devise_session_limit 0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 93afd6a31d5d33d4a2936096580ee0fb9906d938
+  data.tar.gz: 7323e3d825bce6c828d1cf60fd0281bdb3f8fdfc
+SHA512:
+  metadata.gz: fa71d82c30a187b6dc20210066b58071f86b452cfb8471ccb7ff0c5d5bfd52166a96806e7f2ee977273d87017b508015d5935522cefdd2be86d005e96a778c6b
+  data.tar.gz: afbf011dbd3151920faac2342586cce406686b213b397f643ad346771dcacdbf58693a014c271e93d5f1d3c4da865515c89c802ce800e927a7298ad93499f2b0

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_session_limit.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Adrien Jarthon
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,55 @@
+# DeviseSessionLimit
+
+Devise plugin preventing a user from having multiple open sessions
+
+Using code from [https://github.com/phatworx/devise_security_extension](devise_security_extension)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'devise_session_limit'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install devise_session_limit
+
+## Usage
+
+In your `User` model:
+
+    class User
+
+      # Additional field
+      field :unique_session_id, :type => String
+
+      # Additional devise module
+      devise ..., :session_limit
+
+    end
+
+Add some translation key for the error message:
+
+    en:
+      devise:
+        failure:
+          session_limited: "You are already signed in from another place"
+
+## Customize
+
+You can customize the behaviour from the `User` model by overriding or chaining this two methods:
+
+      # Called at each sign in
+      def update_unique_session_id!(unique_session_id)
+        self.unique_session_id = unique_session_id
+        save(:validate => false)
+      end
+
+      # Called at each request, you can override to implement your own behaviour
+      def check_unique_session_id session_id
+        self.unique_session_id == session_id
+      end

data/Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

data/devise_session_limit.gemspec

@@ -0,0 +1,17 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/devise_session_limit/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Adrien Jarthon"]
+  gem.email         = ["adrien.jarthon@dimelo.com"]
+  gem.description   = %q{Devise plugin preventing a user from having multiple open sessions}
+  gem.summary       = %q{Devise plugin preventing a user from having multiple open sessions}
+  gem.homepage      = "https://github.com/dimelo/devise_session_limit"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "devise_session_limit"
+  gem.require_paths = ["lib"]
+  gem.version       = DeviseSessionLimit::VERSION
+end

data/lib/devise_session_limit.rb

@@ -0,0 +1 @@
+Devise.add_module :session_limit, :model => 'devise_session_limit/models/session_limit'

data/lib/devise_session_limit/hooks/session_limit.rb

@@ -0,0 +1,30 @@
+require 'devise_session_limit/path_checker' if not defined? Devise::PathChecker
+
+# After each sign in, update unique_session_id.
+# This is only triggered when the user is explicitly set (with set_user)
+# and on authentication. Retrieving the user from session (:fetch) does
+# not trigger it.
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  if record.respond_to?(:update_unique_session_id!) and warden.authenticated?(options[:scope])
+    unique_session_id = Devise.friendly_token
+    warden.session(options[:scope])['unique_session_id'] = unique_session_id
+    record.update_unique_session_id!(unique_session_id)
+  end
+end
+
+# Each time a record is fetched from session we check if a new session from another
+# browser was opened for the record or not, based on a unique session identifier.
+# If so, the old account is logged out and redirected to the sign in page on the next request.
+Warden::Manager.after_set_user :only => :fetch do |record, warden, options|
+  scope = options[:scope]
+
+  if record.respond_to?(:check_unique_session_id) and warden.authenticated?(scope)
+    unless record.check_unique_session_id(warden.session(scope)['unique_session_id'])
+      path_checker = Devise::PathChecker.new(warden.env, scope)
+      unless path_checker.signing_out?
+        warden.logout(scope)
+        throw :warden, :scope => scope, :message => :session_limited
+      end
+    end
+  end
+end

data/lib/devise_session_limit/models/session_limit.rb

@@ -0,0 +1,26 @@
+require 'devise_session_limit/hooks/session_limit'
+
+module Devise
+  module Models
+    # Ensures that there is only one session usable per account at once.
+    # If someone logs in, and some other is logging in with the same credentials,
+    # the session from the first one is invalidated and not usable anymore.
+    # The first one is redirected to the sign page with a message, telling that
+    # someone used his credentials to sign in.
+    module SessionLimit
+      extend ActiveSupport::Concern
+
+      # Called at each sign in
+      def update_unique_session_id!(unique_session_id)
+        self.unique_session_id = unique_session_id
+        save(:validate => false)
+      end
+
+      # Called at each request, you can override to implement your own behaviour
+      def check_unique_session_id session_id
+        self.unique_session_id == session_id
+      end
+
+    end
+  end
+end

data/lib/devise_session_limit/path_checker.rb

@@ -0,0 +1,23 @@
+module Devise
+  class PathChecker
+    include Rails.application.routes.url_helpers
+
+    def self.default_url_options(*args)
+      if defined?(ApplicationController)
+        ApplicationController.default_url_options(*args)
+      else
+        {}
+      end
+    end
+
+    def initialize(env, scope)
+      @current_path = "/#{env["SCRIPT_NAME"]}/#{env["PATH_INFO"]}".squeeze("/")
+      @scope = scope
+    end
+
+    def signing_out?
+      route = "destroy_#{@scope}_session_path"
+      respond_to?(route) && @current_path == send(route)
+    end
+  end
+end

data/lib/devise_session_limit/version.rb

@@ -0,0 +1,3 @@
+module DeviseSessionLimit
+  VERSION = "0.2"
+end

metadata

@@ -0,0 +1,54 @@
+--- !ruby/object:Gem::Specification
+name: devise_session_limit
+version: !ruby/object:Gem::Version
+  version: '0.2'
+platform: ruby
+authors:
+- Adrien Jarthon
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-10-31 00:00:00.000000000 Z
+dependencies: []
+description: Devise plugin preventing a user from having multiple open sessions
+email:
+- adrien.jarthon@dimelo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- devise_session_limit.gemspec
+- lib/devise_session_limit.rb
+- lib/devise_session_limit/hooks/session_limit.rb
+- lib/devise_session_limit/models/session_limit.rb
+- lib/devise_session_limit/path_checker.rb
+- lib/devise_session_limit/version.rb
+homepage: https://github.com/dimelo/devise_session_limit
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.2
+signing_key: 
+specification_version: 4
+summary: Devise plugin preventing a user from having multiple open sessions
+test_files: []