authie 3.1.5 → 3.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99773bd27a0e94b3e5eaaf65806c19f309d8baed70db28a5acd11079aea2ed14
-  data.tar.gz: 2c83b6a5436566f3257f4f20da5c777e3d9c4333c6409a625867199fb11e20fb
+  metadata.gz: a3bbd79539a591d214d378e2f70f91ffb144fd6c0dfb31c36a4c0ea3d86bf1a5
+  data.tar.gz: 2ba2f38bc671db30ccbde3a6eda511aa642d7d9191dbb2d4311c890ff720249c
 SHA512:
-  metadata.gz: 6e39d36cb66fc54bcdbcb0902098c8aaac9171add9147f4206b29586324db75c40de475c8bbd6c015e76fcdba7fe13a06d4d3f677f75c2c5a41c528b9695f86e
-  data.tar.gz: aced039e0b8409e5b727f50a2176efb73e52fad85c8347d418e8a004bfab8632a4ac7b34d98e504c46649676b881ac340f07a7f831d1de2ad0fda0996ecafd7b
+  metadata.gz: 9b325154016b3844263b77a71c484158ee256ab1ff4a67b77f670d167beff464805ab4b8a654931205124389c612a22723133f46f5b0123b9ad7102343c96b50
+  data.tar.gz: 9925f9aec3113b474b2a857676c163f570531fa5a5958d272a715fd448b7b5d2de8a1698ca23547023d8d01614009ca04035c11fc9d98ced2f83a1a228b2eaf9

data/db/migrate/20141012174250_create_authie_sessions.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 class CreateAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     create_table :authie_sessions do |t|
       t.string :token, :browser_id
       t.integer :user_id
-      t.boolean :active, :default => true
+      t.boolean :active, default: true
       t.text :data
       t.datetime :expires_at
       t.datetime :login_at
@@ -11,7 +13,7 @@ class CreateAuthieSessions < ActiveRecord::Migration[4.2]
       t.datetime :last_activity_at
       t.string :last_activity_ip, :last_activity_path
       t.string :user_agent
-      t.timestamps :null => true
+      t.timestamps null: true
     end
   end
 end

data/db/migrate/20141013115205_add_indexes_to_authie_sessions.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 class AddIndexesToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :user_type, :string
-    add_index :authie_sessions, :token, :length => 10
-    add_index :authie_sessions, :browser_id, :length => 10
+    add_index :authie_sessions, :token, length: 10
+    add_index :authie_sessions, :browser_id, length: 10
     add_index :authie_sessions, :user_id
   end
 end

data/db/migrate/20150109144120_add_parent_id_to_authie_sessions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddParentIdToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :parent_id, :integer

data/db/migrate/20150305135400_add_two_factor_auth_fields_to_authie.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 class AddTwoFactorAuthFieldsToAuthie < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :two_factored_at, :datetime
     add_column :authie_sessions, :two_factored_ip, :string
-    add_column :authie_sessions, :requests, :integer, :default => 0
+    add_column :authie_sessions, :requests, :integer, default: 0
     add_column :authie_sessions, :password_seen_at, :datetime
   end
 end

data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddTokenHashesToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :token_hash, :string

data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 class AddIndexToTokenHashesOnAuthieSessions < ActiveRecord::Migration[4.2]
   def change
-    add_index :authie_sessions, :token_hash, :length => 10
+    add_index :authie_sessions, :token_hash, length: 10
   end
 end

data/db/migrate/20180215152200_add_host_to_authie_sessions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddHostToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :host, :string

data/lib/authie.rb

@@ -1,8 +1,8 @@
+# frozen_string_literal: true
+
 require 'authie/version'
 require 'authie/config'
 require 'authie/error'
 require 'authie/user'
 
