frikandel 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c72cb658721f8dedcdc8981612407748dcd1c3bb
-  data.tar.gz: ce5f11294df1af510cf1c8d95b948217e81b98a7
+  metadata.gz: 0eb78e7fc8890e920f675060d65d1305ab310caa
+  data.tar.gz: dfe7532de11f1b0e4deacd6b5d9476256a6cfb22
 SHA512:
-  metadata.gz: 69bd74f1fdce25360acd89e299cbe245c85a2689d42852023a2bbd5da6bdad711feffe21364b0a53e0498263aa347ef34be7e106cd22152382b4762e57f7383a
-  data.tar.gz: 89c73e22308498ead5d605ad9dd6382b8ef0b463030f7a2a00a600c4debc1908f11d6f12830237b5507bc42b6d7560b2d22d0051a50c6a6055e1546c813ae419
+  metadata.gz: c9f94142388dd71adff1c529b0b43c6216f4f4819afca102cedbc523693ddd253b54dad9642c44229ea25ba730b44c08b1769a560eefdd6ae08aa5cd81c8f54c
+  data.tar.gz: 5723a7adfe0d66d77e4a9a37749f337536a21a8c5bb24109c51b4bb1089ff6e58766b8c51d8f9f07586a8caf88a5c37106c6ba6210ebfc40c6cd7dda34b8d98e

data/.gitignore

@@ -4,7 +4,7 @@
 .config
 .ruby-*
 .yardoc
-Gemfile.lock
+Gemfile*.lock
 InstalledFiles
 _yardoc
 coverage

data/.travis.yml

@@ -1,7 +1,16 @@
 language: ruby
 rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
+  - "1.9.3"
+  - "2.0.0"
+  - "2.1.1"
+  - ruby-head
   - jruby-19mode
-
+gemfile:
+  - Gemfile.rails-3.2.x
+  - Gemfile.rails-4.0.x
+  - Gemfile.rails-4.1.x
+  - Gemfile.rails-head
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - gemfile: Gemfile.rails-head

data/Gemfile.rails-3.2.x

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', '~> 3.2.0'

data/Gemfile.rails-4.0.x

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', '~> 4.0.0'

data/Gemfile.rails-4.1.x

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', '~> 4.1.0'

data/Gemfile.rails-head

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', 'github' => 'rails/rails'

data/Guardfile

@@ -3,8 +3,7 @@
 
 guard :rspec do
   watch(%r{^spec/.+_spec\.rb$})
-  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
-  watch('spec/spec_helper.rb')  { "spec" }
-
+  watch(%r{^lib/(.+)\.rb$})          { |m| ["spec/lib/#{m[1]}_spec.rb", "spec/controllers"] }
+  watch(%r{^spec/support/(.+)\.rb$}) { "spec" }
+  watch('spec/spec_helper.rb')       { "spec" }
 end
-

data/README.md

@@ -1,6 +1,7 @@
 # Frikandel
 [![Gem Version](https://badge.fury.io/rb/frikandel.png)](http://badge.fury.io/rb/frikandel) 
 [![Build Status](https://api.travis-ci.org/taktsoft/frikandel.png)](https://travis-ci.org/taktsoft/frikandel)
+[![Code Climate](https://codeclimate.com/github/taktsoft/frikandel.png)](https://codeclimate.com/github/taktsoft/frikandel)
 
 This gem aims to improve the security of your rails application. It allows you to add a TTL (Time To Live) to the session cookie and allows you to bind the session to an IP address.
 
@@ -71,7 +72,7 @@ The default values are `24.hours` for `max_ttl` and `2.hours` for `ttl`. If you
 
 ### Customize on_invalid_session behavior
 
-You can also overwrite what should happen when a cookie times out on the controller-level. The default behaviour is to do a `reset_session` and `redirect_to root_path`. For example, if you want to overwrite the default behavior when a user is on the `PublicController`, you want to overwrite the `on_expired_session`-method in your controller:
+You can also overwrite what should happen when a cookie times out on the controller-level. The default behaviour is to do a `reset_session` and `redirect_to root_path`. For example, if you want to overwrite the default behavior when a user is on the `PublicController`, you want to overwrite the `on_invalid_session`-method in your controller:
 
 ```ruby
 class PublicController < ApplicationController
@@ -91,7 +92,16 @@ end
 
 ## Changes
 
-2.0.0 Added IP address binding. Renamed callback from 'on_expired_session' to 'on_invalid_session'.
+2.1.0 -- Reset session only once if using the combination of TTL and IP address binding.
+2.0.0 -- Added IP address binding. Renamed callback from 'on_expired_session' to 'on_invalid_session'.
+
+## Test
+
+To run the test suite with different rails version by selecting the corresponding gemfile. You can use this one liners:
+
+    $ BUNDLE_GEMFILE=Gemfile.rails-3.2.x bundle update && bundle exec rake spec
+    $ BUNDLE_GEMFILE=Gemfile.rails-4.0.x bundle update && bundle exec rake spec
+    $ BUNDLE_GEMFILE=Gemfile.rails-4.1.x bundle update && bundle exec rake spec
 
 ## Contributing
 1. Fork it

data/frikandel.gemspec

@@ -27,5 +27,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "guard-rspec"
   spec.add_development_dependency "pry"
 
-  spec.add_dependency "rails", ['>= 3.2.0', '< 5.0']
+  spec.add_dependency "rails", [">= 3.2.0", "< 5.0"]
 end

data/lib/frikandel/bind_session_to_ip_address.rb

@@ -4,16 +4,17 @@ module Frikandel
 
     included do
       append_before_filter :validate_session_ip_address
-      append_after_filter :persist_session_ip_address
     end
 
   private
 
     def validate_session_ip_address
-      if session.key?(:ip_address) && !ip_address_match_with_current?(session[:ip_address])
+      if session.key?(:ip_address) && !ip_address_match_with_current?
         on_invalid_session
       elsif !session.key?(:ip_address)
         reset_session
+      else # session ip address is valid
+        persist_session_ip_address
       end
     end
 
@@ -25,9 +26,13 @@ module Frikandel
       request.remote_ip
     end
 
-    def ip_address_match_with_current?(ip_address)
-      current_ip_address == ip_address
+    def ip_address_match_with_current?
+      session[:ip_address] == current_ip_address
     end
 
+    def reset_session
+      super
+      persist_session_ip_address
+    end
   end
 end

data/lib/frikandel/configuration.rb

@@ -1,7 +1,9 @@
+require 'singleton'
+
 module Frikandel
   class Configuration
-    include Singleton
-    extend SingleForwardable
+    include ::Singleton
+    extend ::SingleForwardable
 
     attr_accessor :ttl, :max_ttl
 

data/lib/frikandel/limit_session_lifetime.rb

@@ -5,22 +5,36 @@ module Frikandel
 
     included do
       append_before_filter :validate_session_timestamp
-      append_after_filter :persist_session_timestamp
     end
 
   private
 
     def validate_session_timestamp
-      if session.key?(:ttl) && session.key?(:max_ttl) && (session[:ttl] < Frikandel::Configuration.ttl.ago || session[:max_ttl] < Time.now)
+      if session.key?(:ttl) && session.key?(:max_ttl) && (reached_ttl? || reached_max_ttl?)
         on_invalid_session
-      elsif !session.key?(:ttl) && !session.key?(:max_ttl)
+      elsif !session.key?(:ttl) || !session.key?(:max_ttl)
         reset_session
+      else # session timestamp is valid
+        persist_session_timestamp
       end
     end
 
+    def reached_ttl?
+      session[:ttl] < Frikandel::Configuration.ttl.ago
+    end
+
+    def reached_max_ttl?
+      session[:max_ttl] < Time.now
+    end
+
     def persist_session_timestamp
