authie 3.1.4 → 3.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authie.rb +1 -0
- data/lib/authie/controller_delegate.rb +25 -4
- data/lib/authie/controller_extension.rb +8 -0
- data/lib/authie/engine.rb +0 -1
- data/lib/authie/session.rb +51 -12
- data/lib/authie/user.rb +9 -0
- data/lib/authie/version.rb +1 -1
- metadata +20 -33
- checksums.yaml.gz.sig +0 -1
- data.tar.gz.sig +0 -0
- metadata.gz.sig +0 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d7e6e128785f1066cf922e408c6f28ae3ae3da8a6db98b3e51c4c74b7e43feb5
|
4
|
+
data.tar.gz: 35b6e941d8e107432b1249fc6c770009984daac729de967605144a0e79a493fc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d66e30a5133c29f904297c48b16c980362a87e8b6900ccf6528ec33cb3bd3a7007fac8dd62e9f84392b4af9db4fd674e2b03105c0ce65a00541bc8c9e8c2dbb9
|
7
|
+
data.tar.gz: dcf1015fa423bd07c8cd5b1fbab5125938006706c1e766ed30892359d2560a56df3a458dc15403538f9cc476ba887730a80ba07d1dc809cc40b508876df3ed88
|
data/lib/authie.rb
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
require 'securerandom'
|
2
|
+
require 'authie/session'
|
3
|
+
|
1
4
|
module Authie
|
2
5
|
class ControllerDelegate
|
3
6
|
|
@@ -9,7 +12,7 @@ module Authie
|
|
9
12
|
def set_browser_id
|
10
13
|
until cookies[Authie.config.browser_id_cookie_name]
|
11
14
|
proposed_browser_id = SecureRandom.uuid
|
12
|
-
unless Session.where(:browser_id => proposed_browser_id).exists?
|
15
|
+
unless Authie::Session.where(:browser_id => proposed_browser_id).exists?
|
13
16
|
cookies[Authie.config.browser_id_cookie_name] = {
|
14
17
|
:value => proposed_browser_id,
|
15
18
|
:expires => 5.years.from_now,
|
@@ -36,11 +39,28 @@ module Authie
|
|
36
39
|
|
37
40
|
# Set the currently logged in user
|
38
41
|
def current_user=(user)
|
42
|
+
create_auth_session(user)
|
43
|
+
user
|
44
|
+
end
|
45
|
+
|
46
|
+
# Create a new session for the given user
|
47
|
+
def create_auth_session(user)
|
39
48
|
if user
|
40
|
-
@auth_session = Session.start(@controller, :user => user)
|
49
|
+
@auth_session = Authie::Session.start(@controller, :user => user)
|
41
50
|
else
|
42
51
|
auth_session.invalidate! if logged_in?
|
43
|
-
@auth_session =
|
52
|
+
@auth_session = :none
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
# Invalidate an existing auth session
|
57
|
+
def invalidate_auth_session
|
58
|
+
if logged_in?
|
59
|
+
auth_session.invalidate!
|
60
|
+
@auth_session = :none
|
61
|
+
true
|
62
|
+
else
|
63
|
+
false
|
44
64
|
end
|
45
65
|
end
|
46
66
|
|
@@ -51,7 +71,8 @@ module Authie
|
|
51
71
|
|
52
72
|
# Return the currently logged in user session
|
53
73
|
def auth_session
|
54
|
-
@auth_session ||= Session.get_session(@controller)
|
74
|
+
@auth_session ||= Authie::Session.get_session(@controller)
|
75
|
+
@auth_session == :none ? nil : @auth_session
|
55
76
|
end
|
56
77
|
|
57
78
|
private
|
@@ -31,6 +31,14 @@ module Authie
|
|
31
31
|
auth_session_delegate.current_user = user
|
32
32
|
end
|
33
33
|
|
34
|
+
def create_auth_session(user)
|
35
|
+
auth_session_delegate.create_auth_session(user)
|
36
|
+
end
|
37
|
+
|
38
|
+
def invalidate_auth_session
|
39
|
+
auth_session_delegate.invalidate_auth_session
|
40
|
+
end
|
41
|
+
|
34
42
|
def logged_in?
|
35
43
|
auth_session_delegate.logged_in?
|
36
44
|
end
|
data/lib/authie/engine.rb
CHANGED
data/lib/authie/session.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'secure_random_string'
|
2
|
+
|
1
3
|
module Authie
|
2
4
|
class Session < ActiveRecord::Base
|
3
5
|
|
@@ -15,10 +17,6 @@ module Authie
|
|
15
17
|
self.table_name = "authie_sessions"
|
16
18
|
|
17
19
|
# Relationships
|
18
|
-
user_options = {:polymorphic => true}.merge(Authie.config.user_relationship_options)
|
19
|
-
user_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
|
20
|
-
belongs_to :user, user_options
|
21
|
-
|
22
20
|
parent_options = {:class_name => "Authie::Session"}
|
23
21
|
parent_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
|
24
22
|
belongs_to :parent, parent_options
|
@@ -26,6 +24,7 @@ module Authie
|
|
26
24
|
# Scopes
|
27
25
|
scope :active, -> { where(:active => true) }
|
28
26
|
scope :asc, -> { order(:last_activity_at => :desc) }
|
27
|
+
scope :for_user, -> (user) { where(:user_type => user.class.name, :user_id => user.id) }
|
29
28
|
|
30
29
|
# Attributes
|
31
30
|
serialize :data, Hash
|
@@ -36,10 +35,14 @@ module Authie
|
|
36
35
|
if self.user_agent.is_a?(String)
|
37
36
|
self.user_agent = self.user_agent[0,255]
|
38
37
|
end
|
38
|
+
|
39
|
+
if self.last_activity_path.is_a?(String)
|
40
|
+
self.last_activity_path = self.last_activity_path[0,255]
|
41
|
+
end
|
39
42
|
end
|
40
43
|
|
41
44
|
before_create do
|
42
|
-
self.temporary_token =
|
45
|
+
self.temporary_token = SecureRandomString.new(44)
|
43
46
|
self.token_hash = self.class.hash_token(self.temporary_token)
|
44
47
|
if controller
|
45
48
|
self.user_agent = controller.request.user_agent
|
@@ -51,6 +54,25 @@ module Authie
|
|
51
54
|
cookies.delete(:user_session) if controller
|
52
55
|
end
|
53
56
|
|
57
|
+
# Return the user that
|
58
|
+
def user
|
59
|
+
if self.user_id && self.user_type
|
60
|
+
@user ||= self.user_type.constantize.find_by(:id => self.user_id) || :none
|
61
|
+
@user == :none ? nil : @user
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
# Set the user
|
66
|
+
def user=(user)
|
67
|
+
if user
|
68
|
+
self.user_type = user.class.name
|
69
|
+
self.user_id = user.id
|
70
|
+
else
|
71
|
+
self.user_type = nil
|
72
|
+
self.user_id = nil
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
54
76
|
# This method should be called each time a user performs an
|
55
77
|
# action while authenticated with this session.
|
56
78
|
def touch!
|
@@ -65,9 +87,9 @@ module Authie
|
|
65
87
|
end
|
66
88
|
|
67
89
|
# Sets the cookie on the associated controller.
|
68
|
-
def set_cookie!
|
90
|
+
def set_cookie!(value = self.temporary_token)
|
69
91
|
cookies[:user_session] = {
|
70
|
-
:value =>
|
92
|
+
:value => value,
|
71
93
|
:secure => controller.request.ssl?,
|
72
94
|
:httponly => true,
|
73
95
|
:expires => self.expires_at
|
@@ -76,6 +98,18 @@ module Authie
|
|
76
98
|
true
|
77
99
|
end
|
78
100
|
|
101
|
+
# Sets the cookie for the parent session on the associated controller.
|
102
|
+
def set_parent_cookie!
|
103
|
+
cookies[:parent_user_session] = {
|
104
|
+
:value => cookies[:user_session],
|
105
|
+
:secure => controller.request.ssl?,
|
106
|
+
:httponly => true,
|
107
|
+
:expires => self.expires_at
|
108
|
+
}
|
109
|
+
Authie.config.events.dispatch(:parent_session_cookie_updated, self)
|
110
|
+
true
|
111
|
+
end
|
112
|
+
|
79
113
|
# Check the security of the session to ensure it can be used.
|
80
114
|
def check_security!
|
81
115
|
if controller
|
@@ -168,7 +202,7 @@ module Authie
|
|
168
202
|
|
169
203
|
# Invalidate all sessions but this one for this user
|
170
204
|
def invalidate_others!
|
171
|
-
self.class.where("id != ?", self.id).
|
205
|
+
self.class.where("id != ?", self.id).for_user(self.user).each do |s|
|
172
206
|
s.invalidate!
|
173
207
|
end
|
174
208
|
end
|
@@ -202,16 +236,18 @@ module Authie
|
|
202
236
|
|
203
237
|
# Create a new session for impersonating for the given user
|
204
238
|
def impersonate!(user)
|
239
|
+
set_parent_cookie!
|
205
240
|
self.class.start(controller, :user => user, :parent => self)
|
206
241
|
end
|
207
242
|
|
208
243
|
# Revert back to the parent session
|
209
244
|
def revert_to_parent!
|
210
|
-
if self.parent
|
245
|
+
if self.parent && cookies[:parent_user_session]
|
211
246
|
self.invalidate!
|
212
247
|
self.parent.activate!
|
213
248
|
self.parent.controller = self.controller
|
214
|
-
self.parent.set_cookie!