-if defined?(Rails)
-  require 'authie/engine'
-end
+require 'authie/engine' if defined?(Rails)

data/lib/authie/config.rb

@@ -1,8 +1,9 @@
+# frozen_string_literal: true
+
 require 'authie/event_manager'
 
 module Authie
   class Config
-
     def initialize
       @callbacks = {}
     end
@@ -10,17 +11,15 @@ module Authie
     def session_inactivity_timeout
       @session_inactivity_timeout || 12.hours
     end
-    attr_writer :session_inactivity_timeout
+    attr_writer :session_inactivity_timeout, :persistent_session_length, :sudo_session_timeout, :browser_id_cookie_name
 
     def persistent_session_length
       @persistent_session_length || 2.months
     end
-    attr_writer :persistent_session_length
 
     def sudo_session_timeout
       @sudo_session_timeout || 10.minutes
     end
-    attr_writer :sudo_session_timeout
 
     def user_relationship_options
       @user_relationship_options ||= {}
@@ -29,10 +28,9 @@ module Authie
     def browser_id_cookie_name
       @browser_id_cookie_name || :browser_id
     end
-    attr_writer :browser_id_cookie_name
 
     def events
-      @event_manager ||= EventManager.new
+      @events ||= EventManager.new
     end
   end
 
@@ -44,5 +42,4 @@ module Authie
     block.call(config)
     config
   end
-
 end

data/lib/authie/controller_delegate.rb

@@ -1,6 +1,10 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require 'authie/session'
+
 module Authie
   class ControllerDelegate
-
     def initialize(controller)
       @controller = controller
     end
@@ -9,24 +13,22 @@ module Authie
     def set_browser_id
       until cookies[Authie.config.browser_id_cookie_name]
         proposed_browser_id = SecureRandom.uuid
-        unless Session.where(:browser_id => proposed_browser_id).exists?
-          cookies[Authie.config.browser_id_cookie_name] = {
-            :value => proposed_browser_id,
-            :expires => 5.years.from_now,
-            :httponly => true,
-            :secure => @controller.request.ssl?
-          }
-          # Dispatch an event when the browser ID is set.
-          Authie.config.events.dispatch(:set_browser_id, proposed_browser_id)
-        end
+        next if Authie::Session.where(browser_id: proposed_browser_id).exists?
+
+        cookies[Authie.config.browser_id_cookie_name] = {
+          value: proposed_browser_id,
+          expires: 5.years.from_now,
+          httponly: true,
+          secure: @controller.request.ssl?
+        }
+        # Dispatch an event when the browser ID is set.
+        Authie.config.events.dispatch(:set_browser_id, proposed_browser_id)
       end
     end
 
     # Touch the auth session on each request if logged in
     def touch_auth_session
-      if logged_in?
-        auth_session.touch!
-      end
+      auth_session.touch! if logged_in?
     end
 
     # Return the currently logged in user object
@@ -36,11 +38,27 @@ module Authie
 
     # Set the currently logged in user
     def current_user=(user)
+      create_auth_session(user)
+    end
+
+    # Create a new session for the given user
+    def create_auth_session(user)
       if user
-        @auth_session = Session.start(@controller, :user => user)
+        @auth_session = Authie::Session.start(@controller, user: user)
       else
         auth_session.invalidate! if logged_in?
-        @auth_session = nil
+        @auth_session = :none
+      end
+    end
+
+    # Invalidate an existing auth session
+    def invalidate_auth_session
+      if logged_in?
+        auth_session.invalidate!
+        @auth_session = :none
+        true
+      else
+        false
       end
     end
 
@@ -51,7 +69,8 @@ module Authie
 
     # Return the currently logged in user session
     def auth_session
-      @auth_session ||= Session.get_session(@controller)
+      @auth_session ||= Authie::Session.get_session(@controller)
+      @auth_session == :none ? nil : @auth_session
     end
 
     private
@@ -60,6 +79,5 @@ module Authie
     def cookies
       @controller.send(:cookies)
     end
-
   end
 end

data/lib/authie/controller_extension.rb

@@ -1,8 +1,9 @@
+# frozen_string_literal: true
+
 require 'authie/controller_delegate'
 
 module Authie
   module ControllerExtension
-
     def self.included(base)
       base.helper_method :logged_in?, :current_user, :auth_session
       before_action_method = base.respond_to?(:before_action) ? :before_action : :before_filter
@@ -31,6 +32,14 @@ module Authie
       auth_session_delegate.current_user = user
     end
 