       session[:ttl] = Time.now
-      session[:max_ttl] ||= Frikandel::Configuration.max_ttl.from_now
+      session[:max_ttl] ||= Frikandel::Configuration.max_ttl.since
+    end
+
+    def reset_session
+      super
+      persist_session_timestamp
     end
   end
 end

data/lib/frikandel/version.rb

@@ -1,3 +1,3 @@
 module Frikandel
-  VERSION = "2.0.0"
+  VERSION = "2.1.0"
 end

data/spec/controllers/bind_session_to_ip_address_controller_spec.rb

@@ -1,41 +1,154 @@
 require "spec_helper"
 require "support/application_controller"
 
+
 class BindSessionToIpAddressController < ApplicationController
   include Frikandel::BindSessionToIpAddress
 
+  before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
+
   def home
     render text: "bind test"
   end
-end
 
-describe BindSessionToIpAddressController do
-  it "writes current ip address to session" do
-    expect(session[:ip_address]).to be_nil
-    get :home
-    expect(session[:ip_address]).to eql("0.0.0.0")
+  def redirect_home
   end
 
-  it "raises an exception if session address and current ip address don't match" do
-    session[:ip_address] = "1.2.3.4"
-    controller.should_receive(:on_invalid_session)
+protected
 
-    get :home
+  def flash_alert_and_redirect_home
+    flash[:alert] = "alert test"
+    redirect_to bind_session_to_ip_address_home_url
   end
+end
+
 
+describe BindSessionToIpAddressController do
+  context "requests" do
+    it "writes current ip address to session" do
+      expect(session[:ip_address]).to be_nil
 
-  context "ip address isn't present in session" do
-    it "resets the session" do
-      session[:user_id] = 4337
       get :home
 
-      session[:user_id].should be_blank
+      expect(session[:ip_address]).to eql("0.0.0.0")
     end
 
-    it "allows the request to be rendered as normal" do
+    it "writes current ip address to session even on redirect in another before filter" do
+      expect(session[:ip_address]).to be_nil
+
+      simulate_redirect!(:redirect_home, :home)
+
+      expect(session[:ip_address]).to eql("0.0.0.0")
+
+      flash.should_not be_empty
+      flash[:alert].should eql("alert test")
+    end
+
+    it "raises an exception if session address and current ip address don't match" do
+      session[:ip_address] = "1.2.3.4"
+      controller.should_receive(:on_invalid_session)
+
       get :home
+    end
+
+
+    context "ip address isn't present in session" do
+      it "resets the session and persists the ip address" do
+        session[:user_id] = 4337
+        session.delete(:ip_address)
+        session[:ttl] = "SomeTTL"
+        session[:max_ttl] = "SomeMaxTTL"
+
+        controller.should_receive(:reset_session).and_call_original
+        controller.should_receive(:persist_session_ip_address).and_call_original
+        get :home
+
+        session[:user_id].should be_blank
+        session[:ip_address].should be_present
+        session[:ip_address].should eql("0.0.0.0")
+        session[:ttl].should be_blank
+        session[:max_ttl].should be_blank
+      end
+
+      it "allows the request to be rendered as normal" do
+        get :home
+
+        response.body.should eql("bind test")
+      end
+    end
+  end
+
+
+  context ".validate_session_ip_address" do
+    it "calls on_invalid_session if ip address doesn't match with current" do
+      session[:ip_address] = "1.3.3.7"
+
+      controller.should_receive(:ip_address_match_with_current?).and_return(false)
+      controller.should_receive(:on_invalid_session)
+
+      controller.send(:validate_session_ip_address)
+    end
+
+    it "calls reset_session if ip address isn't persisted in session" do
+      session.delete(:ip_address)
+
+      controller.should_not_receive(:ip_address_match_with_current?)
+      controller.should_receive(:reset_session)
+
+      controller.send(:validate_session_ip_address)
+    end
+
+    it "calls persist_session_ip_address if validation passes" do
+      session[:ip_address] = "1.3.3.7"
+
