authie 4.0.0.rc6 → 4.0.0.rc9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/db/migrate/20220502180100_add_two_factor_required_to_sessions.rb +7 -0
- data/lib/authie/config.rb +4 -0
- data/lib/authie/session.rb +23 -1
- data/lib/authie/session_model.rb +24 -10
- metadata +3 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f06ec249cc2efa9d4924d524769752cc9702cf017a1d0020d010e8d4a9eae9f8
|
|
4
|
+
data.tar.gz: f056af849c503c3870f69a707a4409428d6b200cff4df73237cd21e3ca5ce2ed
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 55baf7050e12a28da721b94764740a9267b1ea6b16cb7fe515cf306bfa695463055fae8b2aa16badf47b541f470cb6357b40611d5965d8d51c03a18f7cf985db
|
|
7
|
+
data.tar.gz: 4853c8cafca07ec918c2d5f1e3ccfa01988432021ded6350470be15f369561aa534bc1a845521107f8e5d2a5a602d37e160a556d936b09e9b4f8573b9fa70ccb
|
data/lib/authie/config.rb
CHANGED
|
@@ -8,6 +8,8 @@ module Authie
|
|
|
8
8
|
attr_accessor :persistent_session_length
|
|
9
9
|
attr_accessor :sudo_session_timeout
|
|
10
10
|
attr_accessor :browser_id_cookie_name
|
|
11
|
+
attr_accessor :session_token_length
|
|
12
|
+
attr_accessor :extend_session_expiry_on_touch
|
|
11
13
|
attr_accessor :events
|
|
12
14
|
|
|
13
15
|
def initialize
|
|
@@ -15,6 +17,8 @@ module Authie
|
|
|
15
17
|
@persistent_session_length = 2.months
|
|
16
18
|
@sudo_session_timeout = 10.minutes
|
|
17
19
|
@browser_id_cookie_name = :browser_id
|
|
20
|
+
@session_token_length = 64
|
|
21
|
+
@extend_session_expiry_on_touch = false
|
|
18
22
|
@events = EventManager.new
|
|
19
23
|
end
|
|
20
24
|
end
|
data/lib/authie/session.rb
CHANGED
|
@@ -92,6 +92,7 @@ module Authie
|
|
|
92
92
|
@session.last_activity_ip = @controller.request.ip
|
|
93
93
|
@session.last_activity_path = @controller.request.path
|
|
94
94
|
@session.requests += 1
|
|
95
|
+
extend_session_expiry_if_appropriate
|
|
95
96
|
@session.save!
|
|
96
97
|
Authie.config.events.dispatch(:session_touched, self)
|
|
97
98
|
self
|
|
@@ -113,9 +114,10 @@ module Authie
|
|
|
113
114
|
#
|
|
114
115
|
# @raises [ActiveRecord::RecordInvalid]
|
|
115
116
|
# @return [Authie::Session]
|
|
116
|
-
def mark_as_two_factored
|
|
117
|
+
def mark_as_two_factored(skip: nil)
|
|
117
118
|
@session.two_factored_at = Time.now
|
|
118
119
|
@session.two_factored_ip = @controller.request.ip
|
|
120
|
+
@session.skip_two_factor = skip unless skip.nil?
|
|
119
121
|
@session.save!
|
|
120
122
|
Authie.config.events.dispatch(:marked_as_two_factor, self)
|
|
121
123
|
self
|
|
@@ -132,6 +134,15 @@ module Authie
|
|
|
132
134
|
self
|
|
133
135
|
end
|
|
134
136
|
|
|
137
|
+
# Resets the token for the currently active session to a new string
|
|
138
|
+
#
|
|
139
|
+
# @return [Authie::Session]
|
|
140
|
+
def reset_token
|
|
141
|
+
@session.reset_token
|
|
142
|
+
set_cookie
|
|
143
|
+
self
|
|
144
|
+
end
|
|
145
|
+
|
|
135
146
|
private
|
|
136
147
|
|
|
137
148
|
# rubocop:disable Naming/AccessorMethodName
|
|
@@ -201,6 +212,16 @@ module Authie
|
|
|
201
212
|
self
|
|
202
213
|
end
|
|
203
214
|
|
|
215
|
+
def extend_session_expiry_if_appropriate
|
|
216
|
+
return if @session.expires_at.nil?
