couchrest_session_store 0.2.0 → 0.2.1

data/.travis.yml

@@ -2,3 +2,5 @@ services:
   - couchdb
 notifications:
   email: false
+before_script:
+  - "test/setup_couch.sh"

data/README.md

@@ -2,7 +2,13 @@
 
 A simple session store based on CouchRest Model.
 
-It will automatically pick up the config/couch.yml file for CouchRest Model
+
+## Setup ##
+
+CouchRest::Session::Store will automatically pick up the config/couch.yml file for CouchRest Model.
+Cleaning up sessions requires a design document in the sessions database that enables querying by expiry. See the design directory for an example and test/setup_couch.sh for a script that puts the document on the couch for our tests.
+
+
 
 ## Options ##
 

data/couchrest_session_store.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |gem|
   gem.files = `git ls-files`.split("\n")
   gem.name = "couchrest_session_store"
   gem.require_paths = ["lib"]
-  gem.version = '0.2.0'
+  gem.version = '0.2.1'
 
   gem.add_dependency "couchrest"
   gem.add_dependency "couchrest_model"

data/design/Session.json

@@ -0,0 +1,8 @@
+{
+   "views": {
+       "by_expires": {
+           "reduce": "_sum",
+           "map": "function(doc) {\n  if(typeof doc.expires !== \"undefined\") {\n    emit(doc.expires, 1);\n  }\n}\n"
+       }
+   }
+}

data/lib/couchrest/session/document.rb

@@ -1,4 +1,5 @@
 require 'couchrest/session/utility'
+require 'time'
 
 class CouchRest::Session::Document
   include CouchRest::Session::Utility
@@ -13,12 +14,21 @@ class CouchRest::Session::Document
     end
   end
 
-  def self.build(sid, session, options)
+  def self.build(sid, session, options = {})
     self.new(CouchRest::Document.new({"_id" => sid})).tap do |session_doc|
       session_doc.update session, options
     end
   end
 
+  def self.build_or_update(sid, session, options = {})
+    options[:marshal_data] = true if options[:marshal_data].nil?
+    doc = self.load(sid)
+    doc.update(session, options)
+    return doc
+  rescue RestClient::ResourceNotFound
+    self.build(sid, session, options)
+  end
+
   def load(sid)
     @doc = database.get(sid)
   end
@@ -62,11 +72,11 @@ class CouchRest::Session::Document
 
   def expiry_from_options(options)
     expire_after = options[:expire_after]
-    expire_after && (Time.now + expire_after)
+    expire_after && (Time.now + expire_after).utc
   end
 
   def expires
-    doc["expires"] && Time.parse_iso8601(doc["expires"])
+    doc["expires"] && Time.iso8601(doc["expires"])
   end
 
   def doc

data/lib/couchrest/session/store.rb

@@ -21,6 +21,29 @@ class CouchRest::Session::Store < ActionDispatch::Session::AbstractStore
     use_database @options[:database] || "sessions"
   end
 
+  def cleanup(rows)
+    rows.each do |row|
+      doc = CouchRest::Session::Document.load(row['id'])
+      doc.delete
+    end
+  end
+
+  def expired
+    find_by_expires startkey: 1,
+      endkey: Time.now.utc.iso8601
+  end
+
+  def never_expiring
+    find_by_expires endkey: 1
+  end
+
+  def find_by_expires(options = {})
+    options[:reduce] ||= false
+    design = self.class.database.get '_design/Session'
+    response = design.view :by_expires, options
+    response['rows']
+  end
+
   private
 
   def get_session(env, sid)
@@ -35,6 +58,7 @@ class CouchRest::Session::Store < ActionDispatch::Session::AbstractStore
   end
 
   def set_session(env, sid, session, options)
+    raise RestClient::ResourceNotFound if /^_design\/(.*)/ =~ sid
     doc = build_or_update_doc(sid, session, options)
     doc.save
     return sid
@@ -56,12 +80,7 @@ class CouchRest::Session::Store < ActionDispatch::Session::AbstractStore
   end
 
   def build_or_update_doc(sid, session, options)
-    options[:marshal_data] = true if options[:marshal_data].nil?
-    doc = secure_get(sid)
-    doc.update(session, options)
-    return doc
-  rescue RestClient::ResourceNotFound
-    CouchRest::Session::Document.build(sid, session, options)
+    CouchRest::Session::Document.build_or_update(sid, session, options)
   end
 
   # prevent access to design docs
@@ -71,5 +90,5 @@ class CouchRest::Session::Store < ActionDispatch::Session::AbstractStore
     raise RestClient::ResourceNotFound if /^_design\/(.*)/ =~ sid
     CouchRest::Session::Document.load(sid)
   end
-end
 
+end

data/test/session_store_test.rb

@@ -9,21 +9,27 @@ class SessionStoreTest < MiniTest::Test
   end
 
   def test_normal_session_flow
-    sid, session = init_session
-    store_session(sid, session)
+    sid, session = never_expiring_session
     assert_equal [sid, session], store.send(:get_session, env, sid)
     store.send :destroy_session, env, sid, {}
   end
 
   def test_updating_session
-    sid, session = init_session
-    store_session(sid, session)
+    sid, session = never_expiring_session
     session[:bla] = "blub"
     store.send :set_session, env, sid, session, {}
     assert_equal [sid, session], store.send(:get_session, env, sid)
     store.send :destroy_session, env, sid, {}
   end
 
+  def test_prevent_access_to_design_docs
+    sid = '_design/bla'
+    session = {views: 'my hacked view'}
+    assert_raises RestClient::ResourceNotFound do
+      store_session(sid, session)
+    end
+  end
+
   def test_unmarshalled_session_flow
     sid, session = init_session
     store_session sid, session, :marshal_data => false
@@ -42,16 +48,14 @@ class SessionStoreTest < MiniTest::Test
   end
 
   def test_logout_in_between
-    sid, session = init_session
-    store_session(sid, session)
+    sid, session = never_expiring_session
     store.send :destroy_session, env, sid, {}
     other_sid, other_session = store.send(:get_session, env, sid)
     assert_equal Hash.new, other_session
   end
 
   def test_can_logout_twice
-    sid, session = init_session
-    store_session(sid, session)
+    sid, session = never_expiring_session
     store.send :destroy_session, env, sid, {}
     store.send :destroy_session, env, sid, {}
     other_sid, other_session = store.send(:get_session, env, sid)
@@ -59,8 +63,7 @@ class SessionStoreTest < MiniTest::Test
   end
 
   def test_stored_and_not_expired_yet
-    sid, session = init_session
-    store_session(sid, session, expire_after: 300)
+    sid, session = expiring_session
     doc = CouchRest::Session::Document.load(sid)
     expires = doc.send :expires
     assert expires
@@ -71,17 +74,44 @@ class SessionStoreTest < MiniTest::Test
   end
 
   def test_stored_but_expired
-    sid, session = init_session
-    store_session(sid, session, expire_after: 300)
-    CouchTester.new.update(sid, "expires" => Time.now - 2.minutes)
+    sid, session = expired_session
     other_sid, other_session = store.send(:get_session, env, sid)
     assert_equal Hash.new, other_session, "session should have expired"
     assert other_sid != sid
   end
 
+  def test_find_expired_sessions
+    expired, expiring, never_expiring = seed_sessions
+    expired_session_ids = store.expired.map {|row| row['id']}
+    assert expired_session_ids.include?(expired)
+    assert !expired_session_ids.include?(expiring)
+    assert !expired_session_ids.include?(never_expiring)
+  end
+
+  def test_find_never_expiring_sessions
+    expired, expiring, never_expiring = seed_sessions
+    never_expiring_session_ids = store.never_expiring.map {|row| row['id']}
+    assert never_expiring_session_ids.include?(never_expiring)
+    assert !never_expiring_session_ids.include?(expiring)
+    assert !never_expiring_session_ids.include?(expired)
+  end
+
+  def test_cleanup_expired_sessions
+    sid, session = expired_session
+    store.cleanup(store.expired)
+    assert_raises RestClient::ResourceNotFound do
+      CouchTester.new.get(sid)
+    end
+  end
+
+  def test_keep_fresh_during_cleanup
+    sid, session = expiring_session
+    store.cleanup(store.expired)
+    assert_equal [sid, session], store.send(:get_session, env, sid)
+  end
+
   def test_store_without_expiry
-    sid, session = init_session
-    store_session(sid, session)
+    sid, session = never_expiring_session
     couch = CouchTester.new
     assert_nil couch.get(sid)["expires"]
     assert_equal [sid, session], store.send(:get_session, env, sid)
@@ -99,6 +129,25 @@ class SessionStoreTest < MiniTest::Test
     env ||= settings
   end
 
+  # returns the session ids of an expired, and expiring and a never
+  # expiring session
+  def seed_sessions
+    [expired_session, expiring_session, never_expiring_session].map(&:first)
+  end
+
+  def never_expiring_session
+    store_session *init_session
+  end
+
+  def expiring_session
+    sid, session = init_session
+    store_session(sid, session, expire_after: 300)
+  end
+
+  def expired_session
+    expire_session *expiring_session
+  end
+
   def init_session
     sid, session = store.send :get_session, env, nil
     session[:key] = "stub"
@@ -107,5 +156,13 @@ class SessionStoreTest < MiniTest::Test
 
   def store_session(sid, session, options = {})
     store.send :set_session, env, sid, session, options
+    return sid, session
   end
+
+  def expire_session(sid, session)
+    CouchTester.new.update sid,
+      "expires" => (Time.now - 10.minutes).utc.iso8601
+    return sid, session
+  end
+
 end

data/test/setup_couch.sh

@@ -0,0 +1,7 @@
+HOST="http://localhost:5984"
+echo "couch version :"
+curl -X GET $HOST
+
+curl -X PUT $HOST/couchrest_sessions
+curl -X PUT $HOST/couchrest_sessions/_design/Session --data @design/Session.json
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: couchrest_session_store
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-17 00:00:00.000000000 Z
+date: 2013-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: couchrest
@@ -103,6 +103,7 @@ files:
 - README.md
 - Rakefile
 - couchrest_session_store.gemspec
+- design/Session.json
 - lib/couchrest/session.rb
 - lib/couchrest/session/document.rb
 - lib/couchrest/session/store.rb
@@ -110,6 +111,7 @@ files:
 - lib/couchrest_session_store.rb
 - test/couch_tester.rb
 - test/session_store_test.rb
+- test/setup_couch.sh
 - test/test_clock.rb
 - test/test_helper.rb
 homepage: http://github.com/azul/couchrest_session_store