+      controller.should_receive(:ip_address_match_with_current?).and_return(true)
+      controller.should_receive(:persist_session_ip_address)
+
+      controller.send(:validate_session_ip_address)
+    end
+  end
+
+
+  context ".persist_session_ip_address" do
+    it "sets the current ip address in session on key ip_address" do
+      expect {
+        controller.should_receive(:current_ip_address).and_return("1.3.3.7")
+        controller.send(:persist_session_ip_address)
+      }.to change {
+        session[:ip_address]
+      }.from(nil).to("1.3.3.7")
+    end
+  end
+
+
+  context ".current_ip_address" do
+    it "returns the remote_ip from request" do
+      request.should_receive(:remote_ip).and_return(:request_remote_ip)
+
+      controller.send(:current_ip_address).should eql(:request_remote_ip)
+    end
+  end
+
+
+  context ".ip_address_match_with_current?" do
+    it "compares ip address from session with the current ip address" do
+      controller.stub(:current_ip_address).and_return("1.3.3.7")
+
+      session[:ip_address] = "1.3.3.7"
+
+      controller.send(:ip_address_match_with_current?).should be_true
+
+      session[:ip_address] = "7.3.3.1"
+
+      controller.send(:ip_address_match_with_current?).should be_false
+    end
+  end
+
 
-      response.body.should eql("bind test")
+  context ".reset_session" do
+    it "calls persist_session_ip_address" do
+      controller.should_receive(:persist_session_ip_address).and_call_original
+      controller.send(:reset_session)
     end
   end
 end

data/spec/controllers/combined_controller_spec.rb

@@ -1,24 +1,40 @@
 require "spec_helper"
 require "support/application_controller"
 
+
 class CombinedController < ApplicationController
   include Frikandel::LimitSessionLifetime
   include Frikandel::BindSessionToIpAddress
 
+  before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
+
   def home
     render text: "combined test"
   end
+
+  def redirect_home
+  end
+
+protected
+
+  def flash_alert_and_redirect_home
+    flash[:alert] = "alert test"
+    redirect_to combined_home_url
+  end
 end
 
+
 describe CombinedController do
   context "ttl nor ip isn't present in session" do
-    it "resets the session" do
+    it "resets the session and persists ip address, ttl & max_ttl" do
       session[:user_id] = 4337
+
       get :home
 
       session[:user_id].should be_blank
-      session[:ttl].should be_present
       session[:ip_address].should be_present
+      session[:ttl].should be_present
+      session[:max_ttl].should be_present
     end
 
     it "allows the request to be rendered as normal" do
@@ -26,31 +42,68 @@ describe CombinedController do
 
       response.body.should eql("combined test")
     end
+
+    it "persists ttl, max_ttl and ip even on redirect in another before filter" do
+      session[:ip_address].should be_nil
+      session[:ttl].should be_nil
+      session[:max_ttl].should be_nil
+
+      simulate_redirect!(:redirect_home, :home)
+
+      session[:ip_address].should be_present
+      session[:ttl].should be_present
+      session[:max_ttl].should be_present
+
+      flash.should_not be_empty
+      flash[:alert].should eql("alert test")
+    end
   end
 
+
   context "ttl or ip isn't present in session" do
-    it "resets the session if ip address is missing" do
+    it "resets the session and persists ip address, ttl & max_ttl if ip address is missing" do
       session[:user_id] = 4337
-      session[:ttl] = "Something"
+      session[:ttl] = last_ttl = Time.now
+      session[:max_ttl] = last_max_ttl = Frikandel::Configuration.max_ttl.from_now
+
       get :home
 
       session[:user_id].should be_blank
-
-      session[:ttl].should be_present
-      session[:ttl].should_not eql("Something")
       session[:ip_address].should be_present
+      session[:ttl].should be_present
+      session[:ttl].should_not eql(last_ttl)
+      session[:max_ttl].should be_present
+      session[:max_ttl].should_not eql(last_max_ttl)
     end
 
-    it "resets the session if ttl is missing" do
+    it "resets the session and persists ip address, ttl & max_ttl if ttl is missing" do
       session[:user_id] = 4337
-      session[:ip_address] = "Something"
+      session[:ip_address] = "0.0.0.0"
+      session[:max_ttl] = last_max_ttl = Frikandel::Configuration.max_ttl.from_now
+
       get :home
 
       session[:user_id].should be_blank
-
+      session[:ip_address].should be_present
+      session[:ip_address].should eql("0.0.0.0")
       session[:ttl].should be_present
+      session[:max_ttl].should be_present
+      session[:max_ttl].should_not eql(last_max_ttl)
+    end
+
+    it "resets the session and persists ip address, ttl & max_ttl if max_ttl is missing" do
+      session[:user_id] = 4337
+      session[:ip_address] = "0.0.0.0"
+      session[:ttl] = last_ttl = Time.now
+
+      get :home
+
+      session[:user_id].should be_blank
       session[:ip_address].should be_present
       session[:ip_address].should eql("0.0.0.0")
+      session[:ttl].should be_present
+      session[:ttl].should_not eql(last_ttl)
+      session[:max_ttl].should be_present
     end
   end
 end

data/spec/controllers/limit_session_lifetime_controller_spec.rb

@@ -1,68 +1,372 @@
 require "spec_helper"
 require "support/application_controller"
 
+
 class LimitSessionLifetimeController < ApplicationController
   include Frikandel::LimitSessionLifetime
 
+  before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
+
   def home
     render text: "ttl test"
   end
+
+  def redirect_home
+  end
+
+protected
+
+  def flash_alert_and_redirect_home
+    flash[:alert] = "alert test"
+
+    redirect_to limit_session_lifetime_home_url
+  end
 end
 
+
 describe LimitSessionLifetimeController do
-  it "holds the session for at least .1 seconds" do
-    get :home
-    session[:user_id] = 1337
-    sleep 0.1
-    get :home
-
-    session[:user_id].should be_present
-    session[:user_id].should eq 1337
+  context "requests" do
+    it "writes ttl and max_ttl to session" do
+      expect(session[:ttl]).to be_nil
+      expect(session[:max_ttl]).to be_nil
+
+      get :home
+
+      expect(session[:ttl]).to be_a(Time)
+      expect(session[:max_ttl]).to be_a(Time)
+    end
+
+    it "writes ttl and max_ttl to session even on redirect in another before filter" do
+      expect(session[:ttl]).to be_nil
+      expect(session[:max_ttl]).to be_nil
+
+      simulate_redirect!(:redirect_home, :home)
+
+      expect(session[:ttl]).to be_a(Time)
+      expect(session[:max_ttl]).to be_a(Time)
+
+      flash.should_not be_empty
+      flash[:alert].should eql("alert test")
+    end
+
+    it "holds the session for at least .1 seconds" do
+      get :home
+
+      session[:user_id] = 1337
+      sleep 0.1
+
+      get :home
+
+      session[:user_id].should be_present
+      session[:user_id].should eq 1337
+    end
+
+    it "destroys the session after SESSION_TTL" do
+      get :home
+
+      session[:user_id] = 2337
+      session[:ttl] = (Frikandel::Configuration.ttl + 1.minute).seconds.ago
+
+      get :home
+
+      session[:user_id].should be_blank
+    end
+
+    it "destroys the session after SESSION_MAX_TTL" do
+      get :home
+
+      session[:user_id] = 3337
+      request.session[:max_ttl] = 1.minute.ago
+
+      get :home
+
+      session[:user_id].should be_blank
+    end
+
+    it "is configurable" do
+      Frikandel::Configuration.ttl = 1.minute
+      get :home
+
+      session[:ttl] = 30.minutes.ago
+      session[:user_id] = 5337
+
+      get :home
+
+      session[:user_id].should be_blank
+    end
+
+
+    context "ttl isn't present in session" do
+      it "resets the session and persists ttl & max_ttl" do
+        session[:user_id] = 4337
+        session[:ip_address] = "SomeIP"
+        session.delete(:ttl)
+        session[:max_ttl] = "SomeMaxTTL"
+
+        controller.should_receive(:reset_session).and_call_original
+        controller.should_receive(:persist_session_timestamp).and_call_original
+        get :home
+
+        session[:user_id].should be_blank
+        session[:ip_address].should be_blank
+        session[:ttl].should be_present
+        session[:ttl].should be_a(Time)
+        session[:max_ttl].should be_present
+        session[:max_ttl].should_not eql("SomeMaxTTL")
+        session[:max_ttl].should be_a(Time)
+      end
+
+      it "allows the request to be rendered as normal" do
+        session.delete(:ttl)
+        session[:max_ttl] = "SomeMaxTTL"
+
+        get :home
+
+        response.body.should eql("ttl test")
+      end
+    end
+
+
+    context "max_ttl isn't present in session" do
+      it "resets the session and persists ttl & max_ttl" do
+        session[:user_id] = 4337
+        session[:ip_address] = "SomeIP"
+        session[:ttl] = "SomeTTL"
+        session.delete(:max_ttl)
+
+        controller.should_receive(:reset_session).and_call_original
+        controller.should_receive(:persist_session_timestamp).and_call_original
+        get :home
+
+        session[:user_id].should be_blank
+        session[:ip_address].should be_blank
+        session[:ttl].should be_present
+        session[:ttl].should_not eql("SomeTTL")
+        session[:ttl].should be_a(Time)
+        session[:max_ttl].should be_present
+        session[:max_ttl].should be_a(Time)
+      end
+
+      it "allows the request to be rendered as normal" do
+        session[:ttl] = "SomeTTL"
+        session.delete(:max_ttl)
+
+        get :home
+
+        response.body.should eql("ttl test")
+      end
+    end
+
+
+    context "ttl and max_ttl isn't present in session" do
+      it "resets the session and persists ttl & max_ttl" do
+        session[:user_id] = 4337
+        session[:ip_address] = "SomeIP"
+        session.delete(:ttl)
+        session.delete(:max_ttl)
+
+        controller.should_receive(:reset_session).and_call_original
+        controller.should_receive(:persist_session_timestamp).and_call_original
+        get :home
+
+        session[:user_id].should be_blank
+        session[:ip_address].should be_blank
+        session[:ttl].should be_present
+        session[:ttl].should be_a(Time)
+        session[:max_ttl].should be_present
+        session[:max_ttl].should be_a(Time)
+      end
+
+      it "allows the request to be rendered as normal" do
+        session.delete(:ttl)
+        session.delete(:max_ttl)
+
+        get :home
+
+        response.body.should eql("ttl test")
+      end
+    end
   end
 
-  it "destroys the session after SESSION_TTL" do
-    get :home
-    session[:user_id] = 2337
-    request.session[:ttl] = (Frikandel::Configuration.ttl + 1.minute).seconds.ago
-    get :home
 
-    session[:user_id].should be_blank
+  context ".validate_session_timestamp" do
+    it "calls on_invalid_session if ttl is reached" do
+      session[:ttl] = "SomeTTL"
+      session[:max_ttl] = "SomeMaxTTL"
+
+      controller.should_receive(:reached_ttl?).and_return(true)
+      controller.stub(:reached_max_ttl?).and_return(false)
+
+      controller.should_receive(:on_invalid_session)
+
+      controller.send(:validate_session_timestamp)
+    end
+
+    it "calls on_invalid_session if max_ttl is reached" do
+      session[:ttl] = "SomeTTL"
+      session[:max_ttl] = "SomeMaxTTL"
+
+      controller.stub(:reached_ttl?).and_return(false)
+      controller.should_receive(:reached_max_ttl?).and_return(true)
+
+      controller.should_receive(:on_invalid_session)
+
+      controller.send(:validate_session_timestamp)
+    end
+
+    it "calls on_invalid_session if ttl and max_ttl are reached" do
+      session[:ttl] = "SomeTTL"
+      session[:max_ttl] = "SomeMaxTTL"
+
+      controller.stub(:reached_ttl?).and_return(true)
+      controller.stub(:reached_max_ttl?).and_return(true)
+
+      controller.should_receive(:on_invalid_session)
+
+      controller.send(:validate_session_timestamp)
+    end
+
+    it "calls reset_session if ttl isn't persisted in session" do
+      session.delete(:ttl)
+      session[:max_ttl] = "SomeMaxTTL"
+
+      controller.should_receive(:reset_session)