|
|
217
|
+
return unless Authie.config.extend_session_expiry_on_touch
|
|
218
|
+
|
|
219
|
+
# If enabled, sessions with an expiry time will automatiaclly be incremented
|
|
220
|
+
# whenever a page is touched. The cookie will also be updated as appropriate.
|
|
221
|
+
@session.expires_at = Authie.config.persistent_session_length.from_now
|
|
222
|
+
set_cookie
|
|
223
|
+
end
|
|
224
|
+
|
|
204
225
|
class << self
|
|
205
226
|
# Create a new session within the given controller for the
|
|
206
227
|
#
|
|
@@ -284,6 +305,7 @@ module Authie
|
|
|
284
305
|
delegate :two_factored_at, to: :session
|
|
285
306
|
delegate :two_factored_ip, to: :session
|
|
286
307
|
delegate :two_factored?, to: :session
|
|
308
|
+
delegate :skip_two_factor?, to: :session
|
|
287
309
|
delegate :update, to: :session
|
|
288
310
|
delegate :update!, to: :session
|
|
289
311
|
delegate :user_agent, to: :session
|
data/lib/authie/session_model.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'active_record/base'
|
|
4
|
-
require '
|
|
4
|
+
require 'securerandom'
|
|
5
5
|
require 'authie/config'
|
|
6
6
|
|
|
7
7
|
module Authie
|
|
@@ -19,15 +19,8 @@ module Authie
|
|
|
19
19
|
# Attributes
|
|
20
20
|
serialize :data, Hash
|
|
21
21
|
|
|
22
|
-
before_validation
|
|
23
|
-
|
|
24
|
-
self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
before_create do
|
|
28
|
-
self.temporary_token = SecureRandomString.new(44)
|
|
29
|
-
self.token_hash = self.class.hash_token(temporary_token)
|
|
30
|
-
end
|
|
22
|
+
before_validation :shorten_strings
|
|
23
|
+
before_create :set_new_token
|
|
31
24
|
|
|
32
25
|
# Return the user that
|
|
33
26
|
def user
|
|
@@ -109,6 +102,27 @@ module Authie
|
|
|
109
102
|
self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
|
|
110
103
|
end
|
|
111
104
|
|
|
105
|
+
# Reset a new token for the session and return the new token
|
|
106
|
+
#
|
|
107
|
+
# @return [String]
|
|
108
|
+
def reset_token
|
|
109
|
+
set_new_token
|
|
110
|
+
save!
|
|
111
|
+
temporary_token
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
private
|
|
115
|
+
|
|
116
|
+
def shorten_strings
|
|
117
|
+
self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
|
|
118
|
+
self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
def set_new_token
|
|
122
|
+
self.temporary_token = SecureRandom.alphanumeric(Authie.config.session_token_length)
|
|
123
|
+
self.token_hash = self.class.hash_token(temporary_token)
|
|
124
|
+
end
|
|
125
|
+
|
|
112
126
|
class << self
|
|
113
127
|
# Find a session from the database for the given controller instance.
|
|
114
128
|
# Returns a session object or :none if no session is found.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authie
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.0.
|
|
4
|
+
version: 4.0.0.rc9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Cooke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -30,20 +30,6 @@ dependencies:
|
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: '8.0'
|
|
33
|
-
- !ruby/object:Gem::Dependency
|
|
34
|
-
name: secure_random_string
|
|
35
|
-
requirement: !ruby/object:Gem::Requirement
|
|
36
|
-
requirements:
|
|
37
|
-
- - ">="
|
|
38
|
-
- !ruby/object:Gem::Version
|
|
39
|
-
version: '0'
|
|
40
|
-
type: :runtime
|
|
41
|
-
prerelease: false
|
|
42
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
43
|
-
requirements:
|
|
44
|
-
- - ">="
|
|
45
|
-
- !ruby/object:Gem::Version
|
|
46
|
-
version: '0'
|
|
47
33
|
- !ruby/object:Gem::Dependency
|
|
48
34
|
name: appraisal
|
|
49
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -246,6 +232,7 @@ files:
|
|
|
246
232
|
- db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb
|
|
247
233
|
- db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb
|
|
248
234
|
- db/migrate/20180215152200_add_host_to_authie_sessions.rb
|
|
235
|
+
- db/migrate/20220502180100_add_two_factor_required_to_sessions.rb
|
|
249
236
|
- lib/authie.rb
|
|
250
237
|
- lib/authie/config.rb
|
|
251
238
|
- lib/authie/controller_delegate.rb
|