authie 2.0.1 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb +5 -0
  3. data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb +5 -0
  4. data/lib/authie/session.rb +34 -8
  5. data/lib/authie/version.rb +1 -1
  6. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: db86dfa1839811d7896e1906d7e42a3b7ebcffc1
4
- data.tar.gz: 7482919291dc9fffe55f5a9c7307a64fa882abac
3
+ metadata.gz: 9d1aceff4f3015b34c0f529d573ba5b38342a995
4
+ data.tar.gz: 4fcfced43fd5b139af44c8b2cdf0a5dd664eb8ad
5
5
  SHA512:
6
- metadata.gz: d1ff02b07834284e53746ee7dcf9f894ba9801a535dc0fa786ef189328a15684fe9342e4894cdf454d61e06d72eb6220cc5c6ccde9decd31a812228b7875a41a
7
- data.tar.gz: 5334c04d22104d0c7e9a4c2c0ff33975100bf44ad5d582ccaca31d17dced23ae840847ddfa404394423759cf664cb976a315477e9e101b52f38a22b9f07cf766
6
+ metadata.gz: 5156c899cbfa6dd8175790aec3f3b11ea4efb0dd05e28d1af6cd5334928ad3d0fce4a0f78f465a9be883a9f2fa3ae47ce2641b34019ec752cc497c8238b43bcb
7
+ data.tar.gz: 9a9865e44ea9fc20e7c5d2c3c1dd3f8bc0677837fd388a3f6a49c31667384273af913ca2cfe4de9a6f7430b321da216774714da85d96417108a95d643e610391
data/db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb ADDED
@@ -0,0 +1,5 @@
1
+ class AddTokenHashesToAuthieSessions < ActiveRecord::Migration
2
+ def change
3
+ add_column :authie_sessions, :token_hash, :string
4
+ end
5
+ end
data/db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb ADDED
@@ -0,0 +1,5 @@
1
+ class AddIndexToTokenHashesOnAuthieSessions < ActiveRecord::Migration
2
+ def change
3
+ add_index :authie_sessions, :token_hash
4
+ end
5
+ end
data/lib/authie/session.rb CHANGED
@@ -11,11 +11,12 @@ module Authie
11
11
  self.table_name = "authie_sessions"
12
12
 
13
13
  # Relationships
14
- belongs_to :user, {:polymorphic => true}.merge(Authie.config.user_relationship_options)
14
+ user_options = {:polymorphic => true}.merge(Authie.config.user_relationship_options)
15
+ user_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
16
+ belongs_to :user, user_options
17
+
15
18
  parent_options = {:class_name => "Authie::Session"}
16
- if ActiveRecord::VERSION::MAJOR >= 5
17
- parent_options[:optional] = true
18
- end
19
+ parent_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
19
20
  belongs_to :parent, parent_options
20
21
 
21
22
  # Scopes
@@ -25,6 +26,7 @@ module Authie
25
26
  # Attributes
26
27
  serialize :data, Hash
27
28
  attr_accessor :controller
29
+ attr_accessor :temporary_token
28
30
 
29
31
  before_validation do
30
32
  if self.user_agent.is_a?(String)
@@ -33,7 +35,8 @@ module Authie
33
35
  end
34
36
 
35
37
  before_create do
36
- self.token = SecureRandom.base64(32)
38
+ self.temporary_token = SecureRandom.base64(32)
39
+ self.token_hash = self.class.hash_token(self.temporary_token)
37
40
  if controller
38
41
  self.user_agent = controller.request.user_agent
39
42
  set_cookie!
@@ -58,7 +61,7 @@ module Authie
58
61
  # Sets the cookie on the associated controller.
59
62
  def set_cookie!
60
63
  cookies[:user_session] = {
61
- :value => token,
64
+ :value => self.temporary_token,
62
65
  :secure => controller.request.ssl?,
63
66
  :httponly => true,
64
67
  :expires => self.expires_at
@@ -145,7 +148,7 @@ module Authie
145
148
 
146
149
  # Invalidate all sessions but this one for this user
147
150
  def invalidate_others!
148
- self.class.where.not(:id => self.id).where(:user => self.user).each do |s|
151
+ self.class.where("id != ?", self.id).where(:user => self.user).each do |s|
149
152
  s.invalidate!
150
153
  end
151
154
  end
@@ -195,7 +198,8 @@ module Authie
195
198
  # Returns a session object or :none if no session is found.
196
199
  def self.get_session(controller)
197
200
  cookies = controller.send(:cookies)
198
- if cookies[:user_session] && session = self.active.where(:token => cookies[:user_session]).first
201
+ if cookies[:user_session] && session = self.find_session_by_token(cookies[:user_session])
202
+ session.temporary_token = cookies[:user_session]
199
203
  session.controller = controller
200
204
  session
201
205
  else
@@ -203,6 +207,12 @@ module Authie
203
207
  end
204
208
  end
205
209
 
210
+ # Find a session by a token (either from a hash or from the raw token)
211
+ def self.find_session_by_token(token)
212
+ return nil if token.blank?
213
+ self.active.where("token = ? OR token_hash = ?", token, self.hash_token(token)).first
214
+ end
215
+
206
216
  # Create a new session and return the newly created session object.
207
217
  # Any other sessions for the browser will be invalidated.
208
218
  def self.start(controller, params = {})
@@ -219,7 +229,23 @@ module Authie
219
229
 
220
230
  # Cleanup any old sessions.
221
231
  def self.cleanup
232
+ # Invalidate transient sessions that haven't been used
222
233
  self.active.where("expires_at IS NULL AND last_activity_at < ?", Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
234
+ # Invalidate persistent sessions that have expired
235
+ self.active.where("expires_at IS NOT NULL AND expires_at < ?", Time.now).each(&:invalidate!)
236
+ end
237
+
238
+ # Return a hash of a given token
239
+ def self.hash_token(token)
240
+ Digest::SHA256.hexdigest(token)
241
+ end
242
+
243
+ # Convert all existing active sessions to store their tokens in the database
244
+ def self.convert_tokens_to_hashes
245
+ active.where(:token_hash => nil).where("token is not null").each do |s|
246
+ hash = self.hash_token(s.token)
247
+ self.where(:id => s.id).update_all(:token_hash => hash, :token => nil)
248
+ end
223
249
  end
224
250
 
225
251
  private
data/lib/authie/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Authie
2
- VERSION = '2.0.1'
2
+ VERSION = '3.0.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authie
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Cooke
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-24 00:00:00.000000000 Z
11
+ date: 2017-04-21 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: A Rails library for storing user sessions in a backend database
14
14
  email:
@@ -21,6 +21,8 @@ files:
21
21
  - db/migrate/20141013115205_add_indexes_to_authie_sessions.rb
22
22
  - db/migrate/20150109144120_add_parent_id_to_authie_sessions.rb
23
23
  - db/migrate/20150305135400_add_two_factor_auth_fields_to_authie.rb
24
+ - db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb
25
+ - db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb
24
26
  - lib/authie.rb
25
27
  - lib/authie/config.rb
26
28
  - lib/authie/controller_delegate.rb
@@ -50,7 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
50
52
  version: '0'
51
53
  requirements: []
52
54
  rubyforge_project:
53
- rubygems_version: 2.4.5
55
+ rubygems_version: 2.5.2
54
56
  signing_key:
55
57
  specification_version: 4
56
58
  summary: A Rails library for storing user sessions in a backend database