNVHRMEAjAA
-  MAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUa7gxxSE4SO2Ors4B+y3qANdMpo4wGgYD
-  VR0RBBMwEYEPbWVAYWRhbWNvb2tlLmlvMBoGA1UdEgQTMBGBD21lQGFkYW1jb29r
-  ZS5pbzANBgkqhkiG9w0BAQsFAAOCAYEAkbz/AJwBsRKwgt2BhWqgr/egf/37IS3s
-  utVox7feYutKyFDHXYvCjm64XUJNioG7ipbRwOOGs5bEYfwgkabcAQnxSlkdNjc4
-  JIgL/cF4YRg8uJG7DH+LwpydXHqr7RneDiONuiHlEN/1EZZ8tjwXypdwzhQ2/6ot
-  YOxdSi/mXdoDoFlIebsLyInUZjqnm7dQ9nTTUNSB+1LoOD8ARNhTIPnKCnxwZd56
-  giOxoHuJIOhgi6U2zicZJHv8lUj2Lc3bcirQk5eeOFRPVGQSpLLoqA7dtS7Jy4cv
-  3c5m+HyxSxzlrcVHMAgJYemK0uhVQD9Y6JwHKDroWDH+MPALjlScw8ui1jmNuH31
-  n5JOH/07C4gYcwTjJmtoRSov46Z6Gn5cc6NFkQpA185pbRLqEDKzusXvBOQlAOLh
-  iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
-  qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
-  -----END CERTIFICATE-----
-date: 2018-03-12 00:00:00.000000000 Z
-dependencies: []
+cert_chain: []
+date: 2020-09-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: secure_random_string
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Rails library for storing user sessions in a backend database
 email:
 - me@adamcooke.io
@@ -60,6 +47,7 @@ files:
 - lib/authie/event_manager.rb
 - lib/authie/rack_controller.rb
 - lib/authie/session.rb
+- lib/authie/user.rb
 - lib/authie/version.rb
 homepage: https://github.com/adamcooke/authie
 licenses:
@@ -80,8 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.4
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: A Rails library for storing user sessions in a backend database

checksums.yaml.gz.sig DELETED

	@@ -1 +0,0 @@
1	- `��,h,��_C^ֵ��4��t��0LT��eE��ٹ_Vs&��6LB��"0P�!i{

data.tar.gz.sig DELETED

Binary file

metadata.gz.sig DELETED

	@@ -1,2 +0,0 @@
1	- ��r�-��,�~�u'O��e��X�Oxk1J�pQu�� K�u�\�]�
2	- �&��i��M�d`��#�":�q�1t�y�\|��A��%��O�8��m��0�S%Q��1ĮU��'y�\|XeU��{ސ�&��Ѥ�O