auto-session-timeout 0.9.5 → 0.9.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 3561cc313c2dc97c96fb2a2a5931c01c8a442706
4
- data.tar.gz: d5c805a2efeb3af57dad7d2b23aa4aa55b1df902
2
+ SHA256:
3
+ metadata.gz: 43964b8e2454251977f6214625438c2b56d378f009014c2c5f6467575367d883
4
+ data.tar.gz: a7a0b504cbbf06c85c7876a8be3a244a9eb4e5a910ad0b4ec5c01e58f503d833
5
5
  SHA512:
6
- metadata.gz: 3dff428123f23f12a7cd5f9cba6a25a8d8576db3519ab01c1a70586e6ec84cf52377910207339adcc4a0360106bdd69b35dcb8bad73f68b452d005223ac0452f
7
- data.tar.gz: 022ed3b160ee413a4e703bd097acdec9b865994c2d42cf57276b1087591e220f2859b69edae1c293815741ea6daa01b4bc69a4c11fdf920dba5e9ad76cbb8ba0
6
+ metadata.gz: 3afb1575ae4cfc3c1337286c35b620aab5d7d68602cf30989761f34dfcfc102a40a3982e5e3305d1a5bd673965a8b220804f75c6ee325da516b36eeb17689736
7
+ data.tar.gz: a6a53fe82ed32bf7a5f755e203a6425cb3def4061f6ea7fe6b733eedeed5b2fe4d2f37c82f5e5ae7b412177f6fe1b61cd3be2cef7de57be6ec1429db56458748
data/CHANGELOG CHANGED
@@ -1,5 +1,51 @@
1
+ 2019-10-15 - v0.9.6
2
+
3
+ 2019-10-15 - Use routes in JS helper [pelargir]
4
+
5
+ 2019-03-03 - Update README [cprodhomme]
6
+
7
+ 2018-12-21 - Support Rails protect_from_forgery [davegudge]
8
+
9
+ 2017-06-13 - v0.9.5
10
+
11
+ 2017-06-12 - Exclude controller actions from CSRF verification [pelargir]
12
+
13
+ 2017-06-12 - Make updater use vanilla JS [emilos]
14
+
15
+ 2017-05-16 - v0.9.4
16
+
17
+ 2017-05-08 - Rails 5 compatibility [quainjn]
18
+
19
+ 2016-10-14 - Allow defining verbosity [zaimramlan]
20
+
21
+ 2013-08-29 - v0.9.3
22
+
23
+ 2013-08-28 - Add jQuery support [krishnasrihari]
24
+
25
+ 2013-07-24 - v0.9.2
26
+
27
+ 2013-07-24 - Add tests and use Ruby 1.9 hash syntax [pelargir]
28
+
29
+ 2013-07-24 - v0.9.1
30
+
31
+ 2013-07-24 - Timeout can be set in controller or user model [pelargir]
32
+
33
+ 2013-07-22 - v0.9
34
+
35
+ 2013-07-21 - Support for jQuery periodical updater plugin [pelargir]
36
+
37
+ 2013-07-17 - v0.8
38
+
1
39
  2014-07-14 - Added jQuery support [krishnasrihari]
2
40
 
41
+ 2013-06-23 - v0.7
42
+
3
43
  2013-06-22 - Switched to Bundler for generating the gemspec [pelargir]
4
44
 
5
- 2009-04-22 - Initial import [pelargir]
45
+ 2009-08-22 - v0.5
46
+
47
+ 2009-06-03 - Move controller actions into plugin [pelargir]
48
+
49
+ 2009-04-22 - Add JS helper [pelargir]
50
+
51
+ 2009-04-22 - Initial import [pelargir]
data/README.md CHANGED
@@ -4,13 +4,15 @@ Provides automatic session timeout in a Rails application. Very easy
4
4
  to install and configure. Have you ever wanted to force your users
5
5
  off your app if they go idle for a certain period of time? Many
6
6
  online banking sites use this technique. If your app is used on any
7
- kind of public computer system, this plugin is a necessity.
7
+ kind of public computer system, this gem is a necessity.
8
8
 
9
9
  ## Installation
10
10
 
11
11
  Add this line to your application's Gemfile:
12
12
 
13
- gem 'auto-session-timeout'
13
+ ```ruby
14
+ gem 'auto-session-timeout'
15
+ ```
14
16
 
15
17
  And then execute:
16
18
 
@@ -24,52 +26,80 @@ Or install it yourself as:
24
26
 
25
27
  After installing, tell your application controller to use auto timeout:
26
28
 
27
- class ApplicationController < ActionController::Base
28
- auto_session_timeout 1.hour
29
- ...
30
- end
31
-
32
- You will also need to insert this line inside the body tags in your
33
- views. The easiest way to do this is to insert it once inside your
34
- default or application-wide layout. Make sure you are only rendering
35
- it if the user is logged in, otherwise the plugin will attempt to force
36
- non-existent sessions to timeout, wreaking havoc:
37
-
38
- <body>
39
- <% if current_user %>
40
- <%= auto_session_timeout_js %>
41
- <% end %>
42
- </body>
29
+ ```ruby
30
+ class ApplicationController < ActionController::Base
31
+ auto_session_timeout 1.hour
32
+ ...
33
+ end
34
+ ```
35
+
36
+ This will use a global timeout of 1 hour. If you want to specify a
37
+ custom timeout value per user, don't pass a value above. Instead,
38
+ override `#auto_timeout` in your `#current_user` model. This is
39
+ typically the `User` class:
40
+
41
+ ```ruby
42
+ class ApplicationController < ActionController::Base
43
+ auto_session_timeout
44
+ end
45
+
46
+ class User < ActiveRecord::Base
47
+ def auto_timeout
48
+ 15.minutes
49
+ end
50
+ end
51
+ ```
52
+
53
+ You will also need to insert a call to the `#auto_session_timeout_js`
54
+ helper method inside the body tags in your views. The easiest way to
55
+ do this is to insert it once inside your default or application-wide
56
+ layout. Make sure you are only rendering if the user is logged in,
57
+ otherwise the gem will attempt to force non-existent sessions to
58
+ timeout, wreaking havoc:
59
+
60
+ ```erb
61
+ <body>
62
+ <% if current_user %>
63
+ <%= auto_session_timeout_js %>
64
+ <% end %>
65
+ </body>
66
+ ```
43
67
 
44
68
  You need to setup two actions: one to return the session status and
45
69
  another that runs when the session times out. You can use the default
46
- actions included with the plugin by inserting this line in your target
70
+ actions included with the gem by inserting this line in your target
47
71
  controller (most likely your user or session controller):
48
72
 
49
- class SessionsController < ApplicationController
50
- auto_session_timeout_actions
51
- end
73
+ ```ruby
74
+ class SessionsController < ApplicationController
75
+ auto_session_timeout_actions
76
+ end
77
+ ```
52
78
 
53
79
  To customize the default actions, simply override them. You can call
54
- the render_session_status and render_session_timeout methods to use
55
- the default implementation from the plugin, or you can define the
80
+ the `#render_session_status` and `#render_session_timeout` methods to
81
+ use the default implementation from the gem, or you can define the
56
82
  actions entirely with your own custom code:
57
83
 
58
- class SessionsController < ApplicationController
59
- def active
60
- render_session_status
61
- end
62
-
63
- def timeout
64
- render_session_timeout
65
- end
66
- end
84
+ ```ruby
85
+ class SessionsController < ApplicationController
86
+ def active
87
+ render_session_status
88
+ end
89
+
90
+ def timeout
91
+ render_session_timeout
92
+ end
93
+ end
94
+ ```
67
95
 
68
- In any of these cases, make sure to properly map the actions in
69
- your routes.rb file:
96
+ In any of these cases, make sure to properly map the actions in your
97
+ routes.rb file:
70
98
 
71
- match 'active' => 'sessions#active', via: :get
72
- match 'timeout' => 'sessions#timeout', via: :get
99
+ ```ruby
100
+ get 'active' => 'sessions#active'
101
+ get 'timeout' => 'sessions#timeout'
102
+ ```
73
103
 
74
104
  You're done! Enjoy watching your sessions automatically timeout.
75
105
 
@@ -80,21 +110,23 @@ active sessions. If you prefer that it check more frequently, pass a
80
110
  frequency attribute to the helper method. The frequency is given in
81
111
  seconds. The following example checks the server every 15 seconds:
82
112
 
83
- <html>
84
- <head>...</head>
85
- <body>
86
- <% if current_user %>
87
- <%= auto_session_timeout_js frequency: 15 %>
88
- <% end %>
89
- ...
90
- </body>
91
- </html>
113
+ ```erb
114
+ <html>
115
+ <head>...</head>
116
+ <body>
117
+ <% if current_user %>
118
+ <%= auto_session_timeout_js frequency: 15 %>
119
+ <% end %>
120
+ ...
121
+ </body>
122
+ </html>
123
+ ```
92
124
 
