authie 3.3.1 → 4.0.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4351fb61c9e32ab9e4719b811ce293391275a3af0dc7d76972fecc4b10e755d8
-  data.tar.gz: e7522427a422d28cb6a41e9cd4f932384f3408a4bc13b83e47909377d1cc783e
+  metadata.gz: d5347676808e3554dde1670a91c8402ed166be59767298dfea961a9020659843
+  data.tar.gz: 03ee0e9cc60e7ae24a9e83c7a6ead5d72ebec109ef558898395d476014843a65
 SHA512:
-  metadata.gz: b1f52adcafa68d13fc43c4cd00a374f3f8d0ac83e234973dc862e77a4aab51505c847c528e3bf81576ae473481ecf8b7659acb7944dfc6d4caa8ff972cabe865
-  data.tar.gz: ca2f130a5d8b671fce1026e8d7b2e327d2c9e9226768dcb466f69cdddac6dae64d7255eabfa636b97e13af4485062b16a2b0a338b202187c7c38181503b1a526
+  metadata.gz: 219676dee96408c5cb85432ab4d919967415b9e575cb9681c4b4a9d210f041213af2a841a63ebdd4c88d9a8d3856f4ab306ddfd5e4947dee6e3d3654de8538b0
+  data.tar.gz: 7dd321dd2d407fd73b89ea6e1894d60362ac7e4fd792d0d74ea9e2cc5178b30eebd8d42ab3bf7baa356bc3d6f161d6809e0c545d9430d6db3267e8dfbda87190

data/db/migrate/20141012174250_create_authie_sessions.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 class CreateAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     create_table :authie_sessions do |t|
       t.string :token, :browser_id
       t.integer :user_id
-      t.boolean :active, :default => true
+      t.boolean :active, default: true
       t.text :data
       t.datetime :expires_at
       t.datetime :login_at
@@ -11,7 +13,7 @@ class CreateAuthieSessions < ActiveRecord::Migration[4.2]
       t.datetime :last_activity_at
       t.string :last_activity_ip, :last_activity_path
       t.string :user_agent
-      t.timestamps :null => true
+      t.timestamps null: true
     end
   end
 end

data/db/migrate/20141013115205_add_indexes_to_authie_sessions.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 class AddIndexesToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :user_type, :string
-    add_index :authie_sessions, :token, :length => 10
-    add_index :authie_sessions, :browser_id, :length => 10
+    add_index :authie_sessions, :token, length: 10
+    add_index :authie_sessions, :browser_id, length: 10
     add_index :authie_sessions, :user_id
   end
 end

data/db/migrate/20150109144120_add_parent_id_to_authie_sessions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddParentIdToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :parent_id, :integer

data/db/migrate/20150305135400_add_two_factor_auth_fields_to_authie.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 class AddTwoFactorAuthFieldsToAuthie < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :two_factored_at, :datetime
     add_column :authie_sessions, :two_factored_ip, :string
-    add_column :authie_sessions, :requests, :integer, :default => 0
+    add_column :authie_sessions, :requests, :integer, default: 0
     add_column :authie_sessions, :password_seen_at, :datetime
   end
 end

data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddTokenHashesToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :token_hash, :string

data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 class AddIndexToTokenHashesOnAuthieSessions < ActiveRecord::Migration[4.2]
   def change
-    add_index :authie_sessions, :token_hash, :length => 10
+    add_index :authie_sessions, :token_hash, length: 10
   end
 end

data/db/migrate/20180215152200_add_host_to_authie_sessions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddHostToAuthieSessions < ActiveRecord::Migration[4.2]
   def change
     add_column :authie_sessions, :host, :string

data/lib/authie/config.rb

@@ -1,48 +1,32 @@
+# frozen_string_literal: true
+
 require 'authie/event_manager'
 
 module Authie
   class Config
+    attr_accessor :session_inactivity_timeout
+    attr_accessor :persistent_session_length
+    attr_accessor :sudo_session_timeout
+    attr_accessor :browser_id_cookie_name
+    attr_accessor :events
 
     def initialize
-      @callbacks = {}
-    end
-
-    def session_inactivity_timeout
-      @session_inactivity_timeout || 12.hours
-    end
-    attr_writer :session_inactivity_timeout
-
-    def persistent_session_length
-      @persistent_session_length || 2.months
-    end
-    attr_writer :persistent_session_length
-
-    def sudo_session_timeout
-      @sudo_session_timeout || 10.minutes
-    end
-    attr_writer :sudo_session_timeout
-
-    def user_relationship_options
-      @user_relationship_options ||= {}
+      @session_inactivity_timeout = 12.hours
+      @persistent_session_length = 2.months
+      @sudo_session_timeout = 10.minutes
+      @browser_id_cookie_name = :browser_id
+      @events = EventManager.new
     end
+  end
 
