devise_security_extension 0.7.1 → 0.7.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/VERSION +1 -1
  2. data/devise_security_extension.gemspec +2 -2
  3. data/lib/devise_security_extension/hooks/session_limitable.rb +7 -9
  4. metadata +3 -3
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.7.1
1
+ 0.7.2
data/devise_security_extension.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "devise_security_extension"
8
- s.version = "0.7.1"
8
+ s.version = "0.7.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Marco Scholl", "Alexander Dreher"]
12
- s.date = "2012-11-21"
12
+ s.date = "2012-11-22"
13
13
  s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
14
14
  s.email = "team@phatworx.de"
15
15
  s.extra_rdoc_files = [
data/lib/devise_security_extension/hooks/session_limitable.rb CHANGED
@@ -10,19 +10,17 @@ Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
10
10
  end
11
11
  end
12
12
 
13
- # Each time a record is fetched from session we check if a new session from another
14
- # browser was opened for the record or not, based on a unique session identifier.
13
+ # Each time a record is fetched from session we check if a new session from another
14
+ # browser was opened for the record or not, based on a unique session identifier.
15
15
  # If so, the old account is logged out and redirected to the sign in page on the next request.
16
16
  Warden::Manager.after_set_user :only => :fetch do |record, warden, options|
17
17
  scope = options[:scope]
18
+ env = warden.request.env
18
19
 
19
- if warden.authenticated?(scope)
20
- unless record.unique_session_id == warden.session(scope)['unique_session_id']
21
- path_checker = Devise::PathChecker.new(warden.env, scope)
22
- unless path_checker.signing_out?
23
- warden.logout(scope)
24
- throw :warden, :scope => scope, :message => :session_limited
25
- end
20
+ if warden.authenticated?(scope) && options[:store] != false
21
+ if record.unique_session_id != warden.session(scope)['unique_session_id'] && !env['devise.skip_session_limitable']
22
+ warden.logout(scope)
23
+ throw :warden, :scope => scope, :message => :session_limited
26
24
  end
27
25
  end
28
26
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_security_extension
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.1
4
+ version: 0.7.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-11-21 00:00:00.000000000 Z
13
+ date: 2012-11-22 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
@@ -173,7 +173,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
173
173
  version: '0'
174
174
  segments:
175
175
  - 0
176
- hash: -3892103877583342336
176
+ hash: 2180026344185734924
177
177
  required_rubygems_version: !ruby/object:Gem::Requirement
178
178
  none: false
179
179
  requirements: