RubyGems - authie - Versions diffs - 3.1.4 → 3.3.2 - Mend

authie 3.1.4 → 3.3.2

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/authie.rb +1 -0
data/lib/authie/controller_delegate.rb +25 -4
data/lib/authie/controller_extension.rb +8 -0
data/lib/authie/engine.rb +0 -1
data/lib/authie/session.rb +51 -12
data/lib/authie/user.rb +9 -0
data/lib/authie/version.rb +1 -1
metadata +20 -33
checksums.yaml.gz.sig +0 -1
data.tar.gz.sig +0 -0
metadata.gz.sig +0 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06d55be51805149b69d8bd60a06a87df1400898a80bb2aa2ae53e3805efa268f
-  data.tar.gz: 573abda148ce414df7745cf836c768d4fb7369cf41454c8b5b1443f56bfc71e8
+  metadata.gz: d7e6e128785f1066cf922e408c6f28ae3ae3da8a6db98b3e51c4c74b7e43feb5
+  data.tar.gz: 35b6e941d8e107432b1249fc6c770009984daac729de967605144a0e79a493fc
 SHA512:
-  metadata.gz: cbfd2c8e200bc82442a2ff4334b1e5f9b8739a7d99828ceef65b68b0304703cd39845f72469a52546bbf9dbd3bfc68337ff3c907140b362918dbc57ee15568d4
-  data.tar.gz: 8c1ae0e5e37a4f3f9b4e7e17ea475904735fe929b26f56fe16eb773609ca3126727b1d6980f28186c077f70d88075d9c1e3f3f269b095574c562b462e72f2745
+  metadata.gz: d66e30a5133c29f904297c48b16c980362a87e8b6900ccf6528ec33cb3bd3a7007fac8dd62e9f84392b4af9db4fd674e2b03105c0ce65a00541bc8c9e8c2dbb9
+  data.tar.gz: dcf1015fa423bd07c8cd5b1fbab5125938006706c1e766ed30892359d2560a56df3a458dc15403538f9cc476ba887730a80ba07d1dc809cc40b508876df3ed88

data/lib/authie.rb CHANGED

@@ -1,6 +1,7 @@
 require 'authie/version'
 require 'authie/config'
 require 'authie/error'
+require 'authie/user'
 if defined?(Rails)
   require 'authie/engine'

data/lib/authie/controller_delegate.rb CHANGED

@@ -1,3 +1,6 @@
+require 'securerandom'
+require 'authie/session'
 module Authie
   class ControllerDelegate
@@ -9,7 +12,7 @@ module Authie
     def set_browser_id
       until cookies[Authie.config.browser_id_cookie_name]
         proposed_browser_id = SecureRandom.uuid
-        unless Session.where(:browser_id => proposed_browser_id).exists?
+        unless Authie::Session.where(:browser_id => proposed_browser_id).exists?
           cookies[Authie.config.browser_id_cookie_name] = {
             :value => proposed_browser_id,
             :expires => 5.years.from_now,
@@ -36,11 +39,28 @@ module Authie
     # Set the currently logged in user
     def current_user=(user)
+      create_auth_session(user)
+      user
+    end
+    # Create a new session for the given user
+    def create_auth_session(user)
       if user
-        @auth_session = Session.start(@controller, :user => user)
+        @auth_session = Authie::Session.start(@controller, :user => user)
       else
         auth_session.invalidate! if logged_in?
-        @auth_session = nil
+        @auth_session = :none
+      end
+    end
+    # Invalidate an existing auth session
+    def invalidate_auth_session
+      if logged_in?
+        auth_session.invalidate!
+        @auth_session = :none
+        true
+      else
+        false
       end
     end
@@ -51,7 +71,8 @@ module Authie
     # Return the currently logged in user session
     def auth_session
-      @auth_session ||= Session.get_session(@controller)
+      @auth_session ||= Authie::Session.get_session(@controller)
+      @auth_session == :none ? nil : @auth_session
     end
     private

data/lib/authie/controller_extension.rb CHANGED

@@ -31,6 +31,14 @@ module Authie
       auth_session_delegate.current_user = user
     end
+    def create_auth_session(user)
+      auth_session_delegate.create_auth_session(user)
+    end
+    def invalidate_auth_session
+      auth_session_delegate.invalidate_auth_session
+    end
     def logged_in?
       auth_session_delegate.logged_in?
     end

data/lib/authie/engine.rb CHANGED

@@ -12,7 +12,6 @@ module Authie
         require 'authie/controller_extension'
         include Authie::ControllerExtension
       end
     end
   end

data/lib/authie/session.rb CHANGED

@@ -1,3 +1,5 @@
+require 'secure_random_string'
 module Authie
   class Session < ActiveRecord::Base
@@ -15,10 +17,6 @@ module Authie
     self.table_name = "authie_sessions"
     # Relationships
-    user_options = {:polymorphic => true}.merge(Authie.config.user_relationship_options)
-    user_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
-    belongs_to :user, user_options
     parent_options = {:class_name => "Authie::Session"}
     parent_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
     belongs_to :parent, parent_options
@@ -26,6 +24,7 @@ module Authie
     # Scopes
     scope :active, -> { where(:active => true) }
     scope :asc, -> { order(:last_activity_at => :desc) }
+    scope :for_user, -> (user) { where(:user_type => user.class.name, :user_id => user.id) }
     # Attributes
     serialize :data, Hash
@@ -36,10 +35,14 @@ module Authie
       if self.user_agent.is_a?(String)
         self.user_agent = self.user_agent[0,255]
       end
+      if self.last_activity_path.is_a?(String)
+        self.last_activity_path = self.last_activity_path[0,255]
+      end
     end
     before_create do
-      self.temporary_token = SecureRandom.base64(32)
+      self.temporary_token = SecureRandomString.new(44)
       self.token_hash = self.class.hash_token(self.temporary_token)
       if controller
         self.user_agent = controller.request.user_agent
@@ -51,6 +54,25 @@ module Authie
       cookies.delete(:user_session) if controller
     end
+    # Return the user that
+    def user
+      if self.user_id && self.user_type
+        @user ||= self.user_type.constantize.find_by(:id => self.user_id) || :none
+        @user == :none ? nil : @user
+      end
+    end
+    # Set the user
+    def user=(user)
+      if user
+        self.user_type = user.class.name
+        self.user_id = user.id
+      else
+        self.user_type = nil
+        self.user_id = nil
+      end
+    end
     # This method should be called each time a user performs an
     # action while authenticated with this session.
     def touch!
@@ -65,9 +87,9 @@ module Authie
     end
     # Sets the cookie on the associated controller.
-    def set_cookie!
+    def set_cookie!(value = self.temporary_token)
       cookies[:user_session] = {
-        :value => self.temporary_token,
+        :value => value,
         :secure => controller.request.ssl?,
         :httponly => true,
         :expires => self.expires_at
@@ -76,6 +98,18 @@ module Authie
       true
     end
+    # Sets the cookie for the parent session on the associated controller.
+    def set_parent_cookie!
+      cookies[:parent_user_session] = {
+        :value => cookies[:user_session],
+        :secure => controller.request.ssl?,
+        :httponly => true,
+        :expires => self.expires_at
+      }
+      Authie.config.events.dispatch(:parent_session_cookie_updated, self)
+      true
+    end
     # Check the security of the session to ensure it can be used.
     def check_security!
       if controller
@@ -168,7 +202,7 @@ module Authie
     # Invalidate all sessions but this one for this user
     def invalidate_others!
-      self.class.where("id != ?", self.id).where(:user => self.user).each do |s|
+      self.class.where("id != ?", self.id).for_user(self.user).each do |s|
         s.invalidate!
       end
     end
@@ -202,16 +236,18 @@ module Authie
     # Create a new session for impersonating for the given user
     def impersonate!(user)
+      set_parent_cookie!
       self.class.start(controller, :user => user, :parent => self)
     end
     # Revert back to the parent session
     def revert_to_parent!
-      if self.parent
+      if self.parent && cookies[:parent_user_session]
         self.invalidate!
         self.parent.activate!
         self.parent.controller = self.controller
-        self.parent.set_cookie!
+        self.parent.set_cookie!(cookies[:parent_user_session])
+        cookies.delete(:parent_user_session)
         self.parent
       else
         raise NoParentSessionForRevert, "Session does not have a parent therefore cannot be reverted."
@@ -220,12 +256,12 @@ module Authie
     # Is this the first session for this session's browser?
     def first_session_for_browser?
-      self.class.where("id < ?", self.id).where(:user => self.user, :browser_id => self.browser_id).empty?
+      self.class.where("id < ?", self.id).for_user(self.user).where(:browser_id => self.browser_id).empty?
     end
     # Is this the first session for the IP?
     def first_session_for_ip?
-      self.class.where("id < ?", self.id).where(:user => self.user, :login_ip => self.login_ip).empty?
+      self.class.where("id < ?", self.id).for_user(self.user).where(:login_ip => self.login_ip).empty?
     end
     # Find a session from the database for the given controller instance.
@@ -252,7 +288,10 @@ module Authie
     def self.start(controller, params = {})
       cookies = controller.send(:cookies)
       self.active.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
+      user_object = params.delete(:user)
       session = self.new(params)
+      session.user = user_object
       session.controller = controller
       session.browser_id = cookies[:browser_id]
       session.login_at = Time.now

data/lib/authie/user.rb ADDED

@@ -0,0 +1,9 @@
+module Authie
+  module User
+    def self.included(base)
+      base.has_many :user_sessions, :class_name => 'Authie::Session', :as => :user, :dependent => :delete_all
+    end
+  end
+end

data/lib/authie/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Authie
-  VERSION = '3.1.4'
+  VERSION = '3.3.2'
 end

metadata CHANGED

@@ -1,42 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: authie
 version: !ruby/object:Gem::Version
-  version: 3.1.4
+  version: 3.3.2
 platform: ruby
 authors:
 - Adam Cooke
 autorequire:
 bindir: bin
-cert_chain:
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIEZDCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQDDAJtZTEZ
-  MBcGCgmSJomT8ixkARkWCWFkYW1jb29rZTESMBAGCgmSJomT8ixkARkWAmlvMB4X
-  DTE4MDMwNTE3MzAwNVoXDTE5MDMwNTE3MzAwNVowPDELMAkGA1UEAwwCbWUxGTAX
-  BgoJkiaJk/IsZAEZFglhZGFtY29va2UxEjAQBgoJkiaJk/IsZAEZFgJpbzCCAaIw
-  DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOH6HpXwjmVYrUQxUHm25mLm9qYK
-  WS66Me1IfMUX3ZREZ/GzqiJZdV6itPuaaaKpbcm2A/KjgGSPOi9FZBneZ5KvbIeK
-  /GsixL98kxB06q9DZwJbFz7Inklxkd/S0anm+PxtWkQP1TLkMsviRcBPEAqSLON9
-  dCKC7+3kibhatdlsbqIQaeEhSoCUipYMi7ZyFHu5Qz+zMwc8JwHvQ4yi8cMa/QZ+
-  s1tN4mkp/6vWWj4G4lF3YjFYyt2txJcK5ELDtyBy7a3vbMImPy9pplFx1/M6SNpn
-  7Pck0LqDprRzJXsGjq3CbC0nUaudFjUPr31KwxMYq1u13aQL9YuO3GeQCQ3gvdlJ
-  TSd7zoGgLwrMGmXqgd392Psr29yp+WBLcvhFUJnNPDV8nlph/cqmRzoIewP1kdPq
-  pEIUIJQdyKJU7gmFlJ1FurarkuT0a2Rgs99WokCoXLxuPmRWQRN1sH2nHL70jgAR
-  UuvyXEtyALHoCn3VqBR7ZvpfDblUzfANQDhBgwIDAQABo3EwbzAJBgNVHRMEAjAA
-  MAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUa7gxxSE4SO2Ors4B+y3qANdMpo4wGgYD
-  VR0RBBMwEYEPbWVAYWRhbWNvb2tlLmlvMBoGA1UdEgQTMBGBD21lQGFkYW1jb29r
-  ZS5pbzANBgkqhkiG9w0BAQsFAAOCAYEAkbz/AJwBsRKwgt2BhWqgr/egf/37IS3s
-  utVox7feYutKyFDHXYvCjm64XUJNioG7ipbRwOOGs5bEYfwgkabcAQnxSlkdNjc4
-  JIgL/cF4YRg8uJG7DH+LwpydXHqr7RneDiONuiHlEN/1EZZ8tjwXypdwzhQ2/6ot
-  YOxdSi/mXdoDoFlIebsLyInUZjqnm7dQ9nTTUNSB+1LoOD8ARNhTIPnKCnxwZd56
-  giOxoHuJIOhgi6U2zicZJHv8lUj2Lc3bcirQk5eeOFRPVGQSpLLoqA7dtS7Jy4cv
-  3c5m+HyxSxzlrcVHMAgJYemK0uhVQD9Y6JwHKDroWDH+MPALjlScw8ui1jmNuH31
-  n5JOH/07C4gYcwTjJmtoRSov46Z6Gn5cc6NFkQpA185pbRLqEDKzusXvBOQlAOLh
-  iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
-  qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
-  -----END CERTIFICATE-----
-date: 2018-03-12 00:00:00.000000000 Z
-dependencies: []
+cert_chain: []
+date: 2020-09-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: secure_random_string
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Rails library for storing user sessions in a backend database
 email:
 - me@adamcooke.io
@@ -60,6 +47,7 @@ files:
 - lib/authie/event_manager.rb
 - lib/authie/rack_controller.rb
 - lib/authie/session.rb
+- lib/authie/user.rb
 - lib/authie/version.rb
 homepage: https://github.com/adamcooke/authie
 licenses:
@@ -80,8 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.4
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: A Rails library for storing user sessions in a backend database

checksums.yaml.gz.sig DELETED

	@@ -1 +0,0 @@
1	- `��,h,��_C^ֵ��4��t��0LT��eE��ٹ_Vs&��6LB��"0P�!i{

data.tar.gz.sig DELETED

Binary file

metadata.gz.sig DELETED

	@@ -1,2 +0,0 @@
1	- ��r�-��,�~�u'O��e��X�Oxk1J�pQu�� K�u�\�]�
2	- �&��i��M�d`��#�":�q�1t�y�\|��A��%��O�8��m��0�S%Q��1ĮU��'y�\|XeU��{ސ�&��Ѥ�O