+    def create_auth_session(user)
+      auth_session_delegate.create_auth_session(user)
+    end
+
+    def invalidate_auth_session
+      auth_session_delegate.invalidate_auth_session
+    end
+
     def logged_in?
       auth_session_delegate.logged_in?
     end
@@ -38,6 +47,5 @@ module Authie
     def auth_session
       auth_session_delegate.auth_session
     end
-
   end
 end

data/lib/authie/engine.rb

@@ -1,9 +1,10 @@
+# frozen_string_literal: true
+
 module Authie
   class Engine < ::Rails::Engine
-
     engine_name 'authie'
 
-    initializer 'authie.initialize' do |app|
+    initializer 'authie.initialize' do |_app|
       ActiveSupport.on_load :active_record do
         require 'authie/session'
       end
@@ -12,8 +13,6 @@ module Authie
         require 'authie/controller_extension'
         include Authie::ControllerExtension
       end
-
     end
-
   end
 end

data/lib/authie/error.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authie
   class Error < StandardError
   end

data/lib/authie/event_manager.rb

@@ -1,15 +1,17 @@
+# frozen_string_literal: true
+
 module Authie
   class EventManager
-
     def initialize
       @callbacks = {}
     end
 
     def dispatch(event, *args)
-      if callbacks = @callbacks[event.to_sym]
-        callbacks.each do |cb|
-          cb.call(*args)
-        end
+      callbacks = @callbacks[event.to_sym]
+      return if callbacks.nil?
+
+      callbacks.each do |cb|
+        cb.call(*args)
       end
     end
 
@@ -19,10 +21,10 @@ module Authie
     end
 
     def remove(event, block)
-      if cb = @callbacks[event.to_sym]
-        cb.delete(block)
-      end
-    end
+      cb = @callbacks[event.to_sym]
+      return if cb.nil?
 
+      cb.delete(block)
+    end
   end
 end

data/lib/authie/rack_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # If you're dealing with your authentication in a middleware and you only have
 # access to your rack environment, this will wrap around rack and make it look
 # close enough to an ActionController to work with Authie
@@ -9,7 +11,6 @@
 
 module Authie
   class RackController
-
     attr_reader :request
 
     def initialize(env)
@@ -26,27 +27,22 @@ module Authie
     def set_browser_id
       until cookies[:browser_id]
         proposed_browser_id = SecureRandom.uuid
-        unless Session.where(:browser_id => proposed_browser_id).exists?
-          cookies[:browser_id] = {:value => proposed_browser_id, :expires => 20.years.from_now}
+        unless Session.where(browser_id: proposed_browser_id).exists?
+          cookies[:browser_id] = { value: proposed_browser_id, expires: 20.years.from_now }
         end
       end
     end
 
     def current_user=(user)
-      Session.start(self, :user => user)
+      Session.start(self, user: user)
     end
 
     def current_user
-      if auth_session.is_a?(Session)
-        auth_session.user
-      else
-        nil
-      end
+      auth_session.user if auth_session.is_a?(Session)
     end
 
     def auth_session
       @auth_session ||= Session.get_session(self)
     end
-
   end
 end

data/lib/authie/session.rb

@@ -1,46 +1,49 @@
+# frozen_string_literal: true
+
+require 'secure_random_string'
+
 module Authie
   class Session < ActiveRecord::Base
-
     # Errors which will be raised when there's an issue with a session's
     # validity in the request.
     class ValidityError < Error; end
+
     class InactiveSession < ValidityError; end
+
     class ExpiredSession < ValidityError; end
+
     class BrowserMismatch < ValidityError; end
+
     class HostMismatch < ValidityError; end
 
     class NoParentSessionForRevert < Error; end
 
     # Set table name
-    self.table_name = "authie_sessions"
+    self.table_name = 'authie_sessions'
 
     # Relationships
-    user_options = {:polymorphic => true}.merge(Authie.config.user_relationship_options)
-    user_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
-    belongs_to :user, user_options
-
-    parent_options = {:class_name => "Authie::Session"}
+    parent_options = { class_name: 'Authie::Session' }
     parent_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
-    belongs_to :parent, parent_options
+    belongs_to :parent, **parent_options
 
     # Scopes
-    scope :active, -> { where(:active => true) }
-    scope :asc, -> { order(:last_activity_at => :desc) }
+    scope :active, -> { where(active: true) }
+    scope :asc, -> { order(last_activity_at: :desc) }
+    scope :for_user, ->(user) { where(user_type: user.class.name, user_id: user.id) }
 
     # Attributes
     serialize :data, Hash
-    attr_accessor :controller
-    attr_accessor :temporary_token
+    attr_accessor :controller, :temporary_token
 
     before_validation do
-      if self.user_agent.is_a?(String)
-        self.user_agent = self.user_agent[0,255]
-      end
+      self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
+
+      self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
     end
 
     before_create do
-      self.temporary_token = SecureRandom.base64(32)
-      self.token_hash = self.class.hash_token(self.temporary_token)
+      self.temporary_token = SecureRandomString.new(44)
+      self.token_hash = self.class.hash_token(temporary_token)
       if controller
         self.user_agent = controller.request.user_agent
         set_cookie!
@@ -51,84 +54,119 @@ module Authie
       cookies.delete(:user_session) if controller
     end
 
+    # Return the user that
+    def user
+      return unless user_id && user_type
+
+      @user ||= user_type.constantize.find_by(id: user_id) || :none
+      @user == :none ? nil : @user
+    end
+
+    # Set the user
+    def user=(user)
+      if user
+        self.user_type = user.class.name
+        self.user_id = user.id
+      else
+        self.user_type = nil
+        self.user_id = nil
+      end
+    end
+
     # This method should be called each time a user performs an
     # action while authenticated with this session.
     def touch!
-      self.check_security!
+      check_security!
       self.last_activity_at = Time.now
       self.last_activity_ip = controller.request.ip
       self.last_activity_path = controller.request.path
       self.requests += 1
-      self.save!
+      save!
       Authie.config.events.dispatch(:session_touched, self)
       true
     end
 
     # Sets the cookie on the associated controller.
-    def set_cookie!
+    # rubocop:disable Naming/AccessorMethodName
+    def set_cookie!(value = temporary_token)
       cookies[:user_session] = {
-        :value => self.temporary_token,
-        :secure => controller.request.ssl?,
-        :httponly => true,
-        :expires => self.expires_at
+        value: value,
+        secure: controller.request.ssl?,
+        httponly: true,
+        expires: expires_at
       }
       Authie.config.events.dispatch(:session_cookie_updated, self)
       true
     end
+    # rubocop:enable Naming/AccessorMethodName
+
+    # Sets the cookie for the parent session on the associated controller.
+    def set_parent_cookie!
+      cookies[:parent_user_session] = {
+        value: cookies[:user_session],
+        secure: controller.request.ssl?,
+        httponly: true,
+        expires: expires_at
+      }
+      Authie.config.events.dispatch(:parent_session_cookie_updated, self)
+      true
+    end
 
