authie 4.0.0.rc7 → 4.0.0.rc10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/db/migrate/20220502180100_add_two_factor_required_to_sessions.rb +7 -0
- data/lib/authie/config.rb +4 -4
- data/lib/authie/controller_delegate.rb +3 -1
- data/lib/authie/session.rb +14 -11
- data/lib/authie/session_model.rb +8 -8
- metadata +3 -3
- data/lib/authie/event_manager.rb +0 -32
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c2ba869656ec43ca7b92803584ad2361ad2a7c443b2b69bc7f7bac2c0e991218
|
|
4
|
+
data.tar.gz: 67340e7ab60e5fafb35a17a8760611d5f1c25a3ae67abf75363f7210ec3cb181
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b6f3604a227d448f0d2724eb6566f83c4b665121fd3d9075691bdccd4e72370a230b4916ae1a8fd8b68fff893e81b5bd39170be2c5ebe244817fa33c5365daf7
|
|
7
|
+
data.tar.gz: fcde4d28afbc7bab2727150c69be0baa527a89e65bb1047159499247771b2284bec104f54bbd7adf7db52f18dacac58ab0817085d8b42ff8f07e226b201bffe6
|
data/lib/authie/config.rb
CHANGED
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'authie/event_manager'
|
|
4
|
-
|
|
5
3
|
module Authie
|
|
6
4
|
class Config
|
|
7
5
|
attr_accessor :session_inactivity_timeout
|
|
@@ -10,7 +8,6 @@ module Authie
|
|
|
10
8
|
attr_accessor :browser_id_cookie_name
|
|
11
9
|
attr_accessor :session_token_length
|
|
12
10
|
attr_accessor :extend_session_expiry_on_touch
|
|
13
|
-
attr_accessor :events
|
|
14
11
|
|
|
15
12
|
def initialize
|
|
16
13
|
@session_inactivity_timeout = 12.hours
|
|
@@ -19,7 +16,6 @@ module Authie
|
|
|
19
16
|
@browser_id_cookie_name = :browser_id
|
|
20
17
|
@session_token_length = 64
|
|
21
18
|
@extend_session_expiry_on_touch = false
|
|
22
|
-
@events = EventManager.new
|
|
23
19
|
end
|
|
24
20
|
end
|
|
25
21
|
|
|
@@ -32,5 +28,9 @@ module Authie
|
|
|
32
28
|
block.call(config)
|
|
33
29
|
config
|
|
34
30
|
end
|
|
31
|
+
|
|
32
|
+
def notify(event, args = {}, &block)
|
|
33
|
+
ActiveSupport::Notifications.instrument("#{event}.authie", args, &block)
|
|
34
|
+
end
|
|
35
35
|
end
|
|
36
36
|
end
|
|
@@ -34,7 +34,9 @@ module Authie
|
|
|
34
34
|
httponly: true,
|
|
35
35
|
secure: @controller.request.ssl?
|
|
36
36
|
}
|
|
37
|
-
Authie.
|
|
37
|
+
Authie.notify(:set_browser_id,
|
|
38
|
+
browser_id: proposed_browser_id,
|
|
39
|
+
controller: @controller)
|
|
38
40
|
end
|
|
39
41
|
proposed_browser_id
|
|
40
42
|
end
|
data/lib/authie/session.rb
CHANGED
|
@@ -94,7 +94,7 @@ module Authie
|
|
|
94
94
|
@session.requests += 1
|
|
95
95
|
extend_session_expiry_if_appropriate
|
|
96
96
|
@session.save!
|
|
97
|
-
Authie.
|
|
97
|
+
Authie.notify(:touch, session: self)
|
|
98
98
|
self
|
|
99
99
|
end
|
|
100
100
|
|
|
@@ -105,7 +105,7 @@ module Authie
|
|
|
105
105
|
def see_password
|
|
106
106
|
@session.password_seen_at = Time.now
|
|
107
107
|
@session.save!
|
|
108
|
-
Authie.
