auto-session-timeout 0.9.4 → 0.9.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 77ae45c61583c38e509d9db9197d0b20043fc183
-  data.tar.gz: 0173b194b2ae4b8b1c4dabdb957cf78256cf83da
+SHA256:
+  metadata.gz: 71d3e9f467963b89be2bdfb4e87ce915ed693536fd0760cf954d6116c8987c3a
+  data.tar.gz: f3b2cfee583099d5bb29400db0e4e187f8fdfd1750cc12cfc45380316719df50
 SHA512:
-  metadata.gz: 9d70255cc2a19147c9e48cde559c828a396c8936001bb4054703ec42fa837c2e7932d437964bffdcd5edaa1c8934f55694c8ba373a5bdacb4a466870037117b4
-  data.tar.gz: cb1b5c13b32213881d94bd7cc329afa6cde3bc13ad0dbd4b25699cd81d52e8fb406dc14172d48131abf4f20510a7545960b56643a56fde6b29d2666f96fd1105
+  metadata.gz: 20685219ebb5e6750e215d8a873ad60b7de0a3e05f36c9bfb03249266b4886b240ea6b009242a718dc7d91b723053d3c5c3a2ae4f768b6ab016cefe915d7ed73
+  data.tar.gz: d94594ce6b6d7464ad543fcad88e8343e53b1d3a1f6af02f0d6d24a2877167b6cd776a4e62f575cc023ee752a30be4b7ed518b0283ed6eb144b42a5345d2705c

data/.gitignore

@@ -5,6 +5,7 @@
 .yardoc
 *.sublime-project
 *.sublime-workspace
+.idea
 Gemfile.lock
 InstalledFiles
 _yardoc

data/.travis.yml

@@ -0,0 +1,46 @@
+sudo: false
+language: ruby
+cache: bundler
+before_install:
+  - gem install bundler -v '~> 2'
+rvm:
+  - 2.4.10
+  - 2.5.8
+  - 2.6.6
+  - 2.7.2
+  - ruby-head
+env:
+  - RAILS_VERSION='~> 3.2'
+  - RAILS_VERSION='~> 4.0'
+  - RAILS_VERSION='~> 4.1'
+  - RAILS_VERSION='~> 4.2'
+  - RAILS_VERSION='~> 5.0'
+  - RAILS_VERSION='~> 5.1'
+  - RAILS_VERSION='~> 5.2'
+  - RAILS_VERSION='~> 6.0'
+  - RAILS_VERSION='~> 6.1'
+jobs:
+  exclude:
+    - rvm: 2.4.10
+      env: RAILS_VERSION='~> 6.0'
+    - rvm: 2.4.10
+      env: RAILS_VERSION='~> 6.1'
+    - rvm: 2.7.2
+      env: RAILS_VERSION='~> 3.2'
+    - rvm: 2.7.2
+      env: RAILS_VERSION='~> 4.0'
+    - rvm: 2.7.2
+      env: RAILS_VERSION='~> 4.1'
+    - rvm: 2.7.2
+      env: RAILS_VERSION='~> 4.2'
+    - rvm: ruby-head
+      env: RAILS_VERSION='~> 3.2'
+    - rvm: ruby-head
+      env: RAILS_VERSION='~> 4.0'
+    - rvm: ruby-head
+      env: RAILS_VERSION='~> 4.1'
+    - rvm: ruby-head
+      env: RAILS_VERSION='~> 4.2'
+  allow_failures:
+    - rvm: ruby-head
+  fast_finish: true

data/CHANGELOG

@@ -1,5 +1,59 @@
+2021-10-11 - v0.9.8
+
+2021-10-10 - Custom session timeout method [JunaidUK]
+
+2021-02-02 - v0.9.7
+
+2021-02-02 - Rails 6 compatibility [jasonheecs]
+
+2019-10-15 - v0.9.6
+
+2019-10-15 - Use routes in JS helper [pelargir]
+
+2019-03-03 - Update README [cprodhomme]
+
+2018-12-21 - Support Rails protect_from_forgery [davegudge]
+
+2017-06-13 - v0.9.5
+
+2017-06-12 - Exclude controller actions from CSRF verification [pelargir]
+
+2017-06-12 - Make updater use vanilla JS [emilos]
+
+2017-05-16 - v0.9.4
+
+2017-05-08 - Rails 5 compatibility [quainjn]
+
+2016-10-14 - Allow defining verbosity [zaimramlan]
+
+2013-08-29 - v0.9.3
+
+2013-08-28 - Add jQuery support [krishnasrihari]
+
+2013-07-24 - v0.9.2
+
+2013-07-24 - Add tests and use Ruby 1.9 hash syntax [pelargir]
+
+2013-07-24 - v0.9.1
+
+2013-07-24 - Timeout can be set in controller or user model [pelargir]
+
+2013-07-22 - v0.9
+
+2013-07-21 - Support for jQuery periodical updater plugin [pelargir]
+
+2013-07-17 - v0.8
+
 2014-07-14 - Added jQuery support [krishnasrihari]
 
+2013-06-23 - v0.7
+
 2013-06-22 - Switched to Bundler for generating the gemspec [pelargir]
 
-2009-04-22 - Initial import [pelargir]
+2009-08-22 - v0.5
+
+2009-06-03 - Move controller actions into plugin [pelargir]
+
+2009-04-22 - Add JS helper [pelargir]
+
+2009-04-22 - Initial import [pelargir]

data/Gemfile

@@ -1,4 +1,7 @@
 source 'https://rubygems.org'
 
+rails_version = ENV['RAILS_VERSION']
+gem 'actionpack', rails_version
+
 # Specify your gem's dependencies in auto-session-timeout.gemspec
 gemspec

data/README.md

@@ -1,100 +1,166 @@
-# auto-session-timeout
+[![Build Status](https://travis-ci.com/pelargir/auto-session-timeout.svg?branch=master)](https://travis-ci.com/pelargir/auto-session-timeout)
+
+# Auto::Session::Timeout
 
 Provides automatic session timeout in a Rails application. Very easy
 to install and configure. Have you ever wanted to force your users
 off your app if they go idle for a certain period of time? Many
 online banking sites use this technique. If your app is used on any
-kind of public computer system, this plugin is a necessity.
+kind of public computer system, this gem is a necessity.
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
-    gem 'auto-session-timeout'
+```ruby
+gem 'auto-session-timeout'
+```
 
 And then execute:
 
-    $ bundle
+```
+$ bundle
+```
 
 Or install it yourself as:
 
-    $ gem install auto-session-timeout
+```
+$ gem install auto-session-timeout
+```
 
 ## Usage
 
 After installing, tell your application controller to use auto timeout:
 
-    class ApplicationController < ActionController::Base
-      auto_session_timeout 1.hour
-      ...
-    end
-
-You will also need to insert this line inside the body tags in your
-views. The easiest way to do this is to insert it once inside your
-default or application-wide layout. Make sure you are only rendering
-it if the user is logged in, otherwise the plugin will attempt to force
-non-existent sessions to timeout, wreaking havoc:
-
-    <body>
-      <% if current_user %>
-        <%= auto_session_timeout_js %>
-      <% end %>
-    </body>
+```ruby
+class ApplicationController < ActionController::Base
+  auto_session_timeout 1.hour
+end
+```
+
+This will use a global timeout of 1 hour. The gem assumes your authentication
+provider has a `#current_user` method that returns the currently logged in user.
+
+If you want to specify a  custom timeout value per user, don't pass a value to
+the controller as shown above. Instead,  override `#auto_timeout` in your
+`#current_user` model. This is  typically the `User` class:
+
+```ruby
+class ApplicationController < ActionController::Base
+  auto_session_timeout
+end
+
+class User < ActiveRecord::Base
+  def auto_timeout
+    15.minutes
+  end
+end
+```
+
+You will also need to insert a call to the `#auto_session_timeout_js`
+helper method inside the body tags in your views. The easiest way to
+do this is to insert it once inside your default or application-wide
+layout. Make sure you are only rendering if the user is logged in,
+otherwise the gem will attempt to force non-existent sessions to
+timeout, wreaking havoc:
+
+```erb
+<body>
+  <% if current_user %>
+    <%= auto_session_timeout_js %>
+  <% end %>
+</body>
+```
 
