authie 4.0.0.rc3 → 4.0.0.rc6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88107b7b60c50bacd33b7c704ab0e7c4f44efe86b1fbe371aa9ab7eca95ca657
-  data.tar.gz: 76146beeb6b2a8143f7a40fb0df0412c84d9521a1e4431768d14d6e5b56fa702
+  metadata.gz: 3f0ed5ff2724edcadbe4c3da00f495f61c49fb8527a9a3ea990d6cbb0d1b3481
+  data.tar.gz: f3c621bd0cd8561123e39b508647d1bc5b356038928682d1b541635d9913c9cd
 SHA512:
-  metadata.gz: 65606471280d99e160c1e487be855ccbaca21cea958e872f9177c64b821b0cfd1c6e73b1c6b5f3d8cda582c8c20bd1beef1331c60e7ea20b1ba815a4fff2f222
-  data.tar.gz: 6b1626f7618bc12a8e2f0358ce8ec59ac74f763c30e15c4f92769c656c2300dc5743a6cd2eec8195bfbe96c16b869f7595aa73dce51d5649e4db98b8dc76a8b0
+  metadata.gz: f326f7e0aee77baccff01544c98730902fd77c722c803b49257bad520eb6f5340ab00bf585050b6a5d447409f86954147ec9e701d9af404948cb8f7977008c78
+  data.tar.gz: 55da617f47e858b869fb4e3f1afb14a45dd3ff2a661656db89906bdf66fd2c2a785ac70163de3e60e342f3e91601fcb058ff7a77663f840502268e77a224d7d5

data/lib/authie/controller_delegate.rb

@@ -9,10 +9,13 @@ module Authie
   # The controller delegate implements methods that can be used by a controller. These are then
   # extended into controllers as needed (see ControllerExtension).
   class ControllerDelegate
+    attr_accessor :touch_auth_session_enabled
+
     # @param controller [ActionController::Base]
     # @return [Authie::ControllerDelegate]
     def initialize(controller)
       @controller = controller
+      @touch_auth_session_enabled = true
     end
 
     # Sets a browser ID. This must be performed on any page request where AUthie will be used.
@@ -36,18 +39,25 @@ module Authie
       proposed_browser_id
     end
 
-    # Touch the session on each request to ensure that it is validated and all last activity
-    # information is updated. This will return the session if one has been touched otherwise
-    # it will reteurn false if there is no session/not logged in. It is safe to run this on
-    # all requests even if there is no session.
+    # Validate the auth session to ensure that it is current validate and raise an error if it
+    # is not suitable for use.
     #
     # @return [Authie::Session, false]
-    def touch_auth_session
-      return auth_session.touch if logged_in?
+    def validate_auth_session
+      return auth_session.validate if logged_in?
 
       false
     end
 
+    # Touch the session to update details on the latest activity.
+    #
+    # @return [Authie::Session, false]
+    def touch_auth_session
+      yield if block_given?
+    ensure
+      auth_session.touch if @touch_auth_session_enabled && logged_in?
+    end
+
     # Return the user for the currently logged in user or nil if no user is logged in
     #
     # @return [ActiveRecord::Base, nil]
@@ -61,9 +71,9 @@ module Authie
     # will be invalidated.
     #
     # @return [Authie::Session, nil]
-    def create_auth_session(user)
+    def create_auth_session(user, **kwargs)
       if user
-        @auth_session = Authie::Session.start(@controller, user: user)
+        @auth_session = Authie::Session.start(@controller, user: user, **kwargs)
         return @auth_session
       end
 

data/lib/authie/controller_extension.rb

@@ -7,9 +7,11 @@ module Authie
     class << self
       def included(base)
         base.helper_method :logged_in?, :current_user, :auth_session
-        base.before_action :set_browser_id, :touch_auth_session
+        base.before_action :set_browser_id, :validate_auth_session
+        base.around_action :touch_auth_session
 
         base.delegate :set_browser_id, to: :auth_session_delegate
+        base.delegate :validate_auth_session, to: :auth_session_delegate
         base.delegate :touch_auth_session, to: :auth_session_delegate
         base.delegate :current_user, to: :auth_session_delegate
         base.delegate :create_auth_session, to: :auth_session_delegate
@@ -24,5 +26,9 @@ module Authie
     def auth_session_delegate
       @auth_session_delegate ||= Authie::ControllerDelegate.new(self)
     end
+
+    def skip_touch_auth_session!
+      auth_session_delegate.touch_auth_session_enabled = false
+    end
   end
 end

data/lib/authie/session.rb

@@ -88,7 +88,6 @@ module Authie
     # @raises [ActiveRecord::RecordInvalid]
     # @return [Authie::Session]
     def touch
-      validate
       @session.last_activity_at = Time.now
       @session.last_activity_ip = @controller.request.ip
       @session.last_activity_path = @controller.request.path
@@ -206,20 +205,22 @@ module Authie
       # Create a new session within the given controller for the
       #
       # @param controller [ActionController::Base]
-      # @option params [ActiveRecord::Base] user
+      # @param user [ActiveRecord::Base] user
+      # @param persistent [Boolean] create a persistent session
       # @return [Authie::Session]
-      def start(controller, params = {})
+      def start(controller, user:, persistent: false, see_password: false, **params)
         cookies = controller.send(:cookies)
         SessionModel.active.where(browser_id: cookies[:browser_id]).each(&:invalidate!)
-        user_object = params.delete(:user)
 
         session = SessionModel.new(params)
-        session.user = user_object
+        session.user = user
         session.browser_id = cookies[:browser_id]
         session.login_at = Time.now
         session.login_ip = controller.request.ip
         session.host = controller.request.host
         session.user_agent = controller.request.user_agent
+        session.expires_at = Time.now + Authie.config.persistent_session_length if persistent
+        session.password_seen_at = Time.now if see_password
         session.save!
 
         new(controller, session).start
@@ -261,6 +262,7 @@ module Authie
     delegate :active?, to: :session
     delegate :browser_id, to: :session
     delegate :expired?, to: :session
+    delegate :expires_at, to: :session
     delegate :first_session_for_browser?, to: :session
     delegate :first_session_for_ip?, to: :session
     delegate :get, to: :session

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authie
 version: !ruby/object:Gem::Version
-  version: 4.0.0.rc3
+  version: 4.0.0.rc6
 platform: ruby
 authors:
 - Adam Cooke
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-29 00:00:00.000000000 Z
+date: 2022-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord