auto-session-timeout 0.9.5 → 0.9.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG +47 -1
- data/README.md +79 -47
- data/lib/auto/session/timeout/version.rb +1 -1
- data/lib/auto_session_timeout.rb +19 -3
- data/lib/auto_session_timeout_helper.rb +3 -3
- data/test/auto_session_timeout_helper_test.rb +12 -2
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 43964b8e2454251977f6214625438c2b56d378f009014c2c5f6467575367d883
|
|
4
|
+
data.tar.gz: a7a0b504cbbf06c85c7876a8be3a244a9eb4e5a910ad0b4ec5c01e58f503d833
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3afb1575ae4cfc3c1337286c35b620aab5d7d68602cf30989761f34dfcfc102a40a3982e5e3305d1a5bd673965a8b220804f75c6ee325da516b36eeb17689736
|
|
7
|
+
data.tar.gz: a6a53fe82ed32bf7a5f755e203a6425cb3def4061f6ea7fe6b733eedeed5b2fe4d2f37c82f5e5ae7b412177f6fe1b61cd3be2cef7de57be6ec1429db56458748
|
data/CHANGELOG
CHANGED
|
@@ -1,5 +1,51 @@
|
|
|
1
|
+
2019-10-15 - v0.9.6
|
|
2
|
+
|
|
3
|
+
2019-10-15 - Use routes in JS helper [pelargir]
|
|
4
|
+
|
|
5
|
+
2019-03-03 - Update README [cprodhomme]
|
|
6
|
+
|
|
7
|
+
2018-12-21 - Support Rails protect_from_forgery [davegudge]
|
|
8
|
+
|
|
9
|
+
2017-06-13 - v0.9.5
|
|
10
|
+
|
|
11
|
+
2017-06-12 - Exclude controller actions from CSRF verification [pelargir]
|
|
12
|
+
|
|
13
|
+
2017-06-12 - Make updater use vanilla JS [emilos]
|
|
14
|
+
|
|
15
|
+
2017-05-16 - v0.9.4
|
|
16
|
+
|
|
17
|
+
2017-05-08 - Rails 5 compatibility [quainjn]
|
|
18
|
+
|
|
19
|
+
2016-10-14 - Allow defining verbosity [zaimramlan]
|
|
20
|
+
|
|
21
|
+
2013-08-29 - v0.9.3
|
|
22
|
+
|
|
23
|
+
2013-08-28 - Add jQuery support [krishnasrihari]
|
|
24
|
+
|
|
25
|
+
2013-07-24 - v0.9.2
|
|
26
|
+
|
|
27
|
+
2013-07-24 - Add tests and use Ruby 1.9 hash syntax [pelargir]
|
|
28
|
+
|
|
29
|
+
2013-07-24 - v0.9.1
|
|
30
|
+
|
|
31
|
+
2013-07-24 - Timeout can be set in controller or user model [pelargir]
|
|
32
|
+
|
|
33
|
+
2013-07-22 - v0.9
|
|
34
|
+
|
|
35
|
+
2013-07-21 - Support for jQuery periodical updater plugin [pelargir]
|
|
36
|
+
|
|
37
|
+
2013-07-17 - v0.8
|
|
38
|
+
|
|
1
39
|
2014-07-14 - Added jQuery support [krishnasrihari]
|
|
2
40
|
|
|
41
|
+
2013-06-23 - v0.7
|
|
42
|
+
|
|
3
43
|
2013-06-22 - Switched to Bundler for generating the gemspec [pelargir]
|
|
4
44
|
|
|
5
|
-
2009-
|
|
45
|
+
2009-08-22 - v0.5
|
|
46
|
+
|
|
47
|
+
2009-06-03 - Move controller actions into plugin [pelargir]
|
|
48
|
+
|
|
49
|
+
2009-04-22 - Add JS helper [pelargir]
|
|
50
|
+
|
|
51
|
+
2009-04-22 - Initial import [pelargir]
|
data/README.md
CHANGED
|
@@ -4,13 +4,15 @@ Provides automatic session timeout in a Rails application. Very easy
|
|
|
4
4
|
to install and configure. Have you ever wanted to force your users
|
|
5
5
|
off your app if they go idle for a certain period of time? Many
|
|
6
6
|
online banking sites use this technique. If your app is used on any
|
|
7
|
-
kind of public computer system, this
|
|
7
|
+
kind of public computer system, this gem is a necessity.
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
11
11
|
Add this line to your application's Gemfile:
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
```ruby
|
|
14
|
+
gem 'auto-session-timeout'
|
|
15
|
+
```
|
|
14
16
|
|
|
15
17
|
And then execute:
|
|
16
18
|
|
|
@@ -24,52 +26,80 @@ Or install it yourself as:
|
|
|
24
26
|
|
|
25
27
|
After installing, tell your application controller to use auto timeout:
|
|
26
28
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
29
|
+
```ruby
|
|
30
|
+
class ApplicationController < ActionController::Base
|
|
31
|
+
auto_session_timeout 1.hour
|
|
32
|
+
...
|
|
33
|
+
end
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
This will use a global timeout of 1 hour. If you want to specify a
|
|
37
|
+
custom timeout value per user, don't pass a value above. Instead,
|
|
38
|
+
override `#auto_timeout` in your `#current_user` model. This is
|
|
39
|
+
typically the `User` class:
|
|
40
|
+
|
|
41
|
+
```ruby
|
|
42
|
+
class ApplicationController < ActionController::Base
|
|
43
|
+
auto_session_timeout
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
class User < ActiveRecord::Base
|
|
47
|
+
def auto_timeout
|
|
48
|
+
15.minutes
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
You will also need to insert a call to the `#auto_session_timeout_js`
|
|
54
|
+
helper method inside the body tags in your views. The easiest way to
|
|
55
|
+
do this is to insert it once inside your default or application-wide
|
|
56
|
+
layout. Make sure you are only rendering if the user is logged in,
|
|
57
|
+
otherwise the gem will attempt to force non-existent sessions to
|
|
58
|
+
timeout, wreaking havoc:
|
|
59
|
+
|
|
60
|
+
```erb
|
|
61
|
+
<body>
|
|
62
|
+
<% if current_user %>
|
|
63
|
+
<%= auto_session_timeout_js %>
|
|
64
|
+
<% end %>
|
|
65
|
+
</body>
|
|
66
|
+
```
|
|
43
67
|
|
|
44
68
|
You need to setup two actions: one to return the session status and
|
|
45
69
|
another that runs when the session times out. You can use the default
|
|
46
|
-
actions included with the
|
|
70
|
+
actions included with the gem by inserting this line in your target
|
|
47
71
|
controller (most likely your user or session controller):
|
|
48
72
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
73
|
+
```ruby
|
|
74
|
+
class SessionsController < ApplicationController
|
|
75
|
+
auto_session_timeout_actions
|
|
76
|
+
end
|
|
77
|
+
```
|
|
52
78
|
|
|
53
79
|
To customize the default actions, simply override them. You can call
|
|
54
|
-
the render_session_status and render_session_timeout methods to
|
|
55
|
-
the default implementation from the
|
|
80
|
+
the `#render_session_status` and `#render_session_timeout` methods to
|
|
81
|
+
use the default implementation from the gem, or you can define the
|
|
56
82
|
actions entirely with your own custom code:
|
|
57
83
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
84
|
+
```ruby
|
|
85
|
+
class SessionsController < ApplicationController
|
|
86
|
+
def active
|
|
87
|
+
render_session_status
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def timeout
|
|
91
|
+
render_session_timeout
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
```
|
|
67
95
|
|
|
68
|
-
In any of these cases, make sure to properly map the actions in
|
|
69
|
-
|
|
96
|
+
In any of these cases, make sure to properly map the actions in your
|
|
97
|
+
routes.rb file:
|
|
70
98
|
|
|
71
|
-
|
|
72
|
-
|
|
99
|
+
```ruby
|
|
100
|
+
get 'active' => 'sessions#active'
|
|
101
|
+
get 'timeout' => 'sessions#timeout'
|
|
102
|
+
```
|
|
73
103
|
|
|
74
104
|
You're done! Enjoy watching your sessions automatically timeout.
|
|
75
105
|
|
|
@@ -80,21 +110,23 @@ active sessions. If you prefer that it check more frequently, pass a
|
|
|
80
110
|
frequency attribute to the helper method. The frequency is given in
|
|
81
111
|
seconds. The following example checks the server every 15 seconds:
|
|
82
112
|
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
113
|
+
```erb
|
|
114
|
+
<html>
|
|
115
|
+
<head>...</head>
|
|
116
|
+
<body>
|
|
117
|
+
<% if current_user %>
|
|
118
|
+
<%= auto_session_timeout_js frequency: 15 %>
|
|
119
|
+
<% end %>
|
|
120
|
+
...
|
|
121
|
+
</body>
|
|
122
|
+
</html>
|
|
123
|
+
```
|
|
92
124
|
|
|
93
125
|
## TODO
|
|
94
126
|
|
|
95
127
|
* current_user must be defined
|
|
96
128
|
* using Prototype vs. jQuery
|
|
97
|
-
*
|
|
129
|
+
* using with Devise
|
|
98
130
|
|
|
99
131
|
## Contributing
|
|
100
132
|
|
data/lib/auto_session_timeout.rb
CHANGED
|
@@ -8,7 +8,7 @@ module AutoSessionTimeout
|
|
|
8
8
|
def auto_session_timeout(seconds=nil)
|
|
9
9
|
protect_from_forgery except: [:active, :timeout]
|
|
10
10
|
prepend_before_action do |c|
|
|
11
|
-
if c
|
|
11
|
+
if session_expired?(c) && !signing_in?(c)
|
|
12
12
|
c.send :reset_session
|
|
13
13
|
else
|
|
14
14
|
unless c.request.original_url.start_with?(c.send(:active_url))
|
|
@@ -31,8 +31,24 @@ module AutoSessionTimeout
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def render_session_timeout
|
|
34
|
-
flash[:notice] = "Your session has timed out."
|
|
35
|
-
redirect_to
|
|
34
|
+
flash[:notice] = t("devise.failure.timeout", default: "Your session has timed out.")
|
|
35
|
+
redirect_to sign_in_path
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
def signing_in?(c)
|
|
41
|
+
c.request.env["PATH_INFO"] == sign_in_path && c.request.env["REQUEST_METHOD"] == "POST"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def session_expired?(c)
|
|
45
|
+
c.session[:auto_session_expires_at].try(:<, Time.now)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def sign_in_path
|
|
49
|
+
user_session_path
|
|
50
|
+
rescue
|
|
51
|
+
"/login"
|
|
36
52
|
end
|
|
37
53
|
|
|
38
54
|
end
|
|
@@ -9,11 +9,11 @@ function PeriodicalQuery() {
|
|
|
9
9
|
request.onload = function (event) {
|
|
10
10
|
var status = event.target.status;
|
|
11
11
|
var response = event.target.response;
|
|
12
|
-
if (status === 200 && (response === false || response === 'false')) {
|
|
13
|
-
window.location.href = '
|
|
12
|
+
if (status === 200 && (response === false || response === 'false' || response === null)) {
|
|
13
|
+
window.location.href = '#{timeout_path}';
|
|
14
14
|
}
|
|
15
15
|
};
|
|
16
|
-
request.open('GET', '
|
|
16
|
+
request.open('GET', '#{active_path}', true);
|
|
17
17
|
request.responseType = 'json';
|
|
18
18
|
request.send();
|
|
19
19
|
setTimeout(PeriodicalQuery, (#{frequency} * 1000));
|
|
@@ -2,7 +2,17 @@ require File.dirname(__FILE__) + '/test_helper'
|
|
|
2
2
|
|
|
3
3
|
describe AutoSessionTimeoutHelper do
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
class ActionView::Base
|
|
6
|
+
def timeout_path
|
|
7
|
+
'/timeout'
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def active_path
|
|
11
|
+
'/active'
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
subject { ActionView::Base.new }
|
|
6
16
|
|
|
7
17
|
describe "#auto_session_timeout_js" do
|
|
8
18
|
it "returns correct JS" do
|
|
@@ -13,7 +23,7 @@ function PeriodicalQuery() {
|
|
|
13
23
|
request.onload = function (event) {
|
|
14
24
|
var status = event.target.status;
|
|
15
25
|
var response = event.target.response;
|
|
16
|
-
if (status === 200 && (response === false || response === 'false')) {
|
|
26
|
+
if (status === 200 && (response === false || response === 'false' || response === null)) {
|
|
17
27
|
window.location.href = '/timeout';
|
|
18
28
|
}
|
|
19
29
|
};
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: auto-session-timeout
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthew Bass
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-10-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -107,8 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
108
|
version: '0'
|
|
109
109
|
requirements: []
|
|
110
|
-
|
|
111
|
-
rubygems_version: 2.6.10
|
|
110
|
+
rubygems_version: 3.0.6
|
|
112
111
|
signing_key:
|
|
113
112
|
specification_version: 4
|
|
114
113
|
summary: Provides automatic session timeout in a Rails application.
|