|
249
|
+
self.parent.set_cookie!(cookies[:parent_user_session])
|
250
|
+
cookies.delete(:parent_user_session)
|
215
251
|
self.parent
|
216
252
|
else
|
217
253
|
raise NoParentSessionForRevert, "Session does not have a parent therefore cannot be reverted."
|
@@ -220,12 +256,12 @@ module Authie
|
|
220
256
|
|
221
257
|
# Is this the first session for this session's browser?
|
222
258
|
def first_session_for_browser?
|
223
|
-
self.class.where("id < ?", self.id).
|
259
|
+
self.class.where("id < ?", self.id).for_user(self.user).where(:browser_id => self.browser_id).empty?
|
224
260
|
end
|
225
261
|
|
226
262
|
# Is this the first session for the IP?
|
227
263
|
def first_session_for_ip?
|
228
|
-
self.class.where("id < ?", self.id).
|
264
|
+
self.class.where("id < ?", self.id).for_user(self.user).where(:login_ip => self.login_ip).empty?
|
229
265
|
end
|
230
266
|
|
231
267
|
# Find a session from the database for the given controller instance.
|
@@ -252,7 +288,10 @@ module Authie
|
|
252
288
|
def self.start(controller, params = {})
|
253
289
|
cookies = controller.send(:cookies)
|
254
290
|
self.active.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
|
291
|
+
user_object = params.delete(:user)
|
292
|
+
|
255
293
|
session = self.new(params)
|
294
|
+
session.user = user_object
|
256
295
|
session.controller = controller
|
257
296
|
session.browser_id = cookies[:browser_id]
|
258
297
|
session.login_at = Time.now
|
data/lib/authie/user.rb
ADDED
data/lib/authie/version.rb
CHANGED
metadata
CHANGED
@@ -1,42 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authie
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.3.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Cooke
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
|
-
cert_chain:
|
11
|
-
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
VR0RBBMwEYEPbWVAYWRhbWNvb2tlLmlvMBoGA1UdEgQTMBGBD21lQGFkYW1jb29r
|
28
|
-
ZS5pbzANBgkqhkiG9w0BAQsFAAOCAYEAkbz/AJwBsRKwgt2BhWqgr/egf/37IS3s
|
29
|
-
utVox7feYutKyFDHXYvCjm64XUJNioG7ipbRwOOGs5bEYfwgkabcAQnxSlkdNjc4
|
30
|
-
JIgL/cF4YRg8uJG7DH+LwpydXHqr7RneDiONuiHlEN/1EZZ8tjwXypdwzhQ2/6ot
|
31
|
-
YOxdSi/mXdoDoFlIebsLyInUZjqnm7dQ9nTTUNSB+1LoOD8ARNhTIPnKCnxwZd56
|
32
|
-
giOxoHuJIOhgi6U2zicZJHv8lUj2Lc3bcirQk5eeOFRPVGQSpLLoqA7dtS7Jy4cv
|
33
|
-
3c5m+HyxSxzlrcVHMAgJYemK0uhVQD9Y6JwHKDroWDH+MPALjlScw8ui1jmNuH31
|
34
|
-
n5JOH/07C4gYcwTjJmtoRSov46Z6Gn5cc6NFkQpA185pbRLqEDKzusXvBOQlAOLh
|
35
|
-
iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
|
36
|
-
qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
|
37
|
-
-----END CERTIFICATE-----
|
38
|
-
date: 2018-03-12 00:00:00.000000000 Z
|
39
|
-
dependencies: []
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-09-25 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: secure_random_string
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
40
27
|
description: A Rails library for storing user sessions in a backend database
|
41
28
|
email:
|
42
29
|
- me@adamcooke.io
|
@@ -60,6 +47,7 @@ files:
|
|
60
47
|
- lib/authie/event_manager.rb
|
61
48
|
- lib/authie/rack_controller.rb
|
62
49
|
- lib/authie/session.rb
|
50
|
+
- lib/authie/user.rb
|
63
51
|
- lib/authie/version.rb
|
64
52
|
homepage: https://github.com/adamcooke/authie
|
65
53
|
licenses:
|
@@ -80,8 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
80
68
|
- !ruby/object:Gem::Version
|
81
69
|
version: '0'
|
82
70
|
requirements: []
|
83
|
-
|
84
|
-
rubygems_version: 2.7.4
|
71
|
+
rubygems_version: 3.0.3
|
85
72
|
signing_key:
|
86
73
|
specification_version: 4
|
87
74
|
summary: A Rails library for storing user sessions in a backend database
|
checksums.yaml.gz.sig
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
`���,h,��_C^ֵ���4��t��0LT����eE��ٹ_Vs&��6LB����"0P�!i{
|
data.tar.gz.sig
DELETED
Binary file
|
metadata.gz.sig
DELETED