|
|
108
|
+
Authie.notify(:see_password, session: self)
|
|
109
109
|
self
|
|
110
110
|
end
|
|
111
111
|
|
|
@@ -114,11 +114,12 @@ module Authie
|
|
|
114
114
|
#
|
|
115
115
|
# @raises [ActiveRecord::RecordInvalid]
|
|
116
116
|
# @return [Authie::Session]
|
|
117
|
-
def mark_as_two_factored
|
|
117
|
+
def mark_as_two_factored(skip: nil)
|
|
118
118
|
@session.two_factored_at = Time.now
|
|
119
119
|
@session.two_factored_ip = @controller.request.ip
|
|
120
|
+
@session.skip_two_factor = skip unless skip.nil?
|
|
120
121
|
@session.save!
|
|
121
|
-
Authie.
|
|
122
|
+
Authie.notify(:mark_as_two_factor, session: self)
|
|
122
123
|
self
|
|
123
124
|
end
|
|
124
125
|
|
|
@@ -129,7 +130,7 @@ module Authie
|
|
|
129
130
|
# @return [Authie::Session]
|
|
130
131
|
def start
|
|
131
132
|
set_cookie
|
|
132
|
-
Authie.
|
|
133
|
+
Authie.notify(:session_start, session: self)
|
|
133
134
|
self
|
|
134
135
|
end
|
|
135
136
|
|
|
@@ -152,7 +153,7 @@ module Authie
|
|
|
152
153
|
httponly: true,
|
|
153
154
|
expires: @session.expires_at
|
|
154
155
|
}
|
|
155
|
-
Authie.
|
|
156
|
+
Authie.notify(:cookie_updated, session: session)
|
|
156
157
|
true
|
|
157
158
|
end
|
|
158
159
|
# rubocop:enable Naming/AccessorMethodName
|
|
@@ -164,7 +165,7 @@ module Authie
|
|
|
164
165
|
def validate_browser_id
|
|
165
166
|
if cookies[:browser_id] != @session.browser_id
|
|
166
167
|
invalidate
|
|
167
|
-
Authie.
|
|
168
|
+
Authie.notify(:browser_id_mismatch_error, session: self)
|
|
168
169
|
raise BrowserMismatch, 'Browser ID mismatch'
|
|
169
170
|
end
|
|
170
171
|
|
|
@@ -174,7 +175,7 @@ module Authie
|
|
|
174
175
|
def validate_active
|
|
175
176
|
unless @session.active?
|
|
176
177
|
invalidate
|
|
177
|
-
Authie.
|
|
178
|
+
Authie.notify(:invalid_session_error, session: self)
|
|
178
179
|
raise InactiveSession, 'Session is no longer active'
|
|
179
180
|
end
|
|
180
181
|
|
|
@@ -184,7 +185,7 @@ module Authie
|
|
|
184
185
|
def validate_expiry
|
|
185
186
|
if @session.expired?
|
|
186
187
|
invalidate
|
|
187
|
-
Authie.
|
|
188
|
+
Authie.notify(:expired_session_error, session: self)
|
|
188
189
|
raise ExpiredSession, 'Persistent session has expired'
|
|
189
190
|
end
|
|
190
191
|
|
|
@@ -194,7 +195,7 @@ module Authie
|
|
|
194
195
|
def validate_inactivity
|
|
195
196
|
if @session.inactive?
|
|
196
197
|
invalidate
|
|
197
|
-
Authie.
|
|
198
|
+
Authie.notify(:inactive_session_error, session: self)
|
|
198
199
|
raise InactiveSession, 'Non-persistent session has expired'
|
|
199
200
|
end
|
|
200
201
|
|
|
@@ -204,7 +205,7 @@ module Authie
|
|
|
204
205
|
def validate_host
|
|
205
206
|
if @session.host && @session.host != @controller.request.host
|
|
206
207
|
invalidate
|
|
207
|
-
Authie.
