authie 3.1.3 → 3.1.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eeee4da80ce4d00cabdd4aebc87a4214fd35674efa9bf40913dd67b31e99626a
4
- data.tar.gz: 1dde61b9b89ce35d2f155b96f2645f6b6dbaeddd841fc661988be053b47c968a
3
+ metadata.gz: 06d55be51805149b69d8bd60a06a87df1400898a80bb2aa2ae53e3805efa268f
4
+ data.tar.gz: 573abda148ce414df7745cf836c768d4fb7369cf41454c8b5b1443f56bfc71e8
5
5
  SHA512:
6
- metadata.gz: 33b17b06e49a1add782cb0d0074f7de21f10bcc7ef05dfdb144f0da1738c55083238cbcc2165305acaef09952c9caab6ff7b9fcf4da041aa46fbe676cfefb5eb
7
- data.tar.gz: 8b7bbe0536651795c2438db1e175e3dd32f6c3448ad370d65015cff70329f971f37776609589255fc8f0072e4158781d26c28762515120f9a3184a55081b32ef
6
+ metadata.gz: cbfd2c8e200bc82442a2ff4334b1e5f9b8739a7d99828ceef65b68b0304703cd39845f72469a52546bbf9dbd3bfc68337ff3c907140b362918dbc57ee15568d4
7
+ data.tar.gz: 8c1ae0e5e37a4f3f9b4e7e17ea475904735fe929b26f56fe16eb773609ca3126727b1d6980f28186c077f70d88075d9c1e3f3f269b095574c562b462e72f2745
Binary file
data.tar.gz.sig CHANGED
Binary file
@@ -1,6 +1,12 @@
1
+ require 'authie/event_manager'
2
+
1
3
  module Authie
2
4
  class Config
3
5
 
6
+ def initialize
7
+ @callbacks = {}
8
+ end
9
+
4
10
  def session_inactivity_timeout
5
11
  @session_inactivity_timeout || 12.hours
6
12
  end
@@ -25,9 +31,18 @@ module Authie
25
31
  end
26
32
  attr_writer :browser_id_cookie_name
27
33
 
34
+ def events
35
+ @event_manager ||= EventManager.new
36
+ end
28
37
  end
29
38
 
30
39
  def self.config
31
40
  @config ||= Config.new
32
41
  end
42
+
43
+ def self.configure(&block)
44
+ block.call(config)
45
+ config
46
+ end
47
+
33
48
  end
@@ -16,6 +16,8 @@ module Authie
16
16
  :httponly => true,
17
17
  :secure => @controller.request.ssl?
18
18
  }
19
+ # Dispatch an event when the browser ID is set.
20
+ Authie.config.events.dispatch(:set_browser_id, proposed_browser_id)
19
21
  end
20
22
  end
21
23
  end
@@ -0,0 +1,28 @@
1
+ module Authie
2
+ class EventManager
3
+
4
+ def initialize
5
+ @callbacks = {}
6
+ end
7
+
8
+ def dispatch(event, *args)
9
+ if callbacks = @callbacks[event.to_sym]
10
+ callbacks.each do |cb|
11
+ cb.call(*args)
12
+ end
13
+ end
14
+ end
15
+
16
+ def on(event, &block)
17
+ @callbacks[event.to_sym] ||= []
18
+ @callbacks[event.to_sym] << block
19
+ end
20
+
21
+ def remove(event, block)
22
+ if cb = @callbacks[event.to_sym]
23
+ cb.delete(block)
24
+ end
25
+ end
26
+
27
+ end
28
+ end
@@ -60,6 +60,8 @@ module Authie
60
60
  self.last_activity_path = controller.request.path
61
61
  self.requests += 1
62
62
  self.save!
63
+ Authie.config.events.dispatch(:session_touched, self)
64
+ true
63
65
  end
64
66
 
65
67
  # Sets the cookie on the associated controller.
@@ -70,6 +72,8 @@ module Authie
70
72
  :httponly => true,
71
73
  :expires => self.expires_at
72
74
  }
75
+ Authie.config.events.dispatch(:session_cookie_updated, self)
76
+ true
73
77
  end
74
78
 
75
79
  # Check the security of the session to ensure it can be used.
@@ -77,26 +81,31 @@ module Authie
77
81
  if controller
78
82
  if cookies[:browser_id] != self.browser_id
79
83
  invalidate!
84
+ Authie.config.events.dispatch(:browser_id_mismatch_error, self)
80
85
  raise BrowserMismatch, "Browser ID mismatch"
81
86
  end
82
87
 
83
88
  unless self.active?
84
89
  invalidate!
90
+ Authie.config.events.dispatch(:invalid_session_error, self)
85
91
  raise InactiveSession, "Session is no longer active"
86
92
  end
87
93
 