 You need to setup two actions: one to return the session status and
 another that runs when the session times out. You can use the default
-actions included with the plugin by inserting this line in your target
+actions included with the gem by inserting this line in your target
 controller (most likely your user or session controller):
 
-    class SessionsController < ApplicationController
-      auto_session_timeout_actions
-    end
+```ruby
+class SessionsController < ApplicationController
+  auto_session_timeout_actions
+end
+```
 
 To customize the default actions, simply override them. You can call
-the render_session_status and render_session_timeout methods to use
-the default implementation from the plugin, or you can define the
+the `#render_session_status` and `#render_session_timeout` methods to
+use the default implementation from the gem, or you can define the
 actions entirely with your own custom code:
 
-    class SessionsController < ApplicationController
-      def active
-       render_session_status
-      end
-      
-      def timeout
-        render_session_timeout
-      end
-    end
+```ruby
+class SessionsController < ApplicationController
+  def active
+    render_session_status
+  end
+
+  def timeout
+    render_session_timeout
+  end
+end
+```
 
-In any of these cases, make sure to properly map the actions in
-your routes.rb file:
+In any of these cases, make sure to properly map the actions in your
+routes.rb file:
 
-    match 'active'  => 'sessions#active',  via: :get
-    match 'timeout' => 'sessions#timeout', via: :get
+```ruby
+get "active",  to: "sessions#active"
+get "timeout", to: "sessions#timeout"
+```
 
 You're done! Enjoy watching your sessions automatically timeout.
 
-## Additional Configuration
+## Using with Devise
+
+When using Devise for authentication you will need to add a scoped
+sessions controller and call the timeout actions helper there.
+For example:
+
+```ruby
+class Users::SessionsController < Devise::SessionsController
+  auto_session_timeout_actions
+end
+```
+
+In your routes.rb file you will need to declare your scoped controller
+and declare the timeout actions inside the same Devise scope:
+
+```ruby
+Rails.application.routes.draw do
+  devise_for :users, controllers: { sessions: "users/sessions" }
+  
+  devise_scope :user do
+    get "active", to: "users/sessions#active"
+    get "timeout", to: "users/sessions#timeout"
+  end
+end
+```
+
+You can use Devise's `#user_signed_in?` method when you call the JS helper
+method in your view:
+
+```erb
+<body>
+  <% if user_signed_in? %>
+    <%= auto_session_timeout_js %>
+  <% end %>
+</body>
+```
+
+## Optional Configuration
 
 By default, the JavaScript code checks the server every 60 seconds for
 active sessions. If you prefer that it check more frequently, pass a
 frequency attribute to the helper method. The frequency is given in
 seconds. The following example checks the server every 15 seconds:
 
-    <html>
-      <head>...</head>
-      <body>
-        <% if current_user %>
-          <%= auto_session_timeout_js frequency: 15 %>
-        <% end %>
-        ...
-      </body>
-    </html>
-
-## TODO
-
-* current_user must be defined
-* using Prototype vs. jQuery
-* setting timeout in controller vs. user
+```erb
+<body>
+  <% if current_user %>
+    <%= auto_session_timeout_js frequency: 15 %>
+  <% end %>
+</body>
+```
 
