authie 4.0.0.rc6 → 4.0.0.rc7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authie/config.rb +4 -0
  3. data/lib/authie/session.rb +20 -0
  4. data/lib/authie/session_model.rb +24 -10
  5. metadata +1 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f0ed5ff2724edcadbe4c3da00f495f61c49fb8527a9a3ea990d6cbb0d1b3481
4
- data.tar.gz: f3c621bd0cd8561123e39b508647d1bc5b356038928682d1b541635d9913c9cd
3
+ metadata.gz: 44634d5c60eeabd533457e52d0c6926fc7e72a91affd8d9bd1ff18bc07884c5c
4
+ data.tar.gz: 310b072244bbcd463d7615e2e77b94c7829bae98af0508276b952ea000e3bb44
5
5
  SHA512:
6
- metadata.gz: f326f7e0aee77baccff01544c98730902fd77c722c803b49257bad520eb6f5340ab00bf585050b6a5d447409f86954147ec9e701d9af404948cb8f7977008c78
7
- data.tar.gz: 55da617f47e858b869fb4e3f1afb14a45dd3ff2a661656db89906bdf66fd2c2a785ac70163de3e60e342f3e91601fcb058ff7a77663f840502268e77a224d7d5
6
+ metadata.gz: c560dafa6d2b626f753e6afac7152ea2d950536b4a520fcd4454b88fbd8978884523fe44ce1ae90547565a1090e8e447d48a983f91d2a52cf8824f77c1ac993d
7
+ data.tar.gz: 75642d5fb4aa28807e9fc32e77e4de90cf1527da81ddccdcd4b2bf0c233240c2642acb7b100e7931bc2a169429289626c962ab88bc305a2cf016446e2ac229b5
data/lib/authie/config.rb CHANGED
@@ -8,6 +8,8 @@ module Authie
8
8
  attr_accessor :persistent_session_length
9
9
  attr_accessor :sudo_session_timeout
10
10
  attr_accessor :browser_id_cookie_name
11
+ attr_accessor :session_token_length
12
+ attr_accessor :extend_session_expiry_on_touch
11
13
  attr_accessor :events
12
14
 
13
15
  def initialize
@@ -15,6 +17,8 @@ module Authie
15
17
  @persistent_session_length = 2.months
16
18
  @sudo_session_timeout = 10.minutes
17
19
  @browser_id_cookie_name = :browser_id
20
+ @session_token_length = 64
21
+ @extend_session_expiry_on_touch = false
18
22
  @events = EventManager.new
19
23
  end
20
24
  end
data/lib/authie/session.rb CHANGED
@@ -92,6 +92,7 @@ module Authie
92
92
  @session.last_activity_ip = @controller.request.ip
93
93
  @session.last_activity_path = @controller.request.path
94
94
  @session.requests += 1
95
+ extend_session_expiry_if_appropriate
95
96
  @session.save!
96
97
  Authie.config.events.dispatch(:session_touched, self)
97
98
  self
@@ -132,6 +133,15 @@ module Authie
132
133
  self
133
134
  end
134
135
 
136
+ # Resets the token for the currently active session to a new string
137
+ #
138
+ # @return [Authie::Session]
139
+ def reset_token
140
+ @session.reset_token
141
+ set_cookie
142
+ self
143
+ end
144
+
135
145
  private
136
146
 
137
147
  # rubocop:disable Naming/AccessorMethodName
@@ -201,6 +211,16 @@ module Authie
201
211
  self
202
212
  end
203
213
 
214
+ def extend_session_expiry_if_appropriate
215
+ return if @session.expires_at.nil?
216
+ return unless Authie.config.extend_session_expiry_on_touch
217
+
218
+ # If enabled, sessions with an expiry time will automatiaclly be incremented
219
+ # whenever a page is touched. The cookie will also be updated as appropriate.
220
+ @session.expires_at = Authie.config.persistent_session_length.from_now
221
+ set_cookie
222
+ end
223
+
204
224
  class << self
205
225
  # Create a new session within the given controller for the
206
226
  #
data/lib/authie/session_model.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'active_record/base'
4
- require 'secure_random_string'
4
+ require 'securerandom'
5
5
  require 'authie/config'
6
6
 
7
7
  module Authie
@@ -19,15 +19,8 @@ module Authie
19
19
  # Attributes
20
20
  serialize :data, Hash
21
21
 
22
- before_validation do
23
- self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
24
- self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
25
- end
26
-
27
- before_create do
28
- self.temporary_token = SecureRandomString.new(44)
29
- self.token_hash = self.class.hash_token(temporary_token)
30
- end
22
+ before_validation :shorten_strings
23
+ before_create :set_new_token
31
24
 
32
25
  # Return the user that
33
26
  def user
@@ -109,6 +102,27 @@ module Authie
109
102
  self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
110
103
  end
111
104
 
105
+ # Reset a new token for the session and return the new token
106
+ #
107
+ # @return [String]
108
+ def reset_token
109
+ set_new_token
110
+ save!
111
+ temporary_token
112
+ end
113
+
114
+ private
115
+
116
+ def shorten_strings
117
+ self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
118
+ self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
119
+ end
120
+
121
+ def set_new_token
122
+ self.temporary_token = SecureRandom.alphanumeric(Authie.config.session_token_length)
123
+ self.token_hash = self.class.hash_token(temporary_token)
124
+ end
125
+
112
126
  class << self
113
127
  # Find a session from the database for the given controller instance.
114
128
  # Returns a session object or :none if no session is found.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authie
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0.rc6
4
+ version: 4.0.0.rc7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Cooke
@@ -30,20 +30,6 @@ dependencies:
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: '8.0'
33
- - !ruby/object:Gem::Dependency
34
- name: secure_random_string
35
- requirement: !ruby/object:Gem::Requirement
36
- requirements:
37
- - - ">="
38
- - !ruby/object:Gem::Version
39
- version: '0'
40
- type: :runtime
41
- prerelease: false
42
- version_requirements: !ruby/object:Gem::Requirement
43
- requirements:
44
- - - ">="
45
- - !ruby/object:Gem::Version
46
- version: '0'
47
33
  - !ruby/object:Gem::Dependency
48
34
  name: appraisal
49
35
  requirement: !ruby/object:Gem::Requirement