authie 2.0.1 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d1aceff4f3015b34c0f529d573ba5b38342a995
|
4
|
+
data.tar.gz: 4fcfced43fd5b139af44c8b2cdf0a5dd664eb8ad
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5156c899cbfa6dd8175790aec3f3b11ea4efb0dd05e28d1af6cd5334928ad3d0fce4a0f78f465a9be883a9f2fa3ae47ce2641b34019ec752cc497c8238b43bcb
|
7
|
+
data.tar.gz: 9a9865e44ea9fc20e7c5d2c3c1dd3f8bc0677837fd388a3f6a49c31667384273af913ca2cfe4de9a6f7430b321da216774714da85d96417108a95d643e610391
|
data/lib/authie/session.rb
CHANGED
@@ -11,11 +11,12 @@ module Authie
|
|
11
11
|
self.table_name = "authie_sessions"
|
12
12
|
|
13
13
|
# Relationships
|
14
|
-
|
14
|
+
user_options = {:polymorphic => true}.merge(Authie.config.user_relationship_options)
|
15
|
+
user_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
|
16
|
+
belongs_to :user, user_options
|
17
|
+
|
15
18
|
parent_options = {:class_name => "Authie::Session"}
|
16
|
-
if ActiveRecord::VERSION::MAJOR >= 5
|
17
|
-
parent_options[:optional] = true
|
18
|
-
end
|
19
|
+
parent_options[:optional] = true if ActiveRecord::VERSION::MAJOR >= 5
|
19
20
|
belongs_to :parent, parent_options
|
20
21
|
|
21
22
|
# Scopes
|
@@ -25,6 +26,7 @@ module Authie
|
|
25
26
|
# Attributes
|
26
27
|
serialize :data, Hash
|
27
28
|
attr_accessor :controller
|
29
|
+
attr_accessor :temporary_token
|
28
30
|
|
29
31
|
before_validation do
|
30
32
|
if self.user_agent.is_a?(String)
|
@@ -33,7 +35,8 @@ module Authie
|
|
33
35
|
end
|
34
36
|
|
35
37
|
before_create do
|
36
|
-
self.
|
38
|
+
self.temporary_token = SecureRandom.base64(32)
|
39
|
+
self.token_hash = self.class.hash_token(self.temporary_token)
|
37
40
|
if controller
|
38
41
|
self.user_agent = controller.request.user_agent
|
39
42
|
set_cookie!
|
@@ -58,7 +61,7 @@ module Authie
|
|
58
61
|
# Sets the cookie on the associated controller.
|
59
62
|
def set_cookie!
|
60
63
|
cookies[:user_session] = {
|
61
|
-
:value =>
|
64
|
+
:value => self.temporary_token,
|
62
65
|
:secure => controller.request.ssl?,
|
63
66
|
:httponly => true,
|
64
67
|
:expires => self.expires_at
|
@@ -145,7 +148,7 @@ module Authie
|
|
145
148
|
|
146
149
|
# Invalidate all sessions but this one for this user
|
147
150
|
def invalidate_others!
|
148
|
-
self.class.where
|
151
|
+
self.class.where("id != ?", self.id).where(:user => self.user).each do |s|
|
149
152
|
s.invalidate!
|
150
153
|
end
|
151
154
|
end
|
@@ -195,7 +198,8 @@ module Authie
|
|
195
198
|
# Returns a session object or :none if no session is found.
|
196
199
|
def self.get_session(controller)
|
197
200
|
cookies = controller.send(:cookies)
|
198
|
-
if cookies[:user_session] && session = self.
|
201
|
+
if cookies[:user_session] && session = self.find_session_by_token(cookies[:user_session])
|
202
|
+
session.temporary_token = cookies[:user_session]
|
199
203
|
session.controller = controller
|
200
204
|
session
|
201
205
|
else
|
@@ -203,6 +207,12 @@ module Authie
|
|
203
207
|
end
|
204
208
|
end
|
205
209
|
|
210
|
+
# Find a session by a token (either from a hash or from the raw token)
|
211
|
+
def self.find_session_by_token(token)
|
212
|
+
return nil if token.blank?
|
213
|
+
self.active.where("token = ? OR token_hash = ?", token, self.hash_token(token)).first
|
214
|
+
end
|
215
|
+
|
206
216
|
# Create a new session and return the newly created session object.
|
207
217
|
# Any other sessions for the browser will be invalidated.
|
208
218
|
def self.start(controller, params = {})
|
@@ -219,7 +229,23 @@ module Authie
|
|
219
229
|
|
220
230
|
# Cleanup any old sessions.
|
221
231
|
def self.cleanup
|
232
|
+
# Invalidate transient sessions that haven't been used
|
222
233
|
self.active.where("expires_at IS NULL AND last_activity_at < ?", Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
|
234
|
+
# Invalidate persistent sessions that have expired
|
235
|
+
self.active.where("expires_at IS NOT NULL AND expires_at < ?", Time.now).each(&:invalidate!)
|
236
|
+
end
|
237
|
+
|
238
|
+
# Return a hash of a given token
|
239
|
+
def self.hash_token(token)
|
240
|
+
Digest::SHA256.hexdigest(token)
|
241
|
+
end
|
242
|
+
|
243
|
+
# Convert all existing active sessions to store their tokens in the database
|
244
|
+
def self.convert_tokens_to_hashes
|
245
|
+
active.where(:token_hash => nil).where("token is not null").each do |s|
|
246
|
+
hash = self.hash_token(s.token)
|
247
|
+
self.where(:id => s.id).update_all(:token_hash => hash, :token => nil)
|
248
|
+
end
|
223
249
|
end
|
224
250
|
|
225
251
|
private
|
data/lib/authie/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authie
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Cooke
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-04-21 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: A Rails library for storing user sessions in a backend database
|
14
14
|
email:
|
@@ -21,6 +21,8 @@ files:
|
|
21
21
|
- db/migrate/20141013115205_add_indexes_to_authie_sessions.rb
|
22
22
|
- db/migrate/20150109144120_add_parent_id_to_authie_sessions.rb
|
23
23
|
- db/migrate/20150305135400_add_two_factor_auth_fields_to_authie.rb
|
24
|
+
- db/migrate/20170417170000_add_token_hashes_to_authie_sessions.rb
|
25
|
+
- db/migrate/20170421174100_add_index_to_token_hashes_on_authie_sessions.rb
|
24
26
|
- lib/authie.rb
|
25
27
|
- lib/authie/config.rb
|
26
28
|
- lib/authie/controller_delegate.rb
|
@@ -50,7 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
50
52
|
version: '0'
|
51
53
|
requirements: []
|
52
54
|
rubyforge_project:
|
53
|
-
rubygems_version: 2.
|
55
|
+
rubygems_version: 2.5.2
|
54
56
|
signing_key:
|
55
57
|
specification_version: 4
|
56
58
|
summary: A Rails library for storing user sessions in a backend database
|