RubyGems - authie - Versions diffs - 4.0.0.rc9 → 4.0.0 - Mend

authie 4.0.0.rc9 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/db/migrate/20141012174250_create_authie_sessions.rb +2 -2
data/db/migrate/20141013115205_add_indexes_to_authie_sessions.rb +1 -1
data/db/migrate/20150109144120_add_parent_id_to_authie_sessions.rb +2 -2
data/db/migrate/20150305135400_add_two_factor_auth_fields_to_authie.rb +1 -1
data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb +1 -1
data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb +1 -1
data/db/migrate/20180215152200_add_host_to_authie_sessions.rb +1 -1
data/db/migrate/20220502180100_add_two_factor_required_to_sessions.rb +1 -1
data/lib/authie/config.rb +4 -4
data/lib/authie/controller_delegate.rb +13 -14
data/lib/authie/controller_extension.rb +2 -1
data/lib/authie/session.rb +25 -18
data/lib/authie/session_model.rb +11 -9
metadata +5 -194
data/lib/authie/event_manager.rb +0 -32

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f06ec249cc2efa9d4924d524769752cc9702cf017a1d0020d010e8d4a9eae9f8
-  data.tar.gz: f056af849c503c3870f69a707a4409428d6b200cff4df73237cd21e3ca5ce2ed
+  metadata.gz: 3fc31edba5c9cfea934c40b4ac410c942f5d0fcb75a236a9a0f8bd671556058a
+  data.tar.gz: 6ebbf8156b7092e358c4ed08f2d403a002c4f8930cc7e5b5bfc375cd5bc6e718
 SHA512:
-  metadata.gz: 55baf7050e12a28da721b94764740a9267b1ea6b16cb7fe515cf306bfa695463055fae8b2aa16badf47b541f470cb6357b40611d5965d8d51c03a18f7cf985db
-  data.tar.gz: 4853c8cafca07ec918c2d5f1e3ccfa01988432021ded6350470be15f369561aa534bc1a845521107f8e5d2a5a602d37e160a556d936b09e9b4f8573b9fa70ccb
+  metadata.gz: 21b86b8a69c1878736de93952f5b4e88bcb1080470f3b3df9f1e12087a29996f71dc39177020747b2e31fff6a39da88ff560e168b35ce61e602e77eb68c7e45b
+  data.tar.gz: 4cf16e7b8af0f80d68cae494c59f7f0c3722c92475c80b47ad2ea4f7b719099ad8e053deb708ee90fe1996db4065869f1f98c92121987cbf68bcae159001465e

data/db/migrate/20141012174250_create_authie_sessions.rb CHANGED Viewed

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
-class CreateAuthieSessions < ActiveRecord::Migration[4.2]
+class CreateAuthieSessions < ActiveRecord::Migration[6.1]
   def change
     create_table :authie_sessions do |t|
       t.string :token, :browser_id
-      t.integer :user_id
+      t.bigint :user_id
       t.boolean :active, default: true
       t.text :data
       t.datetime :expires_at

data/db/migrate/20141013115205_add_indexes_to_authie_sessions.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class AddIndexesToAuthieSessions < ActiveRecord::Migration[4.2]
+class AddIndexesToAuthieSessions < ActiveRecord::Migration[6.1]
   def change
     add_column :authie_sessions, :user_type, :string
     add_index :authie_sessions, :token, length: 10

data/db/migrate/20150109144120_add_parent_id_to_authie_sessions.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
-class AddParentIdToAuthieSessions < ActiveRecord::Migration[4.2]
+class AddParentIdToAuthieSessions < ActiveRecord::Migration[6.1]
   def change
-    add_column :authie_sessions, :parent_id, :integer
+    add_column :authie_sessions, :parent_id, :bigint
   end
 end

data/db/migrate/20150305135400_add_two_factor_auth_fields_to_authie.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class AddTwoFactorAuthFieldsToAuthie < ActiveRecord::Migration[4.2]
+class AddTwoFactorAuthFieldsToAuthie < ActiveRecord::Migration[6.1]
   def change
     add_column :authie_sessions, :two_factored_at, :datetime
     add_column :authie_sessions, :two_factored_ip, :string

data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class AddTokenHashesToAuthieSessions < ActiveRecord::Migration[4.2]
+class AddTokenHashesToAuthieSessions < ActiveRecord::Migration[6.1]
   def change
     add_column :authie_sessions, :token_hash, :string
   end

data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class AddIndexToTokenHashesOnAuthieSessions < ActiveRecord::Migration[4.2]
+class AddIndexToTokenHashesOnAuthieSessions < ActiveRecord::Migration[6.1]
   def change
     add_index :authie_sessions, :token_hash, length: 10
   end

data/db/migrate/20180215152200_add_host_to_authie_sessions.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class AddHostToAuthieSessions < ActiveRecord::Migration[4.2]
+class AddHostToAuthieSessions < ActiveRecord::Migration[6.1]
   def change
     add_column :authie_sessions, :host, :string
   end

data/db/migrate/20220502180100_add_two_factor_required_to_sessions.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-class AddTwoFactorRequiredToSessions < ActiveRecord::Migration[4.2]
+class AddTwoFactorRequiredToSessions < ActiveRecord::Migration[6.1]
   def change
     add_column :authie_sessions, :skip_two_factor, :boolean, default: false
   end

data/lib/authie/config.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
-require 'authie/event_manager'
 module Authie
   class Config
     attr_accessor :session_inactivity_timeout
@@ -10,7 +8,6 @@ module Authie
     attr_accessor :browser_id_cookie_name
     attr_accessor :session_token_length
     attr_accessor :extend_session_expiry_on_touch
-    attr_accessor :events
     def initialize
       @session_inactivity_timeout = 12.hours
@@ -19,7 +16,6 @@ module Authie
       @browser_id_cookie_name = :browser_id
       @session_token_length = 64
       @extend_session_expiry_on_touch = false
-      @events = EventManager.new
     end
   end
@@ -32,5 +28,9 @@ module Authie
       block.call(config)
       config
     end
+    def notify(event, args = {}, &block)
+      ActiveSupport::Notifications.instrument("#{event}.authie", args, &block)
+    end
   end
 end

data/lib/authie/controller_delegate.rb CHANGED Viewed

@@ -34,7 +34,9 @@ module Authie
           httponly: true,
           secure: @controller.request.ssl?
         }
-        Authie.config.events.dispatch(:set_browser_id, proposed_browser_id)
+        Authie.notify(:set_browser_id,
+                      browser_id: proposed_browser_id,
+                      controller: @controller)
       end
       proposed_browser_id
     end
@@ -44,9 +46,9 @@ module Authie
     #
     # @return [Authie::Session, false]
     def validate_auth_session
-      return auth_session.validate if logged_in?
+      return false unless logged_in?
-      false
+      auth_session.validate
     end
     # Touch the session to update details on the latest activity.
@@ -72,13 +74,12 @@ module Authie
     #
     # @return [Authie::Session, nil]
     def create_auth_session(user, **kwargs)
-      if user
-        @auth_session = Authie::Session.start(@controller, user: user, **kwargs)
-        return @auth_session
+      if user.nil?
+        invalidate_auth_session
+        return nil
       end
-      invalidate_auth_session
-      nil
+      @auth_session = Authie::Session.start(@controller, user: user, **kwargs)
     end
     # Invalidate the existing auth session if one exists. Return true if a sesion has been invalidated
@@ -86,13 +87,11 @@ module Authie
     #
     # @return [Boolean]
     def invalidate_auth_session
-      if logged_in?
-        auth_session.invalidate
-        @auth_session = nil
-        return true
-      end
+      return false unless logged_in?
-      false
+      auth_session.invalidate
+      @auth_session = nil
+      true
     end
     # Is anyone currently logged in? Return true if there is an auth session present.

data/lib/authie/controller_extension.rb CHANGED Viewed

@@ -6,7 +6,8 @@ module Authie
   module ControllerExtension
     class << self
       def included(base)
-        base.helper_method :logged_in?, :current_user, :auth_session
+        base.helper_method :logged_in?, :current_user, :auth_session if base.respond_to?(:helper_method)
         base.before_action :set_browser_id, :validate_auth_session
         base.around_action :touch_auth_session

data/lib/authie/session.rb CHANGED Viewed

@@ -13,7 +13,14 @@ module Authie
     attr_reader :session
     # A parent class that encapsulates all session validity errors.
-    class ValidityError < Error; end
+    class ValidityError < Error
+      attr_reader :session
+      def initialize(message, session = nil)
+        super(message)
+        @session = session
+      end
+    end
     # Raised when a session is used but it is no longer active
     class InactiveSession < ValidityError; end
@@ -94,7 +101,7 @@ module Authie
       @session.requests += 1
       extend_session_expiry_if_appropriate
       @session.save!
-      Authie.config.events.dispatch(:session_touched, self)
+      Authie.notify(:touch, session: self)
       self
     end
@@ -105,7 +112,7 @@ module Authie
     def see_password
       @session.password_seen_at = Time.now
       @session.save!
-      Authie.config.events.dispatch(:seen_password, self)
+      Authie.notify(:see_password, session: self)
       self
     end
@@ -119,7 +126,7 @@ module Authie
       @session.two_factored_ip = @controller.request.ip
       @session.skip_two_factor = skip unless skip.nil?
       @session.save!
-      Authie.config.events.dispatch(:marked_as_two_factor, self)
+      Authie.notify(:mark_as_two_factor, session: self)
       self
     end
@@ -130,7 +137,7 @@ module Authie
     # @return [Authie::Session]
     def start
       set_cookie
-      Authie.config.events.dispatch(:start_session, session)
+      Authie.notify(:session_start, session: self)
       self
     end
@@ -145,7 +152,6 @@ module Authie
     private
-    # rubocop:disable Naming/AccessorMethodName
     def set_cookie(value = @session.temporary_token)
       cookies[:user_session] = {
         value: value,
@@ -153,10 +159,9 @@ module Authie
         httponly: true,
         expires: @session.expires_at
       }
-      Authie.config.events.dispatch(:session_cookie_updated, self)
+      Authie.notify(:cookie_updated, session: session)
       true
     end
-    # rubocop:enable Naming/AccessorMethodName
     def cookies
       @controller.send(:cookies)
@@ -164,9 +169,9 @@ module Authie
     def validate_browser_id
       if cookies[:browser_id] != @session.browser_id
+        Authie.notify(:browser_id_mismatch_error, session: self)
         invalidate
-        Authie.config.events.dispatch(:browser_id_mismatch_error, self)
-        raise BrowserMismatch, 'Browser ID mismatch'
+        raise BrowserMismatch.new('Browser ID mismatch', self)
       end
       self
@@ -175,8 +180,8 @@ module Authie
     def validate_active
       unless @session.active?
         invalidate
-        Authie.config.events.dispatch(:invalid_session_error, self)
-        raise InactiveSession, 'Session is no longer active'
+        Authie.notify(:invalid_session_error, session: self)
+        raise InactiveSession.new('Session is no longer active', self)
       end
       self
@@ -185,8 +190,8 @@ module Authie
     def validate_expiry
       if @session.expired?
         invalidate
-        Authie.config.events.dispatch(:expired_session_error, self)
-        raise ExpiredSession, 'Persistent session has expired'
+        Authie.notify(:expired_session_error, session: self)
+        raise ExpiredSession.new('Persistent session has expired', self)
       end
       self
@@ -195,8 +200,8 @@ module Authie
     def validate_inactivity
       if @session.inactive?
         invalidate
-        Authie.config.events.dispatch(:inactive_session_error, self)
-        raise InactiveSession, 'Non-persistent session has expired'
+        Authie.notify(:inactive_session_error, session: self)
+        raise InactiveSession.new('Non-persistent session has expired', self)
       end
       self
@@ -205,8 +210,9 @@ module Authie
     def validate_host
       if @session.host && @session.host != @controller.request.host
         invalidate
-        Authie.config.events.dispatch(:host_mismatch_error, self)
-        raise HostMismatch, "Session was created on #{@session.host} but accessed using #{@controller.request.host}"
+        Authie.notify(:host_mismatch_error, session: self)
+        raise HostMismatch.new("Session was created on #{@session.host} but accessed using #{@controller.request.host}",
+                               self)
       end
       self
@@ -264,6 +270,7 @@ module Authie
       end
       delegate :hash_token, to: SessionModel
+      delegate :cleanup, to: SessionModel
     end
     # Backwards compatibility with Authie < 4.0. These methods were all available on sessions

data/lib/authie/session_model.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'active_record/base'
+require 'active_record'
 require 'securerandom'
 require 'authie/config'
@@ -63,8 +63,10 @@ module Authie
     end
     def invalidate!
+      active_now = active?
       self.active = false
       save!
+      Authie.notify(:session_invalidate, session: self) if active_now
       true
     end
@@ -79,7 +81,7 @@ module Authie
     end
     def invalidate_others!
-      self.class.where('id != ?', id).for_user(user).each(&:invalidate!).inspect
+      self.class.where('id != ?', id).active.for_user(user).each(&:invalidate!)
     end
     # Have we seen the user's password recently in this sesion?
@@ -136,13 +138,13 @@ module Authie
       # Cleanup any old sessions.
       def cleanup
-        Authie.config.events.dispatch(:before_cleanup)
-        # Invalidate transient sessions that haven't been used
-        active.where('expires_at IS NULL AND last_activity_at < ?',
-                     Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
-        # Invalidate persistent sessions that have expired
-        active.where('expires_at IS NOT NULL AND expires_at < ?', Time.now).each(&:invalidate!)
-        Authie.config.events.dispatch(:after_cleanup)
+        Authie.notify(:cleanup) do
+          # Invalidate transient sessions that haven't been used
+          active.where('expires_at IS NULL AND last_activity_at < ?',
+                       Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
+          # Invalidate persistent sessions that have expired
+          active.where('expires_at IS NOT NULL AND expires_at < ?', Time.now).each(&:invalidate!)
+        end
         true
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authie
 version: !ruby/object:Gem::Version
-  version: 4.0.0.rc9
+  version: 4.0.0
 platform: ruby
 authors:
 - Adam Cooke
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-03 00:00:00.000000000 Z
+date: 2023-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -30,194 +30,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.0'
-- !ruby/object:Gem::Dependency
-  name: appraisal
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.4.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.4.1
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '8.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '8.0'
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec-core
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec-expectations
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec-mocks
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.17.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.17.0
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov-console
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: solargraph
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.4.2
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.4.2
-- !ruby/object:Gem::Dependency
-  name: timecop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: A Rails library for storing user sessions in a backend database
 email:
 - me@adamcooke.io
@@ -239,7 +51,6 @@ files:
 - lib/authie/controller_extension.rb
 - lib/authie/engine.rb
 - lib/authie/error.rb
-- lib/authie/event_manager.rb
 - lib/authie/rack_controller.rb
 - lib/authie/session.rb
 - lib/authie/session_model.rb
@@ -260,11 +71,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: A Rails library for storing user sessions in a backend database

data/lib/authie/event_manager.rb DELETED Viewed

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-module Authie
-  class EventManager
-    attr_reader :callbacks
-    def initialize
-      @callbacks = {}
-    end
-    def dispatch(event, *args)
-      callbacks = @callbacks[event.to_sym]
-      return if callbacks.nil?
-      callbacks.each do |cb|
-        cb.call(*args)
-      end
-    end
-    def on(event, &block)
-      @callbacks[event.to_sym] ||= []
-      @callbacks[event.to_sym] << block
-    end
-    def remove(event, block)
-      cb = @callbacks[event.to_sym]
-      return if cb.nil?
-      cb.delete(block)
-    end
-  end
-end