|
|
208
|
+
Authie.notify(:host_mismatch_error, session: self)
|
|
208
209
|
raise HostMismatch, "Session was created on #{@session.host} but accessed using #{@controller.request.host}"
|
|
209
210
|
end
|
|
210
211
|
|
|
@@ -263,6 +264,7 @@ module Authie
|
|
|
263
264
|
end
|
|
264
265
|
|
|
265
266
|
delegate :hash_token, to: SessionModel
|
|
267
|
+
delegate :cleanup, to: SessionModel
|
|
266
268
|
end
|
|
267
269
|
|
|
268
270
|
# Backwards compatibility with Authie < 4.0. These methods were all available on sessions
|
|
@@ -304,6 +306,7 @@ module Authie
|
|
|
304
306
|
delegate :two_factored_at, to: :session
|
|
305
307
|
delegate :two_factored_ip, to: :session
|
|
306
308
|
delegate :two_factored?, to: :session
|
|
309
|
+
delegate :skip_two_factor?, to: :session
|
|
307
310
|
delegate :update, to: :session
|
|
308
311
|
delegate :update!, to: :session
|
|
309
312
|
delegate :user_agent, to: :session
|
data/lib/authie/session_model.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'active_record
|
|
3
|
+
require 'active_record'
|
|
4
4
|
require 'securerandom'
|
|
5
5
|
require 'authie/config'
|
|
6
6
|
|
|
@@ -136,13 +136,13 @@ module Authie
|
|
|
136
136
|
|
|
137
137
|
# Cleanup any old sessions.
|
|
138
138
|
def cleanup
|
|
139
|
-
Authie.
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
139
|
+
Authie.notify(:cleanup) do
|
|
140
|
+
# Invalidate transient sessions that haven't been used
|
|
141
|
+
active.where('expires_at IS NULL AND last_activity_at < ?',
|
|
142
|
+
Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
|
|
143
|
+
# Invalidate persistent sessions that have expired
|
|
144
|
+
active.where('expires_at IS NOT NULL AND expires_at < ?', Time.now).each(&:invalidate!)
|
|
145
|
+
end
|
|
146
146
|
true
|
|
147
147
|
end
|
|
148
148
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authie
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.0.
|
|
4
|
+
version: 4.0.0.rc10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Cooke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -232,13 +232,13 @@ files:
|
|
|
232
232
|
- db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb
|
|
233
233
|
- db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb
|
|
234
234
|
- db/migrate/20180215152200_add_host_to_authie_sessions.rb
|
|
235
|
+
- db/migrate/20220502180100_add_two_factor_required_to_sessions.rb
|
|
235
236
|
- lib/authie.rb
|
|
236
237
|
- lib/authie/config.rb
|
|
237
238
|
- lib/authie/controller_delegate.rb
|
|
238
239
|
- lib/authie/controller_extension.rb
|
|
239
240
|
- lib/authie/engine.rb
|
|
240
241
|
- lib/authie/error.rb
|
|
241
|
-
- lib/authie/event_manager.rb
|
|
242
242
|
- lib/authie/rack_controller.rb
|
|
243
243
|
- lib/authie/session.rb
|
|
244
244
|
- lib/authie/session_model.rb
|
data/lib/authie/event_manager.rb
DELETED
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Authie
|
|
4
|
-
class EventManager
|
|
5
|
-
attr_reader :callbacks
|
|
6
|
-
|
|
7
|
-
def initialize
|
|
8
|
-
@callbacks = {}
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def dispatch(event, *args)
|
|
12
|
-
callbacks = @callbacks[event.to_sym]
|
|
13
|
-
return if callbacks.nil?
|
|
14
|
-
|
|
15
|
-
callbacks.each do |cb|
|
|
16
|
-
cb.call(*args)
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def on(event, &block)
|
|
21
|
-
@callbacks[event.to_sym] ||= []
|
|
22
|
-
@callbacks[event.to_sym] << block
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def remove(event, block)
|
|
26
|
-
cb = @callbacks[event.to_sym]
|
|
27
|
-
return if cb.nil?
|
|
28
|
-
|
|
29
|
-
cb.delete(block)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
32
|
-
end
|