authie 3.1.3 → 3.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eeee4da80ce4d00cabdd4aebc87a4214fd35674efa9bf40913dd67b31e99626a
-  data.tar.gz: 1dde61b9b89ce35d2f155b96f2645f6b6dbaeddd841fc661988be053b47c968a
+  metadata.gz: 06d55be51805149b69d8bd60a06a87df1400898a80bb2aa2ae53e3805efa268f
+  data.tar.gz: 573abda148ce414df7745cf836c768d4fb7369cf41454c8b5b1443f56bfc71e8
 SHA512:
-  metadata.gz: 33b17b06e49a1add782cb0d0074f7de21f10bcc7ef05dfdb144f0da1738c55083238cbcc2165305acaef09952c9caab6ff7b9fcf4da041aa46fbe676cfefb5eb
-  data.tar.gz: 8b7bbe0536651795c2438db1e175e3dd32f6c3448ad370d65015cff70329f971f37776609589255fc8f0072e4158781d26c28762515120f9a3184a55081b32ef
+  metadata.gz: cbfd2c8e200bc82442a2ff4334b1e5f9b8739a7d99828ceef65b68b0304703cd39845f72469a52546bbf9dbd3bfc68337ff3c907140b362918dbc57ee15568d4
+  data.tar.gz: 8c1ae0e5e37a4f3f9b4e7e17ea475904735fe929b26f56fe16eb773609ca3126727b1d6980f28186c077f70d88075d9c1e3f3f269b095574c562b462e72f2745

data/lib/authie/config.rb

@@ -1,6 +1,12 @@
+require 'authie/event_manager'
+
 module Authie
   class Config
 
+    def initialize
+      @callbacks = {}
+    end
+
     def session_inactivity_timeout
       @session_inactivity_timeout || 12.hours
     end
@@ -25,9 +31,18 @@ module Authie
     end
     attr_writer :browser_id_cookie_name
 
+    def events
+      @event_manager ||= EventManager.new
+    end
   end
 
   def self.config
     @config ||= Config.new
   end
+
+  def self.configure(&block)
+    block.call(config)
+    config
+  end
+
 end

data/lib/authie/controller_delegate.rb

@@ -16,6 +16,8 @@ module Authie
             :httponly => true,
             :secure => @controller.request.ssl?
           }
+          # Dispatch an event when the browser ID is set.
+          Authie.config.events.dispatch(:set_browser_id, proposed_browser_id)
         end
       end
     end

data/lib/authie/event_manager.rb

@@ -0,0 +1,28 @@
+module Authie
+  class EventManager
+
+    def initialize
+      @callbacks = {}
+    end
+
+    def dispatch(event, *args)
+      if callbacks = @callbacks[event.to_sym]
+        callbacks.each do |cb|
+          cb.call(*args)
+        end
+      end
+    end
+
+    def on(event, &block)
+      @callbacks[event.to_sym] ||= []
+      @callbacks[event.to_sym] << block
+    end
+
+    def remove(event, block)
+      if cb = @callbacks[event.to_sym]
+        cb.delete(block)
+      end
+    end
+
+  end
+end

data/lib/authie/session.rb

@@ -60,6 +60,8 @@ module Authie
       self.last_activity_path = controller.request.path
       self.requests += 1
       self.save!
+      Authie.config.events.dispatch(:session_touched, self)
+      true
     end
 
     # Sets the cookie on the associated controller.
@@ -70,6 +72,8 @@ module Authie
         :httponly => true,
         :expires => self.expires_at
       }
+      Authie.config.events.dispatch(:session_cookie_updated, self)
+      true
     end
 
     # Check the security of the session to ensure it can be used.
@@ -77,26 +81,31 @@ module Authie
       if controller
         if cookies[:browser_id] != self.browser_id
           invalidate!
+          Authie.config.events.dispatch(:browser_id_mismatch_error, self)
           raise BrowserMismatch, "Browser ID mismatch"
         end
 
         unless self.active?
           invalidate!
+          Authie.config.events.dispatch(:invalid_session_error, self)
           raise InactiveSession, "Session is no longer active"
         end
 
         if self.expired?
           invalidate!
+          Authie.config.events.dispatch(:expired_session_error, self)
           raise ExpiredSession, "Persistent session has expired"
         end
 
         if self.inactive?
           invalidate!
+          Authie.config.events.dispatch(:inactive_session_error, self)
           raise InactiveSession, "Non-persistent session has expired"
         end
 
         if self.host && self.host != controller.request.host
           invalidate!
+          Authie.config.events.dispatch(:host_mismatch_error, self)
           raise HostMismatch, "Session was created on #{self.host} but accessed using #{controller.request.host}"
         end
       end
@@ -141,6 +150,8 @@ module Authie
       if controller
         cookies.delete(:user_session)
       end
+      Authie.config.events.dispatch(:session_invalidated, self)
+      true
     end
 
     # Set some additional data in this session
@@ -166,6 +177,8 @@ module Authie
     def see_password!
       self.password_seen_at = Time.now
       self.save!
+      Authie.config.events.dispatch(:seen_password, self)
+      true
     end
 
     # Have we seen the user's password recently in this sesion?
@@ -183,6 +196,8 @@ module Authie
       self.two_factored_at = Time.now
       self.two_factored_ip = controller.request.ip
       self.save!
+      Authie.config.events.dispatch(:marked_as_two_factored, self)
+      true
     end
 
     # Create a new session for impersonating for the given user
@@ -203,6 +218,16 @@ module Authie
       end
     end
 
+    # Is this the first session for this session's browser?
+    def first_session_for_browser?
+      self.class.where("id < ?", self.id).where(:user => self.user, :browser_id => self.browser_id).empty?
+    end
+
+    # Is this the first session for the IP?
+    def first_session_for_ip?
+      self.class.where("id < ?", self.id).where(:user => self.user, :login_ip => self.login_ip).empty?
+    end
+
     # Find a session from the database for the given controller instance.
     # Returns a session object or :none if no session is found.
     def self.get_session(controller)
@@ -226,7 +251,7 @@ module Authie
     # Any other sessions for the browser will be invalidated.
     def self.start(controller, params = {})
       cookies = controller.send(:cookies)
-      self.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
+      self.active.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
       session = self.new(params)
       session.controller = controller
       session.browser_id = cookies[:browser_id]
@@ -234,15 +259,19 @@ module Authie
       session.login_ip = controller.request.ip
       session.host = controller.request.host
       session.save!
+      Authie.config.events.dispatch(:start_session, session)
       session
     end
 
     # Cleanup any old sessions.
     def self.cleanup
+      Authie.config.events.dispatch(:before_cleanup)
       # Invalidate transient sessions that haven't been used
       self.active.where("expires_at IS NULL AND last_activity_at < ?", Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
       # Invalidate persistent sessions that have expired
       self.active.where("expires_at IS NOT NULL AND expires_at < ?", Time.now).each(&:invalidate!)
+      Authie.config.events.dispatch(:after_cleanup)
+      true
     end
 
     # Return a hash of a given token

data/lib/authie/version.rb

@@ -1,3 +1,3 @@
 module Authie
-  VERSION = '3.1.3'
+  VERSION = '3.1.4'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authie
 version: !ruby/object:Gem::Version
-  version: 3.1.3
+  version: 3.1.4
 platform: ruby
 authors:
 - Adam Cooke
@@ -35,7 +35,7 @@ cert_chain:
   iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
   qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
   -----END CERTIFICATE-----
-date: 2018-03-05 00:00:00.000000000 Z
+date: 2018-03-12 00:00:00.000000000 Z
 dependencies: []
 description: A Rails library for storing user sessions in a backend database
 email:
@@ -57,6 +57,7 @@ files:
 - lib/authie/controller_extension.rb
 - lib/authie/engine.rb
 - lib/authie/error.rb
+- lib/authie/event_manager.rb
 - lib/authie/rack_controller.rb
 - lib/authie/session.rb
 - lib/authie/version.rb