auto-session-timeout 0.9.5 → 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 3561cc313c2dc97c96fb2a2a5931c01c8a442706
4
- data.tar.gz: d5c805a2efeb3af57dad7d2b23aa4aa55b1df902
2
+ SHA256:
3
+ metadata.gz: 43964b8e2454251977f6214625438c2b56d378f009014c2c5f6467575367d883
4
+ data.tar.gz: a7a0b504cbbf06c85c7876a8be3a244a9eb4e5a910ad0b4ec5c01e58f503d833
5
5
  SHA512:
6
- metadata.gz: 3dff428123f23f12a7cd5f9cba6a25a8d8576db3519ab01c1a70586e6ec84cf52377910207339adcc4a0360106bdd69b35dcb8bad73f68b452d005223ac0452f
7
- data.tar.gz: 022ed3b160ee413a4e703bd097acdec9b865994c2d42cf57276b1087591e220f2859b69edae1c293815741ea6daa01b4bc69a4c11fdf920dba5e9ad76cbb8ba0
6
+ metadata.gz: 3afb1575ae4cfc3c1337286c35b620aab5d7d68602cf30989761f34dfcfc102a40a3982e5e3305d1a5bd673965a8b220804f75c6ee325da516b36eeb17689736
7
+ data.tar.gz: a6a53fe82ed32bf7a5f755e203a6425cb3def4061f6ea7fe6b733eedeed5b2fe4d2f37c82f5e5ae7b412177f6fe1b61cd3be2cef7de57be6ec1429db56458748
data/CHANGELOG CHANGED
@@ -1,5 +1,51 @@
1
+ 2019-10-15 - v0.9.6
2
+
3
+ 2019-10-15 - Use routes in JS helper [pelargir]
4
+
5
+ 2019-03-03 - Update README [cprodhomme]
6
+
7
+ 2018-12-21 - Support Rails protect_from_forgery [davegudge]
8
+
9
+ 2017-06-13 - v0.9.5
10
+
11
+ 2017-06-12 - Exclude controller actions from CSRF verification [pelargir]
12
+
13
+ 2017-06-12 - Make updater use vanilla JS [emilos]
14
+
15
+ 2017-05-16 - v0.9.4
16
+
17
+ 2017-05-08 - Rails 5 compatibility [quainjn]
18
+
19
+ 2016-10-14 - Allow defining verbosity [zaimramlan]
20
+
21
+ 2013-08-29 - v0.9.3
22
+
23
+ 2013-08-28 - Add jQuery support [krishnasrihari]
24
+
25
+ 2013-07-24 - v0.9.2
26
+
27
+ 2013-07-24 - Add tests and use Ruby 1.9 hash syntax [pelargir]
28
+
29
+ 2013-07-24 - v0.9.1
30
+
31
+ 2013-07-24 - Timeout can be set in controller or user model [pelargir]
32
+
33
+ 2013-07-22 - v0.9
34
+
35
+ 2013-07-21 - Support for jQuery periodical updater plugin [pelargir]
36
+
37
+ 2013-07-17 - v0.8
38
+
1
39
  2014-07-14 - Added jQuery support [krishnasrihari]
2
40
 
41
+ 2013-06-23 - v0.7
42
+
3
43
  2013-06-22 - Switched to Bundler for generating the gemspec [pelargir]
4
44
 
5
- 2009-04-22 - Initial import [pelargir]
45
+ 2009-08-22 - v0.5
46
+
47
+ 2009-06-03 - Move controller actions into plugin [pelargir]
48
+
49
+ 2009-04-22 - Add JS helper [pelargir]
50
+
51
+ 2009-04-22 - Initial import [pelargir]
data/README.md CHANGED
@@ -4,13 +4,15 @@ Provides automatic session timeout in a Rails application. Very easy
4
4
  to install and configure. Have you ever wanted to force your users
5
5
  off your app if they go idle for a certain period of time? Many
6
6
  online banking sites use this technique. If your app is used on any
7
- kind of public computer system, this plugin is a necessity.
7
+ kind of public computer system, this gem is a necessity.
8
8
 
9
9
  ## Installation
10
10
 
11
11
  Add this line to your application's Gemfile:
12
12
 
13
- gem 'auto-session-timeout'
13
+ ```ruby
14
+ gem 'auto-session-timeout'
15
+ ```
14
16
 
15
17
  And then execute:
16
18
 
@@ -24,52 +26,80 @@ Or install it yourself as:
24
26
 
25
27
  After installing, tell your application controller to use auto timeout:
26
28
 
27
- class ApplicationController < ActionController::Base
28
- auto_session_timeout 1.hour
29
- ...
30
- end
31
-
32
- You will also need to insert this line inside the body tags in your
33
- views. The easiest way to do this is to insert it once inside your
34
- default or application-wide layout. Make sure you are only rendering
35
- it if the user is logged in, otherwise the plugin will attempt to force
36
- non-existent sessions to timeout, wreaking havoc:
37
-
38
- <body>
39
- <% if current_user %>
40
- <%= auto_session_timeout_js %>
41
- <% end %>
42
- </body>
29
+ ```ruby
30
+ class ApplicationController < ActionController::Base
31
+ auto_session_timeout 1.hour
32
+ ...
33
+ end
34
+ ```
35
+
36
+ This will use a global timeout of 1 hour. If you want to specify a
37
+ custom timeout value per user, don't pass a value above. Instead,
38
+ override `#auto_timeout` in your `#current_user` model. This is
39
+ typically the `User` class:
40
+
41
+ ```ruby
42
+ class ApplicationController < ActionController::Base
43
+ auto_session_timeout
44
+ end
45
+
46
+ class User < ActiveRecord::Base
47
+ def auto_timeout
48
+ 15.minutes
49
+ end
50
+ end
51
+ ```
52
+
53
+ You will also need to insert a call to the `#auto_session_timeout_js`
54
+ helper method inside the body tags in your views. The easiest way to
55
+ do this is to insert it once inside your default or application-wide
56
+ layout. Make sure you are only rendering if the user is logged in,
57
+ otherwise the gem will attempt to force non-existent sessions to
58
+ timeout, wreaking havoc:
59
+
60
+ ```erb
61
+ <body>
62
+ <% if current_user %>
63
+ <%= auto_session_timeout_js %>
64
+ <% end %>
65
+ </body>
66
+ ```
43
67
 
44
68
  You need to setup two actions: one to return the session status and
45
69
  another that runs when the session times out. You can use the default
46
- actions included with the plugin by inserting this line in your target
70
+ actions included with the gem by inserting this line in your target
47
71
  controller (most likely your user or session controller):
48
72
 
49
- class SessionsController < ApplicationController
50
- auto_session_timeout_actions
51
- end
73
+ ```ruby
74
+ class SessionsController < ApplicationController
75
+ auto_session_timeout_actions
76
+ end
77
+ ```
52
78
 
53
79
  To customize the default actions, simply override them. You can call
54
- the render_session_status and render_session_timeout methods to use
55
- the default implementation from the plugin, or you can define the
80
+ the `#render_session_status` and `#render_session_timeout` methods to
81
+ use the default implementation from the gem, or you can define the
56
82
  actions entirely with your own custom code:
57
83
 
58
- class SessionsController < ApplicationController
59
- def active
60
- render_session_status
61
- end
62
-
63
- def timeout
64
- render_session_timeout
65
- end
66
- end
84
+ ```ruby
85
+ class SessionsController < ApplicationController
86
+ def active
87
+ render_session_status
88
+ end
89
+
90
+ def timeout
91
+ render_session_timeout
92
+ end
93
+ end
94
+ ```
67
95
 
68
- In any of these cases, make sure to properly map the actions in
69
- your routes.rb file:
96
+ In any of these cases, make sure to properly map the actions in your
97
+ routes.rb file:
70
98
 
71
- match 'active' => 'sessions#active', via: :get
72
- match 'timeout' => 'sessions#timeout', via: :get
99
+ ```ruby
100
+ get 'active' => 'sessions#active'
101
+ get 'timeout' => 'sessions#timeout'
102
+ ```
73
103
 
74
104
  You're done! Enjoy watching your sessions automatically timeout.
75
105
 
@@ -80,21 +110,23 @@ active sessions. If you prefer that it check more frequently, pass a
80
110
  frequency attribute to the helper method. The frequency is given in
81
111
  seconds. The following example checks the server every 15 seconds:
82
112
 
83
- <html>
84
- <head>...</head>
85
- <body>
86
- <% if current_user %>
87
- <%= auto_session_timeout_js frequency: 15 %>
88
- <% end %>
89
- ...
90
- </body>
91
- </html>
113
+ ```erb
114
+ <html>
115
+ <head>...</head>
116
+ <body>
117
+ <% if current_user %>
118
+ <%= auto_session_timeout_js frequency: 15 %>
119
+ <% end %>
120
+ ...
121
+ </body>
122
+ </html>
123
+ ```
92
124
 
