authie 4.0.0.rc6 → 4.0.0.rc7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authie/config.rb +4 -0
  3. data/lib/authie/session.rb +20 -0
  4. data/lib/authie/session_model.rb +24 -10
  5. metadata +1 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f0ed5ff2724edcadbe4c3da00f495f61c49fb8527a9a3ea990d6cbb0d1b3481
4
- data.tar.gz: f3c621bd0cd8561123e39b508647d1bc5b356038928682d1b541635d9913c9cd
3
+ metadata.gz: 44634d5c60eeabd533457e52d0c6926fc7e72a91affd8d9bd1ff18bc07884c5c
4
+ data.tar.gz: 310b072244bbcd463d7615e2e77b94c7829bae98af0508276b952ea000e3bb44
5
5
  SHA512:
6
- metadata.gz: f326f7e0aee77baccff01544c98730902fd77c722c803b49257bad520eb6f5340ab00bf585050b6a5d447409f86954147ec9e701d9af404948cb8f7977008c78
7
- data.tar.gz: 55da617f47e858b869fb4e3f1afb14a45dd3ff2a661656db89906bdf66fd2c2a785ac70163de3e60e342f3e91601fcb058ff7a77663f840502268e77a224d7d5
6
+ metadata.gz: c560dafa6d2b626f753e6afac7152ea2d950536b4a520fcd4454b88fbd8978884523fe44ce1ae90547565a1090e8e447d48a983f91d2a52cf8824f77c1ac993d
7
+ data.tar.gz: 75642d5fb4aa28807e9fc32e77e4de90cf1527da81ddccdcd4b2bf0c233240c2642acb7b100e7931bc2a169429289626c962ab88bc305a2cf016446e2ac229b5
data/lib/authie/config.rb CHANGED
@@ -8,6 +8,8 @@ module Authie
8
8
  attr_accessor :persistent_session_length
9
9
  attr_accessor :sudo_session_timeout
10
10
  attr_accessor :browser_id_cookie_name
11
+ attr_accessor :session_token_length
12
+ attr_accessor :extend_session_expiry_on_touch
11
13
  attr_accessor :events
12
14
 
13
15
  def initialize
@@ -15,6 +17,8 @@ module Authie
15
17
  @persistent_session_length = 2.months
16
18
  @sudo_session_timeout = 10.minutes
17
19
  @browser_id_cookie_name = :browser_id
20
+ @session_token_length = 64
21
+ @extend_session_expiry_on_touch = false
18
22
  @events = EventManager.new
19
23
  end
20
24
  end
data/lib/authie/session.rb CHANGED
@@ -92,6 +92,7 @@ module Authie
92
92
  @session.last_activity_ip = @controller.request.ip
93
93
  @session.last_activity_path = @controller.request.path
94
94
  @session.requests += 1
95
+ extend_session_expiry_if_appropriate
95
96
  @session.save!
96
97
  Authie.config.events.dispatch(:session_touched, self)
97
98
  self
@@ -132,6 +133,15 @@ module Authie
132
133
  self
133
134
  end
134
135
 
136
+ # Resets the token for the currently active session to a new string
137
+ #
138
+ # @return [Authie::Session]
139
+ def reset_token
140
+ @session.reset_token
141
+ set_cookie
142
+ self
143
+ end
144
+
135
145
  private
136
146
 
137
147
  # rubocop:disable Naming/AccessorMethodName
@@ -201,6 +211,16 @@ module Authie
201
211
  self
202
212
  end
203
213
 
214
+ def extend_session_expiry_if_appropriate
215
+ return if @session.expires_at.nil?
216
+ return unless Authie.config.extend_session_expiry_on_touch
217
+
218
+ # If enabled, sessions with an expiry time will automatiaclly be incremented
219
+ # whenever a page is touched. The cookie will also be updated as appropriate.
220
+ @session.expires_at = Authie.config.persistent_session_length.from_now
221
+ set_cookie
222
+ end
223
+
204
224
  class << self
205
225
  # Create a new session within the given controller for the
206
226
  #
data/lib/authie/session_model.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'active_record/base'
4
- require 'secure_random_string'
4
+ require 'securerandom'
5
5
  require 'authie/config'
6
6
 
7
7
  module Authie
@@ -19,15 +19,8 @@ module Authie
19
19
  # Attributes
20
20
  serialize :data, Hash
21
21
 
22
- before_validation do
23
- self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
24
- self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
25
- end
26
-
27
- before_create do
28
- self.temporary_token = SecureRandomString.new(44)
29
- self.token_hash = self.class.hash_token(temporary_token)
30
- end
22
+ before_validation :shorten_strings
23
+ before_create :set_new_token
31
24
 
32
25
  # Return the user that
33
26
  def user
@@ -109,6 +102,27 @@ module Authie
109
102
  self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
110
103
  end
111
104
 
105
+ # Reset a new token for the session and return the new token
106
+ #
107
+ # @return [String]
108
+ def reset_token
109
+ set_new_token
110
+ save!
111
+ temporary_token
112
+ end
113
+
114
+ private
115
+
116
+ def shorten_strings
117
+ self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
118
+ self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
119
+ end
120
+
121
+ def set_new_token
122
+ self.temporary_token = SecureRandom.alphanumeric(Authie.config.session_token_length)
123
+ self.token_hash = self.class.hash_token(temporary_token)
124
+ end
125
+
112
126
  class << self
113
127
  # Find a session from the database for the given controller instance.
114
128
  # Returns a session object or :none if no session is found.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authie
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0.rc6
4
+ version: 4.0.0.rc7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Cooke
@@ -30,20 +30,6 @@ dependencies:
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: '8.0'
33
- - !ruby/object:Gem::Dependency
34
- name: secure_random_string
35
- requirement: !ruby/object:Gem::Requirement
36
- requirements:
37
- - - ">="
38
- - !ruby/object:Gem::Version
39
- version: '0'
40
- type: :runtime
41
- prerelease: false
42
- version_requirements: !ruby/object:Gem::Requirement
43
- requirements:
44
- - - ">="
45
- - !ruby/object:Gem::Version
46
- version: '0'
47
33
  - !ruby/object:Gem::Dependency
48
34
  name: appraisal
49
35
  requirement: !ruby/object:Gem::Requirement