     # Check the security of the session to ensure it can be used.
     def check_security!
-      if controller
-        if cookies[:browser_id] != self.browser_id
-          invalidate!
-          Authie.config.events.dispatch(:browser_id_mismatch_error, self)
-          raise BrowserMismatch, "Browser ID mismatch"
-        end
-
-        unless self.active?
-          invalidate!
-          Authie.config.events.dispatch(:invalid_session_error, self)
-          raise InactiveSession, "Session is no longer active"
-        end
-
-        if self.expired?
-          invalidate!
-          Authie.config.events.dispatch(:expired_session_error, self)
-          raise ExpiredSession, "Persistent session has expired"
-        end
-
-        if self.inactive?
-          invalidate!
-          Authie.config.events.dispatch(:inactive_session_error, self)
-          raise InactiveSession, "Non-persistent session has expired"
-        end
-
-        if self.host && self.host != controller.request.host
-          invalidate!
-          Authie.config.events.dispatch(:host_mismatch_error, self)
-          raise HostMismatch, "Session was created on #{self.host} but accessed using #{controller.request.host}"
-        end
+      raise Authie::Error, 'Cannot check security without a controller' unless controller
+
+      if cookies[:browser_id] != browser_id
+        invalidate!
+        Authie.config.events.dispatch(:browser_id_mismatch_error, self)
+        raise BrowserMismatch, 'Browser ID mismatch'
+      end
+
+      unless active?
+        invalidate!
+        Authie.config.events.dispatch(:invalid_session_error, self)
+        raise InactiveSession, 'Session is no longer active'
+      end
+
+      if expired?
+        invalidate!
+        Authie.config.events.dispatch(:expired_session_error, self)
+        raise ExpiredSession, 'Persistent session has expired'
       end
+
+      if inactive?
+        invalidate!
+        Authie.config.events.dispatch(:inactive_session_error, self)
+        raise InactiveSession, 'Non-persistent session has expired'
+      end
+
+      if host && host != controller.request.host
+        invalidate!
+        Authie.config.events.dispatch(:host_mismatch_error, self)
+        raise HostMismatch, "Session was created on #{host} but accessed using #{controller.request.host}"
+      end
+
+      true
     end
 
     # Has this persistent session expired?
     def expired?
-      self.expires_at &&
-      self.expires_at < Time.now
+      expires_at &&
+        expires_at < Time.now
     end
 
     # Has a non-persistent session become inactive?
     def inactive?
-      self.expires_at.nil? &&
-      self.last_activity_at &&
-      self.last_activity_at < Authie.config.session_inactivity_timeout.ago
+      expires_at.nil? &&
+        last_activity_at &&
+        last_activity_at < Authie.config.session_inactivity_timeout.ago
     end
 
     # Allow this session to persist rather than expiring at the end of the
     # current browser session
     def persist!
       self.expires_at = Authie.config.persistent_session_length.from_now
-      self.save!
+      save!
       set_cookie!
     end
 
@@ -140,16 +178,14 @@ module Authie
     # Activate an old session
     def activate!
       self.active = true
-      self.save!
+      save!
     end
 
     # Mark this session as invalid
     def invalidate!
       self.active = false
-      self.save!
-      if controller
-        cookies.delete(:user_session)
-      end
+      save!
+      cookies.delete(:user_session) if controller
       Authie.config.events.dispatch(:session_invalidated, self)
       true
     end
@@ -158,7 +194,7 @@ module Authie
     def set(key, value)
       self.data ||= {}
       self.data[key.to_s] = value
-      self.save!
+      save!
     end
 
     # Get some additional data from this session
@@ -168,71 +204,71 @@ module Authie
 
     # Invalidate all sessions but this one for this user
     def invalidate_others!
-      self.class.where("id != ?", self.id).where(:user => self.user).each do |s|
-        s.invalidate!
-      end
+      self.class.where('id != ?', id).for_user(user).each(&:invalidate!)
     end
 
     # Note that we have just seen the user enter their password.
     def see_password!
       self.password_seen_at = Time.now
-      self.save!
+      save!
       Authie.config.events.dispatch(:seen_password, self)
       true
     end
 
     # Have we seen the user's password recently in this sesion?
     def recently_seen_password?
-      !!(self.password_seen_at && self.password_seen_at >= Authie.config.sudo_session_timeout.ago)
+      !!(password_seen_at && password_seen_at >= Authie.config.sudo_session_timeout.ago)
     end
 
     # Is two factor authentication required for this request?
     def two_factored?
-      !!(two_factored_at || self.parent_id)
+      !!(two_factored_at || parent_id)
     end
 
     # Mark this request as two factor authoritsed
     def mark_as_two_factored!
       self.two_factored_at = Time.now
       self.two_factored_ip = controller.request.ip
-      self.save!
+      save!
       Authie.config.events.dispatch(:marked_as_two_factored, self)
       true
     end
 
     # Create a new session for impersonating for the given user
     def impersonate!(user)
-      self.class.start(controller, :user => user, :parent => self)
+      set_parent_cookie!
+      self.class.start(controller, user: user, parent: self)
     end
 