93
125
  ## TODO
94
126
 
95
127
  * current_user must be defined
96
128
  * using Prototype vs. jQuery
97
- * setting timeout in controller vs. user
129
+ * using with Devise
98
130
 
99
131
  ## Contributing
100
132
 
@@ -1,7 +1,7 @@
1
1
  module Auto
2
2
  module Session
3
3
  module Timeout
4
- VERSION = "0.9.5"
4
+ VERSION = "0.9.6"
5
5
  end
6
6
  end
7
7
  end
@@ -8,7 +8,7 @@ module AutoSessionTimeout
8
8
  def auto_session_timeout(seconds=nil)
9
9
  protect_from_forgery except: [:active, :timeout]
10
10
  prepend_before_action do |c|
11
- if c.session[:auto_session_expires_at] && c.session[:auto_session_expires_at] < Time.now
11
+ if session_expired?(c) && !signing_in?(c)
12
12
  c.send :reset_session
13
13
  else
14
14
  unless c.request.original_url.start_with?(c.send(:active_url))
@@ -31,8 +31,24 @@ module AutoSessionTimeout
31
31
  end
32
32
 
33
33
  def render_session_timeout
34
- flash[:notice] = "Your session has timed out."
35
- redirect_to "/login"
34
+ flash[:notice] = t("devise.failure.timeout", default: "Your session has timed out.")
35
+ redirect_to sign_in_path
36
+ end
37
+
38
+ private
39
+
40
+ def signing_in?(c)
41
+ c.request.env["PATH_INFO"] == sign_in_path && c.request.env["REQUEST_METHOD"] == "POST"
42
+ end
43
+
44
+ def session_expired?(c)
45
+ c.session[:auto_session_expires_at].try(:<, Time.now)
46
+ end
47
+
48
+ def sign_in_path
49
+ user_session_path
50
+ rescue
51
+ "/login"
36
52
  end
37
53
 
38
54
  end
@@ -9,11 +9,11 @@ function PeriodicalQuery() {
9
9
  request.onload = function (event) {
10
10
  var status = event.target.status;
11
11
  var response = event.target.response;
12
- if (status === 200 && (response === false || response === 'false')) {
13
- window.location.href = '/timeout';
12
+ if (status === 200 && (response === false || response === 'false' || response === null)) {
13
+ window.location.href = '#{timeout_path}';
14
14
  }
15
15
  };
16
- request.open('GET', '/active', true);
16
+ request.open('GET', '#{active_path}', true);
17
17
  request.responseType = 'json';
18
18
  request.send();
19
19
  setTimeout(PeriodicalQuery, (#{frequency} * 1000));
@@ -2,7 +2,17 @@ require File.dirname(__FILE__) + '/test_helper'
2
2
 
3
3
  describe AutoSessionTimeoutHelper do
4
4
 
5
- subject { Class.new(ActionView::Base).new }
5
+ class ActionView::Base
6
+ def timeout_path
7
+ '/timeout'
8
+ end
9
+
10
+ def active_path
11
+ '/active'
12
+ end
13
+ end
14
+
15
+ subject { ActionView::Base.new }
6
16
 
7
17
  describe "#auto_session_timeout_js" do
8
18
  it "returns correct JS" do
@@ -13,7 +23,7 @@ function PeriodicalQuery() {
13
23
  request.onload = function (event) {
14
24
  var status = event.target.status;
15
25
  var response = event.target.response;
16
- if (status === 200 && (response === false || response === 'false')) {
26
+ if (status === 200 && (response === false || response === 'false' || response === null)) {
17
27
  window.location.href = '/timeout';
18
28
  }
19
29
  };
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: auto-session-timeout
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.5
4
+ version: 0.9.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthew Bass
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-13 00:00:00.000000000 Z
11
+ date: 2019-10-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -107,8 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
107
107
  - !ruby/object:Gem::Version
108
108
  version: '0'
109
109
  requirements: []
110
- rubyforge_project:
111
- rubygems_version: 2.6.10
110
+ rubygems_version: 3.0.6
112
111
  signing_key:
113
112
  specification_version: 4
114
113
  summary: Provides automatic session timeout in a Rails application.