-    def browser_id_cookie_name
-      @browser_id_cookie_name || :browser_id
+  class << self
+    def config
+      @config ||= Config.new
     end
-    attr_writer :browser_id_cookie_name
 
-    def events
-      @event_manager ||= EventManager.new
+    def configure(&block)
+      block.call(config)
+      config
     end
   end
-
-  def self.config
-    @config ||= Config.new
-  end
-
-  def self.configure(&block)
-    block.call(config)
-    config
-  end
-
 end

data/lib/authie/controller_delegate.rb

@@ -1,86 +1,113 @@
+# frozen_string_literal: true
+
 require 'securerandom'
 require 'authie/session'
+require 'authie/config'
+require 'authie/session_model'
 
 module Authie
+  # The controller delegate implements methods that can be used by a controller. These are then
+  # extended into controllers as needed (see ControllerExtension).
   class ControllerDelegate
-
+    # @param controller [ActionController::Base]
+    # @return [Authie::ControllerDelegate]
     def initialize(controller)
       @controller = controller
     end
 
-    # Set a random browser ID for this browser.
+    # Sets a browser ID. This must be performed on any page request where AUthie will be used.
+    # It should be triggered before any other Authie provided methods. This will ensure that
+    # the given browser ID is unique.
+    #
+    # @return [String] the generated browser ID
     def set_browser_id
       until cookies[Authie.config.browser_id_cookie_name]
         proposed_browser_id = SecureRandom.uuid
-        unless Authie::Session.where(:browser_id => proposed_browser_id).exists?
-          cookies[Authie.config.browser_id_cookie_name] = {
-            :value => proposed_browser_id,
-            :expires => 5.years.from_now,
-            :httponly => true,
-            :secure => @controller.request.ssl?
-          }
-          # Dispatch an event when the browser ID is set.
-          Authie.config.events.dispatch(:set_browser_id, proposed_browser_id)
-        end
+        next if Authie::SessionModel.where(browser_id: proposed_browser_id).exists?
+
+        cookies[Authie.config.browser_id_cookie_name] = {
+          value: proposed_browser_id,
+          expires: 5.years.from_now,
+          httponly: true,
+          secure: @controller.request.ssl?
+        }
+        Authie.config.events.dispatch(:set_browser_id, proposed_browser_id)
       end
+      proposed_browser_id
     end
 
-    # Touch the auth session on each request if logged in
+    # Touch the session on each request to ensure that it is validated and all last activity
+    # information is updated. This will return the session if one has been touched otherwise
+    # it will reteurn false if there is no session/not logged in. It is safe to run this on
+    # all requests even if there is no session.
+    #
+    # @return [Authie::Session, false]
     def touch_auth_session
-      if logged_in?
-        auth_session.touch!
-      end
+      return auth_session.touch if logged_in?
+
+      false
     end
 
-    # Return the currently logged in user object
+    # Return the user for the currently logged in user or nil if no user is logged in
+    #
+    # @return [ActiveRecord::Base, nil]
     def current_user
-      logged_in? ? auth_session.user : nil
-    end
+      return nil unless logged_in?
 
-    # Set the currently logged in user
-    def current_user=(user)
-      create_auth_session(user)
-      user
+      auth_session.session.user
     end
 
-    # Create a new session for the given user
+    # Create a new session for the given user. If nil is provided as a user, the existing session
+    # will be invalidated.
+    #
+    # @return [Authie::Session, nil]
     def create_auth_session(user)
       if user
-        @auth_session = Authie::Session.start(@controller, :user => user)
-      else
-        auth_session.invalidate! if logged_in?
-        @auth_session = :none
+        @auth_session = Authie::Session.start(@controller, user: user)
+        return @auth_session
       end
+
+      invalidate_auth_session
+      nil
     end
 
-    # Invalidate an existing auth session
+    # Invalidate the existing auth session if one exists. Return true if a sesion has been invalidated
+    # otherwise return false.
+    #
+    # @return [Boolean]
     def invalidate_auth_session
       if logged_in?
-        auth_session.invalidate!
-        @auth_session = :none
-        true
-      else
-        false
+        auth_session.invalidate
+        @auth_session = nil
+        return true
       end
+
+      false
     end
 
-    # Is anyone currently logged in?
+    # Is anyone currently logged in? Return true if there is an auth session present.
+    #
+    # Note: this does not check the validatity of the session. You must always ensure that the `validate`
+    # or `touch` method is invoked to ensure that the session that has been found is active.
+    #
+    # @return [Boolean]
     def logged_in?
       auth_session.is_a?(Session)
     end
 
-    # Return the currently logged in user session
+    # Return an auth session that has been found in the current cookies.
+    #
+    # @return [Authie::Session]
     def auth_session
-      @auth_session ||= Authie::Session.get_session(@controller)
-      @auth_session == :none ? nil : @auth_session
+      return @auth_session if instance_variable_defined?('@auth_session')
+
+      @auth_session = Authie::Session.get_session(@controller)
     end
 
     private
 
-    # Return cookies for the controller
     def cookies
       @controller.send(:cookies)
     end
-
   end
 end

data/lib/authie/controller_extension.rb

@@ -1,12 +1,22 @@
+# frozen_string_literal: true
+
 require 'authie/controller_delegate'
 
 module Authie
   module ControllerExtension
+    class << self
+      def included(base)
+        base.helper_method :logged_in?, :current_user, :auth_session
+        base.before_action :set_browser_id, :touch_auth_session
 
-    def self.included(base)
-      base.helper_method :logged_in?, :current_user, :auth_session
-      before_action_method = base.respond_to?(:before_action) ? :before_action : :before_filter
-      base.public_send(before_action_method, :set_browser_id, :touch_auth_session)
+        base.delegate :set_browser_id, to: :auth_session_delegate
+        base.delegate :touch_auth_session, to: :auth_session_delegate
+        base.delegate :current_user, to: :auth_session_delegate
+        base.delegate :create_auth_session, to: :auth_session_delegate
+        base.delegate :invalidate_auth_session, to: :auth_session_delegate
+        base.delegate :logged_in?, to: :auth_session_delegate
+        base.delegate :auth_session, to: :auth_session_delegate
+      end
     end
 
     private
@@ -14,38 +24,5 @@ module Authie
     def auth_session_delegate
       @auth_session_delegate ||= Authie::ControllerDelegate.new(self)
     end
-
-    def set_browser_id
-      auth_session_delegate.set_browser_id
-    end
-
-    def touch_auth_session
-      auth_session_delegate.touch_auth_session
-    end
-
-    def current_user
-      auth_session_delegate.current_user
-    end
-
-    def current_user=(user)
-      auth_session_delegate.current_user = user
-    end
-
-    def create_auth_session(user)
-      auth_session_delegate.create_auth_session(user)
-    end
-
-    def invalidate_auth_session
-      auth_session_delegate.invalidate_auth_session
-    end
-
-    def logged_in?
-      auth_session_delegate.logged_in?
-    end
-
-    def auth_session
-      auth_session_delegate.auth_session
-    end
-
   end
 end

data/lib/authie/engine.rb

@@ -1,9 +1,10 @@
+# frozen_string_literal: true
+
 module Authie
   class Engine < ::Rails::Engine
-
     engine_name 'authie'
 
-    initializer 'authie.initialize' do |app|
+    initializer 'authie.initialize' do |_app|
       ActiveSupport.on_load :active_record do
         require 'authie/session'
       end
@@ -13,6 +14,5 @@ module Authie
         include Authie::ControllerExtension
       end
     end
-
   end
 end

data/lib/authie/error.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authie
   class Error < StandardError
   end

data/lib/authie/event_manager.rb

@@ -1,15 +1,19 @@
+# frozen_string_literal: true
+
 module Authie
   class EventManager
+    attr_reader :callbacks
 
     def initialize
       @callbacks = {}
     end
 
     def dispatch(event, *args)
-      if callbacks = @callbacks[event.to_sym]
-        callbacks.each do |cb|
-          cb.call(*args)
-        end
+      callbacks = @callbacks[event.to_sym]
+      return if callbacks.nil?
+
+      callbacks.each do |cb|
+        cb.call(*args)
       end
     end
 
@@ -19,10 +23,10 @@ module Authie
     end
 
     def remove(event, block)
-      if cb = @callbacks[event.to_sym]
-        cb.delete(block)
-      end
-    end
+      cb = @callbacks[event.to_sym]
+      return if cb.nil?
 
+      cb.delete(block)
+    end
   end
 end

data/lib/authie/rack_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # If you're dealing with your authentication in a middleware and you only have
 # access to your rack environment, this will wrap around rack and make it look
 # close enough to an ActionController to work with Authie
@@ -9,7 +11,6 @@
 
 module Authie
   class RackController
-
     attr_reader :request
 
     def initialize(env)
@@ -26,27 +27,22 @@ module Authie
     def set_browser_id
       until cookies[:browser_id]
         proposed_browser_id = SecureRandom.uuid
-        unless Session.where(:browser_id => proposed_browser_id).exists?
-          cookies[:browser_id] = {:value => proposed_browser_id, :expires => 20.years.from_now}
+        unless Session.where(browser_id: proposed_browser_id).exists?
+          cookies[:browser_id] = { value: proposed_browser_id, expires: 20.years.from_now }
         end
       end
     end
 
     def current_user=(user)
-      Session.start(self, :user => user)
+      Session.start(self, user: user)
     end
 
     def current_user
-      if auth_session.is_a?(Session)
-        auth_session.user
-      else
-        nil
-      end
+      auth_session.user if auth_session.is_a?(Session)
     end
 
     def auth_session
       @auth_session ||= Session.get_session(self)
     end
-
   end
 end