     # Revert back to the parent session
     def revert_to_parent!
-      if self.parent
-        self.invalidate!
-        self.parent.activate!
-        self.parent.controller = self.controller
-        self.parent.set_cookie!
-        self.parent
-      else
-        raise NoParentSessionForRevert, "Session does not have a parent therefore cannot be reverted."
+      unless parent && cookies[:parent_user_session]
+        raise NoParentSessionForRevert, 'Session does not have a parent therefore cannot be reverted.'
       end
+
+      invalidate!
+      parent.activate!
+      parent.controller = controller
+      parent.set_cookie!(cookies[:parent_user_session])
+      cookies.delete(:parent_user_session)
+      parent
     end
 
     # Is this the first session for this session's browser?
     def first_session_for_browser?
-      self.class.where("id < ?", self.id).where(:user => self.user, :browser_id => self.browser_id).empty?
+      self.class.where('id < ?', id).for_user(user).where(browser_id: browser_id).empty?
     end
 
     # Is this the first session for the IP?
     def first_session_for_ip?
-      self.class.where("id < ?", self.id).where(:user => self.user, :login_ip => self.login_ip).empty?
+      self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
     end
 
     # Find a session from the database for the given controller instance.
     # Returns a session object or :none if no session is found.
     def self.get_session(controller)
       cookies = controller.send(:cookies)
-      if cookies[:user_session] && session = self.find_session_by_token(cookies[:user_session])
+      if cookies[:user_session] && (session = find_session_by_token(cookies[:user_session]))
         session.temporary_token = cookies[:user_session]
         session.controller = controller
         session
@@ -244,15 +280,19 @@ module Authie
     # Find a session by a token (either from a hash or from the raw token)
     def self.find_session_by_token(token)
       return nil if token.blank?
-      self.active.where("token = ? OR token_hash = ?", token, self.hash_token(token)).first
+
+      active.where('token = ? OR token_hash = ?', token, hash_token(token)).first
     end
 
     # Create a new session and return the newly created session object.
     # Any other sessions for the browser will be invalidated.
     def self.start(controller, params = {})
       cookies = controller.send(:cookies)
-      self.active.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
-      session = self.new(params)
+      active.where(browser_id: cookies[:browser_id]).each(&:invalidate!)
+      user_object = params.delete(:user)
+
+      session = new(params)
+      session.user = user_object
       session.controller = controller
       session.browser_id = cookies[:browser_id]
       session.login_at = Time.now
@@ -267,9 +307,10 @@ module Authie
     def self.cleanup
       Authie.config.events.dispatch(:before_cleanup)
       # Invalidate transient sessions that haven't been used
-      self.active.where("expires_at IS NULL AND last_activity_at < ?", Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
+      active.where('expires_at IS NULL AND last_activity_at < ?',
+                   Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
       # Invalidate persistent sessions that have expired
-      self.active.where("expires_at IS NOT NULL AND expires_at < ?", Time.now).each(&:invalidate!)
+      active.where('expires_at IS NOT NULL AND expires_at < ?', Time.now).each(&:invalidate!)
       Authie.config.events.dispatch(:after_cleanup)
       true
     end
@@ -281,9 +322,9 @@ module Authie
 
     # Convert all existing active sessions to store their tokens in the database
     def self.convert_tokens_to_hashes
-      active.where(:token_hash => nil).where("token is not null").each do |s|
-        hash = self.hash_token(s.token)
-        self.where(:id => s.id).update_all(:token_hash => hash, :token => nil)
+      active.where(token_hash: nil).where('token is not null').each do |s|
+        hash = hash_token(s.token)
+        where(id: s.id).update_all(token_hash: hash, token: nil)
       end
     end
 
