authie 4.0.0.rc6 → 4.0.0.rc9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/db/migrate/20220502180100_add_two_factor_required_to_sessions.rb +7 -0
  3. data/lib/authie/config.rb +4 -0
  4. data/lib/authie/session.rb +23 -1
  5. data/lib/authie/session_model.rb +24 -10
  6. metadata +3 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f0ed5ff2724edcadbe4c3da00f495f61c49fb8527a9a3ea990d6cbb0d1b3481
4
- data.tar.gz: f3c621bd0cd8561123e39b508647d1bc5b356038928682d1b541635d9913c9cd
3
+ metadata.gz: f06ec249cc2efa9d4924d524769752cc9702cf017a1d0020d010e8d4a9eae9f8
4
+ data.tar.gz: f056af849c503c3870f69a707a4409428d6b200cff4df73237cd21e3ca5ce2ed
5
5
  SHA512:
6
- metadata.gz: f326f7e0aee77baccff01544c98730902fd77c722c803b49257bad520eb6f5340ab00bf585050b6a5d447409f86954147ec9e701d9af404948cb8f7977008c78
7
- data.tar.gz: 55da617f47e858b869fb4e3f1afb14a45dd3ff2a661656db89906bdf66fd2c2a785ac70163de3e60e342f3e91601fcb058ff7a77663f840502268e77a224d7d5
6
+ metadata.gz: 55baf7050e12a28da721b94764740a9267b1ea6b16cb7fe515cf306bfa695463055fae8b2aa16badf47b541f470cb6357b40611d5965d8d51c03a18f7cf985db
7
+ data.tar.gz: 4853c8cafca07ec918c2d5f1e3ccfa01988432021ded6350470be15f369561aa534bc1a845521107f8e5d2a5a602d37e160a556d936b09e9b4f8573b9fa70ccb
data/db/migrate/20220502180100_add_two_factor_required_to_sessions.rb ADDED
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ class AddTwoFactorRequiredToSessions < ActiveRecord::Migration[4.2]
4
+ def change
5
+ add_column :authie_sessions, :skip_two_factor, :boolean, default: false
6
+ end
7
+ end
data/lib/authie/config.rb CHANGED
@@ -8,6 +8,8 @@ module Authie
8
8
  attr_accessor :persistent_session_length
9
9
  attr_accessor :sudo_session_timeout
10
10
  attr_accessor :browser_id_cookie_name
11
+ attr_accessor :session_token_length
12
+ attr_accessor :extend_session_expiry_on_touch
11
13
  attr_accessor :events
12
14
 
13
15
  def initialize
@@ -15,6 +17,8 @@ module Authie
15
17
  @persistent_session_length = 2.months
16
18
  @sudo_session_timeout = 10.minutes
17
19
  @browser_id_cookie_name = :browser_id
20
+ @session_token_length = 64
21
+ @extend_session_expiry_on_touch = false
18
22
  @events = EventManager.new
19
23
  end
20
24
  end
data/lib/authie/session.rb CHANGED
@@ -92,6 +92,7 @@ module Authie
92
92
  @session.last_activity_ip = @controller.request.ip
93
93
  @session.last_activity_path = @controller.request.path
94
94
  @session.requests += 1
95
+ extend_session_expiry_if_appropriate
95
96
  @session.save!
96
97
  Authie.config.events.dispatch(:session_touched, self)
97
98
  self
@@ -113,9 +114,10 @@ module Authie
113
114
  #
114
115
  # @raises [ActiveRecord::RecordInvalid]
115
116
  # @return [Authie::Session]
116
- def mark_as_two_factored
117
+ def mark_as_two_factored(skip: nil)
117
118
  @session.two_factored_at = Time.now
118
119
  @session.two_factored_ip = @controller.request.ip
120
+ @session.skip_two_factor = skip unless skip.nil?
119
121
  @session.save!
120
122
  Authie.config.events.dispatch(:marked_as_two_factor, self)
121
123
  self
@@ -132,6 +134,15 @@ module Authie
132
134
  self
133
135
  end
134
136
 
