authie 3.3.2 → 4.0.0.rc3

data/lib/authie/session_model.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+require 'active_record/base'
+require 'secure_random_string'
+require 'authie/config'
+
+module Authie
+  class SessionModel < ActiveRecord::Base
+    attr_accessor :temporary_token
+
+    self.table_name = 'authie_sessions'
+
+    belongs_to :parent, class_name: 'Authie::SessionModel', optional: true
+
+    scope :active, -> { where(active: true) }
+    scope :asc, -> { order(last_activity_at: :desc) }
+    scope :for_user, ->(user) { where(user_type: user.class.name, user_id: user.id) }
+
+    # Attributes
+    serialize :data, Hash
+
+    before_validation do
+      self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
+      self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
+    end
+
+    before_create do
+      self.temporary_token = SecureRandomString.new(44)
+      self.token_hash = self.class.hash_token(temporary_token)
+    end
+
+    # Return the user that
+    def user
+      return unless user_id && user_type
+      return @user if instance_variable_defined?('@user')
+
+      @user = user_type.constantize.find_by(id: user_id)
+    end
+
+    # Set the user
+    def user=(user)
+      @user = user
+      if user
+        self.user_type = user.class.name
+        self.user_id = user.id
+      else
+        self.user_type = nil
+        self.user_id = nil
+      end
+    end
+
+    def expired?
+      expires_at.present? &&
+        expires_at < Time.now
+    end
+
+    def inactive?
+      expires_at.nil? &&
+        last_activity_at.present? &&
+        last_activity_at < Authie.config.session_inactivity_timeout.ago
+    end
+
+    def persistent?
+      !!expires_at
+    end
+
+    def activate!
+      self.active = true
+      save!
+    end
+
+    def invalidate!
+      self.active = false
+      save!
+      true
+    end
+
+    def set(key, value)
+      self.data ||= {}
+      self.data[key.to_s] = value
+      save!
+    end
+
+    def get(key)
+      (self.data ||= {})[key.to_s]
+    end
+
+    def invalidate_others!
+      self.class.where('id != ?', id).for_user(user).each(&:invalidate!).inspect
+    end
+
+    # Have we seen the user's password recently in this sesion?
+    def recently_seen_password?
+      !!(password_seen_at && password_seen_at >= Authie.config.sudo_session_timeout.ago)
+    end
+
+    # Is two factor authentication required for this request?
+    def two_factored?
+      !!(two_factored_at || parent_id)
+    end
+
+    # Is this the first session for this session's browser?
+    def first_session_for_browser?
+      self.class.where('id < ?', id).for_user(user).where(browser_id: browser_id).empty?
+    end
+
+    # Is this the first session for the IP?
+    def first_session_for_ip?
+      self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
+    end
+
+    class << self
+      # Find a session from the database for the given controller instance.
+      # Returns a session object or :none if no session is found.
+
+      # Find a session by a token (either from a hash or from the raw token)
+      def find_session_by_token(token)
+        return nil if token.blank?
+
+        active.where(token_hash: hash_token(token)).first
+      end
+
+      # Cleanup any old sessions.
+      def cleanup
+        Authie.config.events.dispatch(:before_cleanup)
+        # Invalidate transient sessions that haven't been used
+        active.where('expires_at IS NULL AND last_activity_at < ?',
+                     Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
+        # Invalidate persistent sessions that have expired
+        active.where('expires_at IS NOT NULL AND expires_at < ?', Time.now).each(&:invalidate!)
+        Authie.config.events.dispatch(:after_cleanup)
+        true
+      end
+
+      # Return a hash of a given token
+      def hash_token(token)
+        Digest::SHA256.hexdigest(token)
+      end
+    end
+  end
+end

data/lib/authie/user.rb

@@ -1,9 +1,9 @@
+# frozen_string_literal: true
+
 module Authie
   module User
-
     def self.included(base)
-      base.has_many :user_sessions, :class_name => 'Authie::Session', :as => :user, :dependent => :delete_all
+      base.has_many :user_sessions, class_name: 'Authie::SessionModel', as: :user, dependent: :delete_all
     end
-
   end
 end

data/lib/authie/version.rb

@@ -1,3 +1,10 @@
+# frozen_string_literal: true
+
 module Authie
-  VERSION = '3.3.2'
+  VERSION_FILE_ROOT = File.expand_path('../../VERSION', __dir__)
+  VERSION = if File.file?(VERSION_FILE_ROOT)
+              File.read(VERSION_FILE_ROOT).strip.sub(/\Av/, '')
+            else
+              '0.0.0.dev'
+            end
 end

data/lib/authie.rb

@@ -1,8 +1,8 @@
+# frozen_string_literal: true
+
 require 'authie/version'
 require 'authie/config'
 require 'authie/error'
 require 'authie/user'
 
-if defined?(Rails)
-  require 'authie/engine'
-end
+require 'authie/engine' if defined?(Rails)

metadata

@@ -1,15 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: authie
 version: !ruby/object:Gem::Version
-  version: 3.3.2
+  version: 4.0.0.rc3
 platform: ruby
 authors:
 - Adam Cooke
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-25 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: secure_random_string
   requirement: !ruby/object:Gem::Requirement
@@ -24,6 +44,194 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.4.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.4.1
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.17.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.17.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: solargraph
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.4.2
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Rails library for storing user sessions in a backend database
 email:
 - me@adamcooke.io
@@ -47,6 +255,7 @@ files:
 - lib/authie/event_manager.rb
 - lib/authie/rack_controller.rb
 - lib/authie/session.rb
+- lib/authie/session_model.rb
 - lib/authie/user.rb
 - lib/authie/version.rb
 homepage: https://github.com/adamcooke/authie
@@ -64,11 +273,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: A Rails library for storing user sessions in a backend database