93
125
  ## TODO
94
126
 
95
127
  * current_user must be defined
96
128
  * using Prototype vs. jQuery
97
- * setting timeout in controller vs. user
129
+ * using with Devise
98
130
 
99
131
  ## Contributing
100
132
 
@@ -1,7 +1,7 @@
1
1
  module Auto
2
2
  module Session
3
3
  module Timeout
4
- VERSION = "0.9.5"
4
+ VERSION = "0.9.6"
5
5
  end
6
6
  end
7
7
  end
@@ -8,7 +8,7 @@ module AutoSessionTimeout
8
8
  def auto_session_timeout(seconds=nil)
9
9
  protect_from_forgery except: [:active, :timeout]
10
10
  prepend_before_action do |c|
11
- if c.session[:auto_session_expires_at] && c.session[:auto_session_expires_at] < Time.now
11
+ if session_expired?(c) && !signing_in?(c)
12
12
  c.send :reset_session
13
13
  else
14
14
  unless c.request.original_url.start_with?(c.send(:active_url))
@@ -31,8 +31,24 @@ module AutoSessionTimeout
31
31
  end
32
32
 
33
33
  def render_session_timeout
34
- flash[:notice] = "Your session has timed out."
35
- redirect_to "/login"
34
+ flash[:notice] = t("devise.failure.timeout", default: "Your session has timed out.")
35
+ redirect_to sign_in_path
36
+ end
37
+
38
+ private
39
+
40
+ def signing_in?(c)
41
+ c.request.env["PATH_INFO"] == sign_in_path && c.request.env["REQUEST_METHOD"] == "POST"
42
+ end
43
+
44
+ def session_expired?(c)
45
+ c.session[:auto_session_expires_at].try(:<, Time.now)
46
+ end
47
+
48
+ def sign_in_path
49
+ user_session_path
50
+ rescue
51
+ "/login"
36
52
  end
37
53
 
38
54
  end
@@ -9,11 +9,11 @@ function PeriodicalQuery() {
9
9
  request.onload = function (event) {
10
10
  var status = event.target.status;
11
11
  var response = event.target.response;
12
- if (status === 200 && (response === false || response === 'false')) {
13
- window.location.href = '/timeout';
12
+ if (status === 200 && (response === false || response === 'false' || response === null)) {
13
+ window.location.href = '#{timeout_path}';
14
14
  }
15
15
  };
16
- request.open('GET', '/active', true);
16
+ request.open('GET', '#{active_path}', true);
17
17
  request.responseType = 'json';
18
18
  request.send();
19
19
  setTimeout(PeriodicalQuery, (#{frequency} * 1000));
@@ -2,7 +2,17 @@ require File.dirname(__FILE__) + '/test_helper'
2
2
 
3
3
  describe AutoSessionTimeoutHelper do
4
4
 
5
- subject { Class.new(ActionView::Base).new }
5
+ class ActionView::Base
6
+ def timeout_path
7
+ '/timeout'
8
+ end
9
+
10
+ def active_path
11
+ '/active'
12
+ end
13
+ end
14
+
15
+ subject { ActionView::Base.new }
6
16
 
7
17
  describe "#auto_session_timeout_js" do
8
18
  it "returns correct JS" do
@@ -13,7 +23,7 @@ function PeriodicalQuery() {
13
23
  request.onload = function (event) {
14
24
  var status = event.target.status;
15
25
  var response = event.target.response;
16
- if (status === 200 && (response === false || response === 'false')) {
26
+ if (status === 200 && (response === false || response === 'false' || response === null)) {
17
27
  window.location.href = '/timeout';
18
28
  }
19
29
  };
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: auto-session-timeout
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.5
4
+ version: 0.9.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthew Bass
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-13 00:00:00.000000000 Z
11
+ date: 2019-10-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -107,8 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
107
107
  - !ruby/object:Gem::Version
108
108
  version: '0'
109
109
  requirements: []
110
- rubyforge_project:
111
- rubygems_version: 2.6.10
110
+ rubygems_version: 3.0.6
112
111
  signing_key:
113
112
  specification_version: 4
114
113
  summary: Provides automatic session timeout in a Rails application.