 ## Contributing
 

data/auto-session-timeout.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.version       = Auto::Session::Timeout::VERSION
   spec.authors       = ["Matthew Bass"]
   spec.email         = ["pelargir@gmail.com"]
-  spec.description   = %q{Provides automatic session timeout in a Rails application.}
+  spec.description   = %q{Automatic session timeout in Rails}
   spec.summary       = %q{Provides automatic session timeout in a Rails application.}
   spec.homepage      = "http://github.com/pelargir/auto-session-timeout"
   spec.license       = "MIT"
@@ -18,8 +18,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake", "~> 0"
-  spec.add_development_dependency "minitest", "~> 4.2"
-  spec.add_development_dependency "actionpack", "~> 3.2"
+  spec.add_dependency "actionpack", [">= 3.2", "< 7"]
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "minitest", [">= 4.2", "< 6"]
 end

data/lib/auto/session/timeout/version.rb

@@ -1,7 +1,7 @@
 module Auto
   module Session
     module Timeout
-      VERSION = "0.9.4"
+      VERSION = "0.9.8"
     end
   end
 end

data/lib/auto_session_timeout.rb

@@ -6,9 +6,10 @@ module AutoSessionTimeout
   
   module ClassMethods
     def auto_session_timeout(seconds=nil)
+      protect_from_forgery except: [:active, :timeout]
       prepend_before_action do |c|
-        if c.session[:auto_session_expires_at] && c.session[:auto_session_expires_at] < Time.now
-          c.send :reset_session
+        if session_expired?(c) && !signing_in?(c)
+          handle_session_reset(c)
         else
           unless c.request.original_url.start_with?(c.send(:active_url))
             offset = seconds || (current_user.respond_to?(:auto_timeout) ? current_user.auto_timeout : nil)
@@ -30,8 +31,28 @@ module AutoSessionTimeout
   end
   
   def render_session_timeout
-    flash[:notice] = "Your session has timed out."
-    redirect_to "/login"
+    flash[:notice] = t("devise.failure.timeout", default: "Your session has timed out.")
+    redirect_to sign_in_path
+  end
+
+  private
+
+  def handle_session_reset(c)
+    c.send :reset_session
+  end
+
+  def signing_in?(c)
+    c.request.env["PATH_INFO"] == sign_in_path && c.request.env["REQUEST_METHOD"] == "POST"
+  end
+
+  def session_expired?(c)
+    c.session[:auto_session_expires_at].try(:<, Time.now)
+  end
+
+  def sign_in_path
+    user_session_path
+  rescue
+    "/login"
   end
   
 end

data/lib/auto_session_timeout_helper.rb

@@ -1,34 +1,26 @@
 module AutoSessionTimeoutHelper
   def auto_session_timeout_js(options={})
     frequency = options[:frequency] || 60
-    verbosity = options[:verbosity] || 2
+    attributes = options[:attributes] || {}
     code = <<JS
-if (typeof(Ajax) != 'undefined') {
-  new Ajax.PeriodicalUpdater('', '/active', {frequency:#{frequency}, method:'get', onSuccess: function(e) {
-    if (e.responseText == 'false') window.location.href = '/timeout';
-  }});
-}else if(typeof(jQuery) != 'undefined'){
-  function PeriodicalQuery() {
-    $.ajax({
-      url: '/active',
-      success: function(data) {
-        if(data == 'false'){
-          window.location.href = '/timeout';
-        }
-      }
-    });
-    setTimeout(PeriodicalQuery, (#{frequency} * 1000));
-  }
+function PeriodicalQuery() {
+  var request = new XMLHttpRequest();
+  request.onload = function (event) {
+    var status = event.target.status;
+    var response = event.target.response;
+    if (status === 200 && (response === false || response === 'false' || response === null)) {
+      window.location.href = '#{timeout_path}';
+    }
+  };
+  request.open('GET', '#{active_path}', true);
+  request.responseType = 'json';
+  request.send();
   setTimeout(PeriodicalQuery, (#{frequency} * 1000));
-} else {
-  $.PeriodicalUpdater('/active', {minTimeout:#{frequency * 1000}, multiplier:0, method:'get', verbose:#{verbosity}}, function(remoteData, success) {
-    if (success == 'success' && remoteData == 'false')
-      window.location.href = '/timeout';
-  });
 }
+setTimeout(PeriodicalQuery, (#{frequency} * 1000));
 JS
-    javascript_tag(code)
+    javascript_tag(code, attributes)
   end
 end
 