+
+      controller.send(:validate_session_timestamp)
+    end
+
+    it "calls reset_session if max_ttl isn't persisted in session" do
+      session[:ttl] = "SomeTTL"
+      session.delete(:max_ttl)
+
+      controller.should_receive(:persist_session_timestamp)
+
+      controller.send(:validate_session_timestamp)
+    end
+
+    it "calls reset_session if ttl and max_ttl aren't persisted in session" do
+      session.delete(:ttl)
+      session.delete(:max_ttl)
+
+      controller.should_receive(:persist_session_timestamp)
+
+      controller.send(:validate_session_timestamp)
+    end
+
+    it "calls persist_session_timestamp if validation passes" do
+      session[:ttl] = "SomeTTL"
+      session[:max_ttl] = "SomeMaxTTL"
+
+      controller.stub(:reached_ttl?).and_return(false)
+      controller.stub(:reached_max_ttl?).and_return(false)
+
+      controller.should_receive(:persist_session_timestamp)
+
+      controller.send(:validate_session_timestamp)
+    end
   end
 
-  it "destroys the session after SESSION_MAX_TTL" do
-    get :home
-    session[:user_id] = 3337
 
-    request.session[:max_ttl] = 1.minute.ago
-    get :home
+  context ".reached_ttl?" do
+    it "returns true if persisted ttl is less than configured ttl seconds ago" do
+      current_time = Time.now
+      Time.stub(:now).and_return(current_time)
+
+      session[:ttl] = current_time.ago(Frikandel::Configuration.ttl + 1)
+
+      controller.send(:reached_ttl?).should be_true
+    end
+
+    it "returns false if persisted ttl is equal to configured ttl seconds ago" do
+      current_time = Time.now
+      Time.stub(:now).and_return(current_time)
+
+      session[:ttl] = current_time.ago(Frikandel::Configuration.ttl)
+
+      controller.send(:reached_ttl?).should be_false
+    end
 
-    session[:user_id].should be_blank
+    it "returns false if persisted ttl is greater than configured ttl seconds ago" do
+      current_time = Time.now
+      Time.stub(:now).and_return(current_time)
+
+      session[:ttl] = current_time.ago(Frikandel::Configuration.ttl - 1)
+
+      controller.send(:reached_ttl?).should be_false
+    end
   end
-  it "is configurable" do
-    old_value = Frikandel::Configuration.ttl
-    Frikandel::Configuration.ttl = 1.minute
-    get :home
-    session[:ttl] = 30.minutes.ago
-    session[:user_id] = 5337
 
-    get :home
-    session[:user_id].should be_blank
 
-    Frikandel::Configuration.ttl = old_value
+  context ".reached_max_ttl?" do
+    it "returns true if persisted max_ttl is less than current time" do
+      current_time = Time.now
+      Time.stub(:now).and_return(current_time)
+
+      session[:max_ttl] = current_time.ago(1)
+
+      controller.send(:reached_max_ttl?).should be_true
+    end
+
+    it "returns false if persisted max_ttl is equal to current time" do
+      current_time = Time.now
+      Time.stub(:now).and_return(current_time)
+
+      session[:max_ttl] = current_time
+
+      controller.send(:reached_max_ttl?).should be_false
+    end
+
+    it "returns false if persisted max_ttl is greater than current time" do
+      current_time = Time.now
+      Time.stub(:now).and_return(current_time)
+
+      session[:max_ttl] = current_time.since(1)
+
+      controller.send(:reached_max_ttl?).should be_false
+    end
   end
 
-  context "ttl isn't present in session" do
-    it "resets the session" do
-      session[:user_id] = 4337
-      get :home
 
-      session[:user_id].should be_blank
+  context ".persist_session_timestamp" do
+    it "sets ttl to current time" do
+      current_time = Time.now
+      Time.stub(:now).and_return(current_time)
+
+      expect {
+        controller.send(:persist_session_timestamp)
+      }.to change {
+        session[:ttl]
+      }.from(nil).to(current_time)
     end
 
-    it "allows the request to be rendered as normal" do
-      get :home
+    it "sets max_ttl to configured max_ttl seconds in future if it's blank" do
+      current_time = Time.now
+      max_ttl_time = current_time.since(Frikandel::Configuration.max_ttl)
+      Time.stub(:now).and_return(current_time)
+
+      expect {
+        controller.send(:persist_session_timestamp)
+      }.to change {
+        session[:max_ttl]
+      }.from(nil).to(max_ttl_time)
+    end
+
+    it "doesn't set max_ttl if it's present" do
+      session[:max_ttl] = "SomeMaxTTL"
+
+      expect {
+        controller.send(:persist_session_timestamp) # second call, shouldn't change max_ttl
+        }.to_not change {
+          session[:max_ttl]
+        }.from("SomeMaxTTL")
+    end
+  end
+
 
-      response.body.should eql("ttl test")
+  context ".reset_session" do
+    it "calls persist_session_timestamp" do
+      controller.should_receive(:persist_session_timestamp).and_call_original
+      controller.send(:reset_session)
     end
   end
 end

data/spec/dummy/config/database.yml

@@ -5,21 +5,21 @@
 #   gem 'sqlite3'
 development:
   adapter: sqlite3
-  database: db/development.sqlite3
+  database: ":memory:"
   pool: 5
-  timeout: 5000
+  timeout: 500
 
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".
 # Do not set this db to the same as development or production.
 test:
   adapter: sqlite3
-  database: db/test.sqlite3
+  database: ":memory:"
   pool: 5
-  timeout: 5000
+  timeout: 500
 
 production:
   adapter: sqlite3
-  database: db/production.sqlite3
+  database: ":memory:"
   pool: 5
-  timeout: 5000
+  timeout: 500

data/spec/spec_helper.rb

@@ -19,3 +19,20 @@ RSpec.configure do |config|
     Frikandel::Configuration.defaults!
   end
 end
+
+
+# some helper methods
+
+def simulate_redirect!(from_action, to_action)
+  get from_action.intern
+  from_flash = request.flash # HACK for RAILS_VERSION=3.2.0
+
+  controller.instance_variable_set(:@_frikandel_did_reset_session, nil) # reset state for redirect request
+
+  get to_action.intern
+  request.flash.update(from_flash.to_hash) # HACK for RAILS_VERSION=3.2.0
+end
+
+def flash
+  request.flash
+end

data/spec/support/application_controller.rb

@@ -1,12 +1,15 @@
-
 Rails.application.routes.draw do
   root to: "application#home"
-  get "/limit_session_lifetime_home" => "limit_session_lifetime#home"
-  get "/customized_controller_home" => "customized_on_invalid_session#home", as: :customized_controller_home
-  get "/bind_session_to_ip_address_home" => "bind_session_to_ip_address#home"
-  get "/combined_controller_home" => "combined#home"
+  get "/limit_session_lifetime_home" => "limit_session_lifetime#home", :as => :limit_session_lifetime_home
+  get "/limit_session_lifetime_redirect_home" => "limit_session_lifetime#redirect_home"
+  get "/bind_session_to_ip_address_home" => "bind_session_to_ip_address#home", :as => :bind_session_to_ip_address_home
+  get "/bind_session_to_ip_address_redirect_home" => "bind_session_to_ip_address#redirect_home"
+  get "/combined_controller_home" => "combined#home", :as => :combined_home
+  get "/combined_controller_redirect_home" => "combined#redirect_home"
+  get "/customized_controller_home" => "customized_on_invalid_session#home", :as => :customized_controller_home
 end
 
+
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: frikandel
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Taktsoft
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-24 00:00:00.000000000 Z
+date: 2014-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -125,6 +125,10 @@ files:
 - ".rspec"
 - ".travis.yml"
 - Gemfile
+- Gemfile.rails-3.2.x
+- Gemfile.rails-4.0.x
+- Gemfile.rails-4.1.x
+- Gemfile.rails-head
 - Guardfile
 - LICENSE.txt
 - README.md
@@ -172,7 +176,6 @@ files:
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
-- spec/dummy/db/test.sqlite3
 - spec/dummy/lib/assets/.keep
 - spec/dummy/log/test.log
 - spec/dummy/public/404.html
@@ -215,7 +218,6 @@ test_files:
 - spec/controllers/customized_on_invalid_session_controller_spec.rb
 - spec/support/application_controller.rb
 - spec/dummy/README.rdoc
-- spec/dummy/db/test.sqlite3
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/dummy/public/422.html