auto-session-timeout 0.9.5 → 0.9.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG +47 -1
- data/README.md +79 -47
- data/lib/auto/session/timeout/version.rb +1 -1
- data/lib/auto_session_timeout.rb +19 -3
- data/lib/auto_session_timeout_helper.rb +3 -3
- data/test/auto_session_timeout_helper_test.rb +12 -2
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 43964b8e2454251977f6214625438c2b56d378f009014c2c5f6467575367d883
|
|
4
|
+
data.tar.gz: a7a0b504cbbf06c85c7876a8be3a244a9eb4e5a910ad0b4ec5c01e58f503d833
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3afb1575ae4cfc3c1337286c35b620aab5d7d68602cf30989761f34dfcfc102a40a3982e5e3305d1a5bd673965a8b220804f75c6ee325da516b36eeb17689736
|
|
7
|
+
data.tar.gz: a6a53fe82ed32bf7a5f755e203a6425cb3def4061f6ea7fe6b733eedeed5b2fe4d2f37c82f5e5ae7b412177f6fe1b61cd3be2cef7de57be6ec1429db56458748
|
data/CHANGELOG
CHANGED
|
@@ -1,5 +1,51 @@
|
|
|
1
|
+
2019-10-15 - v0.9.6
|
|
2
|
+
|
|
3
|
+
2019-10-15 - Use routes in JS helper [pelargir]
|
|
4
|
+
|
|
5
|
+
2019-03-03 - Update README [cprodhomme]
|
|
6
|
+
|
|
7
|
+
2018-12-21 - Support Rails protect_from_forgery [davegudge]
|
|
8
|
+
|
|
9
|
+
2017-06-13 - v0.9.5
|
|
10
|
+
|
|
11
|
+
2017-06-12 - Exclude controller actions from CSRF verification [pelargir]
|
|
12
|
+
|
|
13
|
+
2017-06-12 - Make updater use vanilla JS [emilos]
|
|
14
|
+
|
|
15
|
+
2017-05-16 - v0.9.4
|
|
16
|
+
|
|
17
|
+
2017-05-08 - Rails 5 compatibility [quainjn]
|
|
18
|
+
|
|
19
|
+
2016-10-14 - Allow defining verbosity [zaimramlan]
|
|
20
|
+
|
|
21
|
+
2013-08-29 - v0.9.3
|
|
22
|
+
|
|
23
|
+
2013-08-28 - Add jQuery support [krishnasrihari]
|
|
24
|
+
|
|
25
|
+
2013-07-24 - v0.9.2
|
|
26
|
+
|
|
27
|
+
2013-07-24 - Add tests and use Ruby 1.9 hash syntax [pelargir]
|
|
28
|
+
|
|
29
|
+
2013-07-24 - v0.9.1
|
|
30
|
+
|
|
31
|
+
2013-07-24 - Timeout can be set in controller or user model [pelargir]
|
|
32
|
+
|
|
33
|
+
2013-07-22 - v0.9
|
|
34
|
+
|
|
35
|
+
2013-07-21 - Support for jQuery periodical updater plugin [pelargir]
|
|
36
|
+
|
|
37
|
+
2013-07-17 - v0.8
|
|
38
|
+
|
|
1
39
|
2014-07-14 - Added jQuery support [krishnasrihari]
|
|
2
40
|
|
|
41
|
+
2013-06-23 - v0.7
|
|
42
|
+
|
|
3
43
|
2013-06-22 - Switched to Bundler for generating the gemspec [pelargir]
|
|
4
44
|
|
|
5
|
-
2009-
|
|
45
|
+
2009-08-22 - v0.5
|
|
46
|
+
|
|
47
|
+
2009-06-03 - Move controller actions into plugin [pelargir]
|
|
48
|
+
|
|
49
|
+
2009-04-22 - Add JS helper [pelargir]
|
|
50
|
+
|
|
51
|
+
2009-04-22 - Initial import [pelargir]
|
data/README.md
CHANGED
|
@@ -4,13 +4,15 @@ Provides automatic session timeout in a Rails application. Very easy
|
|
|
4
4
|
to install and configure. Have you ever wanted to force your users
|
|
5
5
|
off your app if they go idle for a certain period of time? Many
|
|
6
6
|
online banking sites use this technique. If your app is used on any
|
|
7
|
-
kind of public computer system, this
|
|
7
|
+
kind of public computer system, this gem is a necessity.
|
|
8
8
|
|
|
9
9
|
## Installation
|
|
10
10
|
|
|
11
11
|
Add this line to your application's Gemfile:
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
```ruby
|
|
14
|
+
gem 'auto-session-timeout'
|
|
15
|
+
```
|
|
14
16
|
|
|
15
17
|
And then execute:
|
|
16
18
|
|
|
@@ -24,52 +26,80 @@ Or install it yourself as:
|
|
|
24
26
|
|
|
25
27
|
After installing, tell your application controller to use auto timeout:
|
|
26
28
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
29
|
+
```ruby
|
|
30
|
+
class ApplicationController < ActionController::Base
|
|
31
|
+
auto_session_timeout 1.hour
|
|
32
|
+
...
|
|
33
|
+
end
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
This will use a global timeout of 1 hour. If you want to specify a
|
|
37
|
+
custom timeout value per user, don't pass a value above. Instead,
|
|
38
|
+
override `#auto_timeout` in your `#current_user` model. This is
|
|
39
|
+
typically the `User` class:
|
|
40
|
+
|
|
41
|
+
```ruby
|
|
42
|
+
class ApplicationController < ActionController::Base
|
|
43
|
+
auto_session_timeout
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
class User < ActiveRecord::Base
|
|
47
|
+
def auto_timeout
|
|
48
|
+
15.minutes
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
You will also need to insert a call to the `#auto_session_timeout_js`
|
|
54
|
+
helper method inside the body tags in your views. The easiest way to
|
|
55
|
+
do this is to insert it once inside your default or application-wide
|
|
56
|
+
layout. Make sure you are only rendering if the user is logged in,
|
|
57
|
+
otherwise the gem will attempt to force non-existent sessions to
|
|
58
|
+
timeout, wreaking havoc:
|
|
59
|
+
|
|
60
|
+
```erb
|
|
61
|
+
<body>
|
|
62
|
+
<% if current_user %>
|
|
63
|
+
<%= auto_session_timeout_js %>
|
|
64
|
+
<% end %>
|
|
65
|
+
</body>
|
|
66
|
+
```
|
|
43
67
|
|
|
44
68
|
You need to setup two actions: one to return the session status and
|
|
45
69
|
another that runs when the session times out. You can use the default
|
|
46
|
-
actions included with the
|
|
70
|
+
actions included with the gem by inserting this line in your target
|
|
47
71
|
controller (most likely your user or session controller):
|
|
48
72
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
73
|
+
```ruby
|
|
74
|
+
class SessionsController < ApplicationController
|
|
75
|
+
auto_session_timeout_actions
|
|
76
|
+
end
|
|
77
|
+
```
|
|
52
78
|
|
|
53
79
|
To customize the default actions, simply override them. You can call
|
|
54
|
-
the render_session_status and render_session_timeout methods to
|
|
55
|
-
the default implementation from the
|
|
80
|
+
the `#render_session_status` and `#render_session_timeout` methods to
|
|
81
|
+
use the default implementation from the gem, or you can define the
|
|
56
82
|
actions entirely with your own custom code:
|
|
57
83
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
84
|
+
```ruby
|
|
85
|
+
class SessionsController < ApplicationController
|
|
86
|
+
def active
|
|
87
|
+
render_session_status
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def timeout
|
|
91
|
+
render_session_timeout
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
```
|
|
67
95
|
|
|
68
|
-
In any of these cases, make sure to properly map the actions in
|
|
69
|
-
|
|
96
|
+
In any of these cases, make sure to properly map the actions in your
|
|
97
|
+
routes.rb file:
|
|
70
98
|
|
|
71
|
-
|
|
72
|
-
|
|
99
|
+
```ruby
|
|
100
|
+
get 'active' => 'sessions#active'
|
|
101
|
+
get 'timeout' => 'sessions#timeout'
|
|
102
|
+
```
|
|
73
103
|
|
|
74
104
|
You're done! Enjoy watching your sessions automatically timeout.
|
|
75
105
|
|
|
@@ -80,21 +110,23 @@ active sessions. If you prefer that it check more frequently, pass a
|
|
|
80
110
|
frequency attribute to the helper method. The frequency is given in
|
|
81
111
|
seconds. The following example checks the server every 15 seconds:
|
|
82
112
|
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
113
|
+
```erb
|
|
114
|
+
<html>
|
|
115
|
+
<head>...</head>
|
|
116
|
+
<body>
|
|
117
|
+
<% if current_user %>
|
|
118
|
+
<%= auto_session_timeout_js frequency: 15 %>
|
|
119
|
+
<% end %>
|
|
120
|
+
...
|
|
121
|
+
</body>
|
|
122
|
+
</html>
|
|
123
|
+
```
|
|
92
124
|
|
|
93
125
|
## TODO
|
|
94
126
|
|
|
95
127
|
* current_user must be defined
|
|
96
128
|
* using Prototype vs. jQuery
|
|
97
|
-
*
|
|
129
|
+
* using with Devise
|
|
98
130
|
|
|
99
131
|
## Contributing
|
|
100
132
|
|
data/lib/auto_session_timeout.rb
CHANGED
|
@@ -8,7 +8,7 @@ module AutoSessionTimeout
|
|
|
8
8
|
def auto_session_timeout(seconds=nil)
|
|
9
9
|
protect_from_forgery except: [:active, :timeout]
|
|
10
10
|
prepend_before_action do |c|
|
|
11
|
-
if c
|
|
11
|
+
if session_expired?(c) && !signing_in?(c)
|
|
12
12
|
c.send :reset_session
|
|
13
13
|
else
|
|
14
14
|
unless c.request.original_url.start_with?(c.send(:active_url))
|
|
@@ -31,8 +31,24 @@ module AutoSessionTimeout
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def render_session_timeout
|
|
34
|
-
flash[:notice] = "Your session has timed out."
|
|
35
|
-
redirect_to
|
|
34
|
+
flash[:notice] = t("devise.failure.timeout", default: "Your session has timed out.")
|
|
35
|
+
redirect_to sign_in_path
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
def signing_in?(c)
|
|
41
|
+
c.request.env["PATH_INFO"] == sign_in_path && c.request.env["REQUEST_METHOD"] == "POST"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def session_expired?(c)
|
|
45
|
+
c.session[:auto_session_expires_at].try(:<, Time.now)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def sign_in_path
|
|
49
|
+
user_session_path
|
|
50
|
+
rescue
|
|
51
|
+
"/login"
|
|
36
52
|
end
|
|
37
53
|
|
|
38
54
|
end
|
|
@@ -9,11 +9,11 @@ function PeriodicalQuery() {
|
|
|
9
9
|
request.onload = function (event) {
|
|
10
10
|
var status = event.target.status;
|
|
11
11
|
var response = event.target.response;
|
|
12
|
-
if (status === 200 && (response === false || response === 'false')) {
|
|
13
|
-
window.location.href = '
|
|
12
|
+
if (status === 200 && (response === false || response === 'false' || response === null)) {
|
|
13
|
+
window.location.href = '#{timeout_path}';
|
|
14
14
|
}
|
|
15
15
|
};
|
|
16
|
-
request.open('GET', '
|
|
16
|
+
request.open('GET', '#{active_path}', true);
|
|
17
17
|
request.responseType = 'json';
|
|
18
18
|
request.send();
|
|
19
19
|
setTimeout(PeriodicalQuery, (#{frequency} * 1000));
|
|
@@ -2,7 +2,17 @@ require File.dirname(__FILE__) + '/test_helper'
|
|
|
2
2
|
|
|
3
3
|
describe AutoSessionTimeoutHelper do
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
class ActionView::Base
|
|
6
|
+
def timeout_path
|
|
7
|
+
'/timeout'
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def active_path
|
|
11
|
+
'/active'
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
subject { ActionView::Base.new }
|
|
6
16
|
|
|
7
17
|
describe "#auto_session_timeout_js" do
|
|
8
18
|
it "returns correct JS" do
|
|
@@ -13,7 +23,7 @@ function PeriodicalQuery() {
|
|
|
13
23
|
request.onload = function (event) {
|
|
14
24
|
var status = event.target.status;
|
|
15
25
|
var response = event.target.response;
|
|
16
|
-
if (status === 200 && (response === false || response === 'false')) {
|
|
26
|
+
if (status === 200 && (response === false || response === 'false' || response === null)) {
|
|
17
27
|
window.location.href = '/timeout';
|
|
18
28
|
}
|
|
19
29
|
};
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: auto-session-timeout
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthew Bass
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-10-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -107,8 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
108
|
version: '0'
|
|
109
109
|
requirements: []
|
|
110
|
-
|
|
111
|
-
rubygems_version: 2.6.10
|
|
110
|
+
rubygems_version: 3.0.6
|
|
112
111
|
signing_key:
|
|
113
112
|
specification_version: 4
|
|
114
113
|
summary: Provides automatic session timeout in a Rails application.
|