88
94
  if self.expired?
89
95
  invalidate!
96
+ Authie.config.events.dispatch(:expired_session_error, self)
90
97
  raise ExpiredSession, "Persistent session has expired"
91
98
  end
92
99
 
93
100
  if self.inactive?
94
101
  invalidate!
102
+ Authie.config.events.dispatch(:inactive_session_error, self)
95
103
  raise InactiveSession, "Non-persistent session has expired"
96
104
  end
97
105
 
98
106
  if self.host && self.host != controller.request.host
99
107
  invalidate!
108
+ Authie.config.events.dispatch(:host_mismatch_error, self)
100
109
  raise HostMismatch, "Session was created on #{self.host} but accessed using #{controller.request.host}"
101
110
  end
102
111
  end
@@ -141,6 +150,8 @@ module Authie
141
150
  if controller
142
151
  cookies.delete(:user_session)
143
152
  end
153
+ Authie.config.events.dispatch(:session_invalidated, self)
154
+ true
144
155
  end
145
156
 
146
157
  # Set some additional data in this session
@@ -166,6 +177,8 @@ module Authie
166
177
  def see_password!
167
178
  self.password_seen_at = Time.now
168
179
  self.save!
180
+ Authie.config.events.dispatch(:seen_password, self)
181
+ true
169
182
  end
170
183
 
171
184
  # Have we seen the user's password recently in this sesion?
@@ -183,6 +196,8 @@ module Authie
183
196
  self.two_factored_at = Time.now
184
197
  self.two_factored_ip = controller.request.ip
185
198
  self.save!
199
+ Authie.config.events.dispatch(:marked_as_two_factored, self)
200
+ true
186
201
  end
187
202
 
188
203
  # Create a new session for impersonating for the given user
@@ -203,6 +218,16 @@ module Authie
203
218
  end
204
219
  end
205
220
 
221
+ # Is this the first session for this session's browser?
222
+ def first_session_for_browser?
223
+ self.class.where("id < ?", self.id).where(:user => self.user, :browser_id => self.browser_id).empty?
224
+ end
225
+
226
+ # Is this the first session for the IP?
227
+ def first_session_for_ip?
228
+ self.class.where("id < ?", self.id).where(:user => self.user, :login_ip => self.login_ip).empty?
229
+ end
230
+
206
231
  # Find a session from the database for the given controller instance.
207
232
  # Returns a session object or :none if no session is found.
208
233
  def self.get_session(controller)
@@ -226,7 +251,7 @@ module Authie
226
251
  # Any other sessions for the browser will be invalidated.
227
252
  def self.start(controller, params = {})
228
253
  cookies = controller.send(:cookies)
229
- self.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
254
+ self.active.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
230
255
  session = self.new(params)
231
256
  session.controller = controller
232
257
  session.browser_id = cookies[:browser_id]
@@ -234,15 +259,19 @@ module Authie
234
259
  session.login_ip = controller.request.ip
235
260
  session.host = controller.request.host
236
261
  session.save!
262
+ Authie.config.events.dispatch(:start_session, session)
237
263
  session
238
264
  end
239
265
 
240
266
  # Cleanup any old sessions.
241
267
  def self.cleanup
268
+ Authie.config.events.dispatch(:before_cleanup)
242
269
  # Invalidate transient sessions that haven't been used
243
270
  self.active.where("expires_at IS NULL AND last_activity_at < ?", Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
244
271
  # Invalidate persistent sessions that have expired
245
272
  self.active.where("expires_at IS NOT NULL AND expires_at < ?", Time.now).each(&:invalidate!)
273
+ Authie.config.events.dispatch(:after_cleanup)
274
+ true
246
275
  end
247
276
 
248
277
  # Return a hash of a given token
@@ -1,3 +1,3 @@
1
1
  module Authie
2
- VERSION = '3.1.3'
2
+ VERSION = '3.1.4'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authie
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.3
4
+ version: 3.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Cooke
@@ -35,7 +35,7 @@ cert_chain:
35
35
  iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
36
36
  qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
37
37
  -----END CERTIFICATE-----
38
- date: 2018-03-05 00:00:00.000000000 Z
38
+ date: 2018-03-12 00:00:00.000000000 Z
39
39
  dependencies: []
40
40
  description: A Rails library for storing user sessions in a backend database
41
41
  email:
@@ -57,6 +57,7 @@ files:
57
57
  - lib/authie/controller_extension.rb
58
58
  - lib/authie/engine.rb
59
59
  - lib/authie/error.rb
60
+ - lib/authie/event_manager.rb
60
61
  - lib/authie/rack_controller.rb
61
62
  - lib/authie/session.rb
62
63
  - lib/authie/version.rb
metadata.gz.sig CHANGED
Binary file