137
+ # Resets the token for the currently active session to a new string
138
+ #
139
+ # @return [Authie::Session]
140
+ def reset_token
141
+ @session.reset_token
142
+ set_cookie
143
+ self
144
+ end
145
+
135
146
  private
136
147
 
137
148
  # rubocop:disable Naming/AccessorMethodName
@@ -201,6 +212,16 @@ module Authie
201
212
  self
202
213
  end
203
214
 
215
+ def extend_session_expiry_if_appropriate
216
+ return if @session.expires_at.nil?
217
+ return unless Authie.config.extend_session_expiry_on_touch
218
+
219
+ # If enabled, sessions with an expiry time will automatiaclly be incremented
220
+ # whenever a page is touched. The cookie will also be updated as appropriate.
221
+ @session.expires_at = Authie.config.persistent_session_length.from_now
222
+ set_cookie
223
+ end
224
+
204
225
  class << self
205
226
  # Create a new session within the given controller for the
206
227
  #
@@ -284,6 +305,7 @@ module Authie
284
305
  delegate :two_factored_at, to: :session
285
306
  delegate :two_factored_ip, to: :session
286
307
  delegate :two_factored?, to: :session
308
+ delegate :skip_two_factor?, to: :session
287
309
  delegate :update, to: :session
288
310
  delegate :update!, to: :session
289
311
  delegate :user_agent, to: :session
data/lib/authie/session_model.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'active_record/base'
4
- require 'secure_random_string'
4
+ require 'securerandom'
5
5
  require 'authie/config'
6
6
 
7
7
  module Authie
@@ -19,15 +19,8 @@ module Authie
19
19
  # Attributes
20
20
  serialize :data, Hash
21
21
 
22
- before_validation do
23
- self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
24
- self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
25
- end
26
-
27
- before_create do
28
- self.temporary_token = SecureRandomString.new(44)
29
- self.token_hash = self.class.hash_token(temporary_token)
30
- end
22
+ before_validation :shorten_strings
23
+ before_create :set_new_token
31
24
 
32
25
  # Return the user that
33
26
  def user
@@ -109,6 +102,27 @@ module Authie
109
102
  self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
110
103
  end
111
104
 
105
+ # Reset a new token for the session and return the new token
106
+ #
107
+ # @return [String]
108
+ def reset_token
109
+ set_new_token
110
+ save!
111
+ temporary_token
112
+ end
113
+
114
+ private
115
+
116
+ def shorten_strings
117
+ self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
118
+ self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
119
+ end
120
+
121
+ def set_new_token
122
+ self.temporary_token = SecureRandom.alphanumeric(Authie.config.session_token_length)
123
+ self.token_hash = self.class.hash_token(temporary_token)
124
+ end
125
+
112
126
  class << self
113
127
  # Find a session from the database for the given controller instance.
114
128
  # Returns a session object or :none if no session is found.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authie
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0.rc6
4
+ version: 4.0.0.rc9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Cooke
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-02 00:00:00.000000000 Z
11
+ date: 2022-05-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord
@@ -30,20 +30,6 @@ dependencies:
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: '8.0'
33
- - !ruby/object:Gem::Dependency
34
- name: secure_random_string
35
- requirement: !ruby/object:Gem::Requirement
36
- requirements:
37
- - - ">="
38
- - !ruby/object:Gem::Version
39
- version: '0'
40
- type: :runtime
41
- prerelease: false
42
- version_requirements: !ruby/object:Gem::Requirement
43
- requirements:
44
- - - ">="
45
- - !ruby/object:Gem::Version
46
- version: '0'
47
33
  - !ruby/object:Gem::Dependency
48
34
  name: appraisal
49
35
  requirement: !ruby/object:Gem::Requirement
@@ -246,6 +232,7 @@ files:
246
232
  - db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb
247
233
  - db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb
248
234
  - db/migrate/20180215152200_add_host_to_authie_sessions.rb
235
+ - db/migrate/20220502180100_add_two_factor_required_to_sessions.rb
249
236
  - lib/authie.rb
250
237
  - lib/authie/config.rb
251
238
  - lib/authie/controller_delegate.rb