@@ -293,6 +334,5 @@ module Authie
     def cookies
       controller.send(:cookies)
     end
-
   end
 end

data/lib/authie/user.rb

@@ -1,9 +1,9 @@
+# frozen_string_literal: true
+
 module Authie
   module User
-
     def self.included(base)
-      base.has_many :user_sessions, :class_name => 'Authie::Session', :as => :user, :dependent => :delete_all
+      base.has_many :user_sessions, class_name: 'Authie::Session', as: :user, dependent: :delete_all
     end
-
   end
 end

data/lib/authie/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authie
-  VERSION = '3.1.5'
+  VERSION = '3.4.0'
 end

metadata

@@ -1,42 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: authie
 version: !ruby/object:Gem::Version
-  version: 3.1.5
+  version: 3.4.0
 platform: ruby
 authors:
 - Adam Cooke
 autorequire: 
 bindir: bin
-cert_chain:
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIEZDCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQDDAJtZTEZ
-  MBcGCgmSJomT8ixkARkWCWFkYW1jb29rZTESMBAGCgmSJomT8ixkARkWAmlvMB4X
-  DTE4MDMwNTE3MzAwNVoXDTE5MDMwNTE3MzAwNVowPDELMAkGA1UEAwwCbWUxGTAX
-  BgoJkiaJk/IsZAEZFglhZGFtY29va2UxEjAQBgoJkiaJk/IsZAEZFgJpbzCCAaIw
-  DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOH6HpXwjmVYrUQxUHm25mLm9qYK
-  WS66Me1IfMUX3ZREZ/GzqiJZdV6itPuaaaKpbcm2A/KjgGSPOi9FZBneZ5KvbIeK
-  /GsixL98kxB06q9DZwJbFz7Inklxkd/S0anm+PxtWkQP1TLkMsviRcBPEAqSLON9
-  dCKC7+3kibhatdlsbqIQaeEhSoCUipYMi7ZyFHu5Qz+zMwc8JwHvQ4yi8cMa/QZ+
-  s1tN4mkp/6vWWj4G4lF3YjFYyt2txJcK5ELDtyBy7a3vbMImPy9pplFx1/M6SNpn
-  7Pck0LqDprRzJXsGjq3CbC0nUaudFjUPr31KwxMYq1u13aQL9YuO3GeQCQ3gvdlJ
-  TSd7zoGgLwrMGmXqgd392Psr29yp+WBLcvhFUJnNPDV8nlph/cqmRzoIewP1kdPq
-  pEIUIJQdyKJU7gmFlJ1FurarkuT0a2Rgs99WokCoXLxuPmRWQRN1sH2nHL70jgAR
-  UuvyXEtyALHoCn3VqBR7ZvpfDblUzfANQDhBgwIDAQABo3EwbzAJBgNVHRMEAjAA
-  MAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUa7gxxSE4SO2Ors4B+y3qANdMpo4wGgYD
-  VR0RBBMwEYEPbWVAYWRhbWNvb2tlLmlvMBoGA1UdEgQTMBGBD21lQGFkYW1jb29r
-  ZS5pbzANBgkqhkiG9w0BAQsFAAOCAYEAkbz/AJwBsRKwgt2BhWqgr/egf/37IS3s
-  utVox7feYutKyFDHXYvCjm64XUJNioG7ipbRwOOGs5bEYfwgkabcAQnxSlkdNjc4
-  JIgL/cF4YRg8uJG7DH+LwpydXHqr7RneDiONuiHlEN/1EZZ8tjwXypdwzhQ2/6ot
-  YOxdSi/mXdoDoFlIebsLyInUZjqnm7dQ9nTTUNSB+1LoOD8ARNhTIPnKCnxwZd56
-  giOxoHuJIOhgi6U2zicZJHv8lUj2Lc3bcirQk5eeOFRPVGQSpLLoqA7dtS7Jy4cv
-  3c5m+HyxSxzlrcVHMAgJYemK0uhVQD9Y6JwHKDroWDH+MPALjlScw8ui1jmNuH31
-  n5JOH/07C4gYcwTjJmtoRSov46Z6Gn5cc6NFkQpA185pbRLqEDKzusXvBOQlAOLh
-  iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
-  qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
-  -----END CERTIFICATE-----
-date: 2018-03-14 00:00:00.000000000 Z
-dependencies: []
+cert_chain: []
+date: 2021-03-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: secure_random_string
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Rails library for storing user sessions in a backend database
 email:
 - me@adamcooke.io
@@ -81,8 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.4
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: A Rails library for storing user sessions in a backend database