-ActionView::Base.send :include, AutoSessionTimeoutHelper
+ActionView::Base.send :include, AutoSessionTimeoutHelper

data/test/auto_session_timeout_helper_test.rb

@@ -2,46 +2,40 @@ require File.dirname(__FILE__) + '/test_helper'
 
 describe AutoSessionTimeoutHelper do
 
-  subject { Class.new(ActionView::Base).new }
+  class StubView
+    include AutoSessionTimeoutHelper
+    include ActionView::Helpers::JavaScriptHelper
+    include ActionView::Helpers::TagHelper
+
+    def timeout_path
+      "/timeout"
+    end
+
+    def active_path
+      "/active"
+    end
+  end
+
+  subject { StubView.new }
 
   describe "#auto_session_timeout_js" do
     it "returns correct JS" do
-      assert_equal "<script type=\"text/javascript\">
-//<![CDATA[
-if (typeof(Ajax) != 'undefined') {
-  new Ajax.PeriodicalUpdater('', '/active', {frequency:60, method:'get', onSuccess: function(e) {
-    if (e.responseText == 'false') window.location.href = '/timeout';
-  }});
-}else if(typeof(jQuery) != 'undefined'){
-  function PeriodicalQuery() {
-    $.ajax({
-      url: '/active',
-      success: function(data) {
-        if(data == 'false'){
-          window.location.href = '/timeout';
-        }
-      }
-    });
-    setTimeout(PeriodicalQuery, (60 * 1000));
-  }
-  setTimeout(PeriodicalQuery, (60 * 1000));
-} else {
-  $.PeriodicalUpdater('/active', {minTimeout:60000, multiplier:0, method:'get', verbose:2}, function(remoteData, success) {
-    if (success == 'success' && remoteData == 'false')
-      window.location.href = '/timeout';
-  });
-}
-
-//]]>
-</script>", subject.auto_session_timeout_js
+      js = subject.auto_session_timeout_js
+      assert js.include?("window.location.href = '/timeout'")
+      assert js.include?("request.open('GET', '/active', true)")
+      assert js.include?("setTimeout(PeriodicalQuery, (60 * 1000))")
     end
 
     it "uses custom frequency when given" do
-      assert_match /frequency:120/, subject.auto_session_timeout_js(frequency: 120)
+      assert_match %r{120}, subject.auto_session_timeout_js(frequency: 120)
     end
 
     it "uses 60 when custom frequency is nil" do
-      assert_match /frequency:60/, subject.auto_session_timeout_js(frequency: nil)
+      assert_match %r{60}, subject.auto_session_timeout_js(frequency: nil)
+    end
+
+    it "accepts attributes" do
+      assert_match %r{data-turbolinks-eval="false"}, subject.auto_session_timeout_js(attributes: { 'data-turbolinks-eval': 'false' })
     end
   end
 

metadata

@@ -1,72 +1,84 @@
 --- !ruby/object:Gem::Specification
 name: auto-session-timeout
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 0.9.8
 platform: ruby
 authors:
 - Matthew Bass
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-05-16 00:00:00.000000000 Z
+date: 2021-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
-  type: :development
+        version: '3.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '3.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
-  name: actionpack
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
-description: Provides automatic session timeout in a Rails application.
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+description: Automatic session timeout in Rails
 email:
 - pelargir@gmail.com
 executables: []
@@ -74,6 +86,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".travis.yml"
 - CHANGELOG
 - Gemfile
 - LICENSE.txt
@@ -92,7 +105,7 @@ homepage: http://github.com/pelargir/auto-session-timeout
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -107,9 +120,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.10
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: Provides automatic session timeout in a Rails application.
 test_files: