devise_security_extension 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/VERSION +1 -1
  2. data/devise_security_extension.gemspec +2 -2
  3. data/lib/devise_security_extension/hooks/session_limitable.rb +7 -9
  4. metadata +3 -3
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.7.1
1
+ 0.7.2
data/devise_security_extension.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "devise_security_extension"
8
- s.version = "0.7.1"
8
+ s.version = "0.7.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Marco Scholl", "Alexander Dreher"]
12
- s.date = "2012-11-21"
12
+ s.date = "2012-11-22"
13
13
  s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
14
14
  s.email = "team@phatworx.de"
15
15
  s.extra_rdoc_files = [
data/lib/devise_security_extension/hooks/session_limitable.rb CHANGED
@@ -10,19 +10,17 @@ Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
10
10
  end
11
11
  end
12
12
 
13
- # Each time a record is fetched from session we check if a new session from another
14
- # browser was opened for the record or not, based on a unique session identifier.
13
+ # Each time a record is fetched from session we check if a new session from another
14
+ # browser was opened for the record or not, based on a unique session identifier.
15
15
  # If so, the old account is logged out and redirected to the sign in page on the next request.
16
16
  Warden::Manager.after_set_user :only => :fetch do |record, warden, options|
17
17
  scope = options[:scope]
18
+ env = warden.request.env
18
19
 
19
- if warden.authenticated?(scope)
20
- unless record.unique_session_id == warden.session(scope)['unique_session_id']
21
- path_checker = Devise::PathChecker.new(warden.env, scope)
22
- unless path_checker.signing_out?
23
- warden.logout(scope)
24
- throw :warden, :scope => scope, :message => :session_limited
25
- end
20
+ if warden.authenticated?(scope) && options[:store] != false
21
+ if record.unique_session_id != warden.session(scope)['unique_session_id'] && !env['devise.skip_session_limitable']
22
+ warden.logout(scope)
23
+ throw :warden, :scope => scope, :message => :session_limited
26
24
  end
27
25
  end
28
26
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_security_extension
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.1
4
+ version: 0.7.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-11-21 00:00:00.000000000 Z
13
+ date: 2012-11-22 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
@@ -173,7 +173,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
173
173
  version: '0'
174
174
  segments:
175
175
  - 0
176
- hash: -3892103877583342336
176
+ hash: 2180026344185734924
177
177
  required_rubygems_version: !ruby/object:Gem::Requirement
178
178
  none: false
179
179
  requirements: