hubssolib 3.7.1 → 3.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68326a50593cfc8b53f1d5ba20e668a0a18316d8e3c6f9a9b245f213522f46f7
-  data.tar.gz: 9267e261fb2af094e0801cea965007c8ee5760d93886a3525640ecca5603f52a
+  metadata.gz: 32438e5c41d655367f4bb0e8385b9d972645f2649871a09ab7b09dc5d617fe9e
+  data.tar.gz: a999f01f88325690644675acc1b06b33b7b275374e980c6c3f2fa346c3875d93
 SHA512:
-  metadata.gz: 1849bcd713bb28f152fae7ca328f0d5f9cbb3b49aef31485019e930ba083af8f79cc3f804d04cf81628aed1bcfdbf669acada4c9cf97b2d190eefe4bc4cf6e9d
-  data.tar.gz: 22c27953133bda55f46e83636298a7b978480bf2d05160a22caf16cecdf4579d39ddff294185dc8510e415fa94a04bd087a6875a983c6cf3df0238e4eac647ee
+  metadata.gz: 881e57fa9c2e42ed8465b2faabf98cabdacf2dcea5df20d3c617836e50ff74d2255bbe1b8c11ca39b0bb3d57f2927e229ca1a390de11d0fcff9b8e4b32851ae6
+  data.tar.gz: 15aa2e97054fe9a8a86e45d901bdfa36bff0d0a6473ba88d279ec0bf622ce8413e6bc1a7b0427bac1f0e2bc0c2b994d9a3550d48897a8efec7cf2acf0c74abfa

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 3.8.0, 03-Apr-2025
+
+* Adds helper `HubSsoLib::Core#hubssolib_flash_markup` to compliment `HubSsoLib::Core#hubssolib_flash_data` and help make Flash presentation simpler and more consistent across integrated applications.
+* Deprecates core methods `hubssolib_store_location` (which is now a no-op) and `hubssolib_redirect_back_or_default` (which now always redirects to the default location). **These methods will be removed in Hub 4**. Ephemeral return-to location storage has only worked when sessions are _on_, which once upon a time was always - logged in or not - but changed in Hub 3.4.0, to avoid very large numbers of anonymous sessions building up into a very RAM-hungry pools in the DRb server. This has in hindsight amounted to a breaking change, and I should've bumped to Hub 4 per SemVer at that time, but it was overlooked; apologies. At least in general all it really usually means is that, instead of redirecting back to some calling application after login, the user is left in their Hub account view.
+* Hub's UI element added to navigation bars by using `HubSsoLib::Core#hubssolib_account_link` plus permissions and must-log-in checking in the `HubSsoLib::Core#hubssolib_beforehand` before-action callback already dealt with and continue to deal with redirect-to-origin automatically, so often, applications did't need to store a location and then manually redirect to Hub anyway. If you do need this for some reason, though, the new workflow is create a link or redirection to the URL returned by `HubSsoLib::Core#hubssolib_returnable_account_url`. This simply encodes a return-to address in the URL where needed, removing any requirement for cross-application session storage. The method's documentation describes its uses but, for the majority of use cases, you'll probably only want to be presenting a link for the case where a user must log _in_. In that case, call `hubssolib_returnable_account_url(logged_in: false)`.
+
 ## 3.7.0 and 3.7.1, 28-Mar-2025
 
 * Login indicator cookie wasn't updated on session timeout, so when the page loaded for pages that do *not* require authorisation, the warning flash about being timed out would show, but the indicator would still show a "logged in" state until the next page fetch.
@@ -85,7 +91,7 @@ In Hub v1 and v2, login indication was done via an image that was served by the
 
 ```html
 <a class="img" href="<%= ENV['HUB_PATH_PREFIX'] %>/account/login_conditional">
-  <img src="<%= ENV['HUB_PATH_PREFIX'] %>/account/login_indication" alt="Account" height="22" width="90" />
+  <img src="<%= ENV['HUB_PATH_PREFIX'] %>/account/login_indication" alt="Account" height="22" width="90">
 </a>
 ```
 

data/Gemfile.lock

@@ -1,14 +1,91 @@
 PATH
   remote: .
   specs:
-    hubssolib (3.7.1)
+    hubssolib (3.8.0)
       base64 (~> 0.2)
       drb (~> 2.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    actioncable (8.0.2)
+      actionpack (= 8.0.2)
+      activesupport (= 8.0.2)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+      zeitwerk (~> 2.6)
+    actionmailbox (8.0.2)
+      actionpack (= 8.0.2)
+      activejob (= 8.0.2)
+      activerecord (= 8.0.2)
+      activestorage (= 8.0.2)
+      activesupport (= 8.0.2)
+      mail (>= 2.8.0)
+    actionmailer (8.0.2)
+      actionpack (= 8.0.2)
+      actionview (= 8.0.2)
+      activejob (= 8.0.2)
+      activesupport (= 8.0.2)
+      mail (>= 2.8.0)
+      rails-dom-testing (~> 2.2)
+    actionpack (8.0.2)
+      actionview (= 8.0.2)
+      activesupport (= 8.0.2)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+      useragent (~> 0.16)
+    actiontext (8.0.2)
+      actionpack (= 8.0.2)
+      activerecord (= 8.0.2)
+      activestorage (= 8.0.2)
+      activesupport (= 8.0.2)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (8.0.2)
+      activesupport (= 8.0.2)
+      builder (~> 3.1)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (8.0.2)
+      activesupport (= 8.0.2)
+      globalid (>= 0.3.6)
+    activemodel (8.0.2)
+      activesupport (= 8.0.2)
+    activerecord (8.0.2)
+      activemodel (= 8.0.2)
+      activesupport (= 8.0.2)
+      timeout (>= 0.4.0)
+    activestorage (8.0.2)
+      actionpack (= 8.0.2)
+      activejob (= 8.0.2)
+      activerecord (= 8.0.2)
+      activesupport (= 8.0.2)
+      marcel (~> 1.0)
+    activesupport (8.0.2)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
     base64 (0.2.0)
+    benchmark (0.4.0)
+    bigdecimal (3.1.9)
+    builder (3.3.0)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.0)
+    crass (1.0.6)
     date (3.4.1)
     debug (1.10.0)
       irb (~> 1.10)
@@ -18,18 +95,88 @@ GEM
     doggo (1.4.0)
       rspec-core (~> 3.13)
     drb (2.2.1)
+    erubi (1.13.1)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
     io-console (0.8.0)
-    irb (1.15.1)
+    irb (1.15.2)
       pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
+    logger (1.7.0)
+    loofah (2.24.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    mail (2.8.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    marcel (1.0.4)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.8)
+    minitest (5.25.5)
+    net-imap (0.5.6)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.2)
+      timeout
+    net-smtp (0.5.1)
+      net-protocol
+    nio4r (2.7.4)
+    nokogiri (1.18.7)
+      mini_portile2 (~> 2.8.2)
+      racc (~> 1.4)
     pp (0.6.2)
       prettyprint
     prettyprint (0.2.0)
     psych (5.2.3)
       date
       stringio
-    rdoc (6.13.0)
+    racc (1.8.1)
+    rack (3.1.12)
+    rack-session (2.1.0)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    rack-test (2.2.0)
+      rack (>= 1.3)
+    rackup (2.2.1)
+      rack (>= 3)
+    rails (8.0.2)
+      actioncable (= 8.0.2)
+      actionmailbox (= 8.0.2)
+      actionmailer (= 8.0.2)
+      actionpack (= 8.0.2)
+      actiontext (= 8.0.2)
+      actionview (= 8.0.2)
+      activejob (= 8.0.2)
+      activemodel (= 8.0.2)
+      activerecord (= 8.0.2)
+      activestorage (= 8.0.2)
+      activesupport (= 8.0.2)
+      bundler (>= 1.15.0)
+      railties (= 8.0.2)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.2)
+      loofah (~> 2.21)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (8.0.2)
+      actionpack (= 8.0.2)
+      activesupport (= 8.0.2)
+      irb (~> 1.13)
+      rackup (>= 1.0.0)
+      rake (>= 12.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rake (13.2.1)
+    rdoc (6.13.1)
       psych (>= 4.0.0)
     reline (0.6.0)
       io-console (~> 0.5)
@@ -46,6 +193,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
+    securerandom (0.4.1)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -53,6 +201,17 @@ GEM
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
     stringio (3.1.6)
+    thor (1.3.2)
+    timeout (0.4.3)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    uri (1.0.3)
+    useragent (0.16.11)
+    websocket-driver (0.7.7)
+      base64
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.7.2)
 
 PLATFORMS
   ruby
@@ -61,6 +220,7 @@ DEPENDENCIES
   debug (~> 1.1)
   doggo (~> 1.4)
   hubssolib!
+  rails (~> 8.0)
   rspec (~> 3.13)
   rspec-mocks (~> 3.13)
   simplecov (~> 0.22)

data/README.md

@@ -449,4 +449,25 @@ end
 * Your previously submitted action scheme and URL are also given in case you need them because you've decided to implement one callback handler for different kinds of untrusted action.
 * The `action_payload` is where all your important data, meaningful only to you, resides and this must contain everything else, other than the above parameters, required to complete the action previously sent for review, _while making sure things are attributed to the correct user_.
 
+Use `head ...` to indicate non-200 responses. If you don't want the originating user to get notified of a successful run, then on-success, also reply with `head :ok` or `head 200` (according to style preference). If you want to ask Hub to notify the user, then on-success instead do this:
+
+```ruby
+render json: { mail_item_url: ..., mail_subject: ... }, status: :ok
+```
+
+The payload items shown above are both mandatory:
+
+* `mail_item_url` is the full URL of the entity that you just successfully edited, updated, or some other sensible URL to take the user (this will be included verbatim in the e-mail)
+* `mail_subject` is a subject line of your choosing - for example, `"Your new forum post is now visible"`. Hub might add a prefix such as `[ORGNAME] ...`
+
+If either item is missing or blank, or if for any reason Hub finds itself unable to associated the action with a user record on Hub's side, then no e-mail message will be sent.
+
+**IMPORTANT:** The Hub application's database migration at the time you updated to 3.7.0 will have set existing users to trusted for historic data, but new users are untrusted. If you introduce trust integration to your site's other apps after this, you might want to enter the console to update any new users added since likewise; inside `app/hub`, issue:
+
+```
+$ bundle exec rails c
+> User.update_all(trusted: true)
+> exit
+```
+
 The trust mechanism involves a fair amount of effort on the integrating app's side but it can be very useful if you have a site where, despite your best efforts, sometimes spam/bot accounts manage to get inside and try to flood the system with spam. It's just one of many different potential protection and mitigation mechanisms that your site might choose to employ.

data/hubssolib.gemspec

@@ -4,7 +4,7 @@ spec = Gem::Specification.new do |s|
   s.platform = Gem::Platform::RUBY
   s.name     = 'hubssolib'
 
-  s.version  = '3.7.1'
+  s.version  = '3.8.0'
   s.author   = 'Andrew Hodgkinson and others'
   s.email    = 'ahodgkin@rowing.org.uk'
   s.homepage = 'http://pond.org.uk/'
@@ -28,6 +28,7 @@ spec = Gem::Specification.new do |s|
   s.add_dependency 'base64', '~> 0.2'
 
   s.add_development_dependency 'debug',       '~> 1.1'
+  s.add_development_dependency 'rails',       '~> 8.0'
   s.add_development_dependency 'simplecov',   '~> 0.22'
   s.add_development_dependency 'doggo',       '~> 1.4'
   s.add_development_dependency 'rspec',       '~> 3.13'

data/lib/hub_sso_lib.rb

@@ -69,7 +69,7 @@ module HubSsoLib
 
   # Location of Hub application root.
   #
-  HUB_PATH_PREFIX = ENV['HUB_PATH_PREFIX'] || ''
+  HUB_PATH_PREFIX = (ENV['HUB_PATH_PREFIX'] || '').sub(/(\/)+$/, '')
 
   # Time limit, *in seconds*, for the account inactivity timeout. If a user
   # performs no Hub actions during this time they will be automatically logged
@@ -394,24 +394,6 @@ module HubSsoLib
     attr_accessor :user_password_reset_code_expires_at
     attr_accessor :user_trusted
 
-    def initialize
-      @user_salt = nil
-      @user_roles = nil
-      @user_updated_at = nil
-      @user_activated_at = nil
-      @user_real_name = nil
-      @user_crypted_password = nil
-      @user_remember_token_expires_at = nil
-      @user_activation_code = nil
-      @user_member_id = nil
-      @user_id = nil
-      @user_password_reset_code = nil
-      @user_remember_token = nil
-      @user_email = nil
-      @user_created_at = nil
-      @user_password_reset_code_expires_at = nil
-      @user_trusted = nil
-    end
   end # User class
 
   #######################################################################
@@ -437,7 +419,7 @@ module HubSsoLib
     include DRb::DRbUndumped
 
     attr_accessor :session_last_used
-    attr_accessor :session_return_to
+    attr_reader   :session_return_to # DEPRECATED
     attr_accessor :session_flash
     attr_accessor :session_user
     attr_accessor :session_rotated_key
@@ -613,7 +595,9 @@ module HubSsoLib
       keys  = if count > HUB_SESSION_ENUMERATION_KEY_MAX
         nil
       else
-        @hub_sessions.keys # (Hash#keys returns a new array)
+        HUB_MUTEX.synchronize do
+          @hub_sessions.keys # (Hash#keys returns a new array)
+        end
       end
 
       return { count: count, keys: keys }
@@ -628,7 +612,7 @@ module HubSsoLib
     # found for that key.
     #
     def retrieve_session_by_key(key)
-      @hub_sessions[key]
+      HUB_MUTEX.synchronize { @hub_sessions[key] }
     end
 
     # WARNING: Comparatively slow.
@@ -655,6 +639,10 @@ module HubSsoLib
     # session data. Does nothing if the key is not found.
     #
     def destroy_session_by_key(key)
+      unless @hub_be_quiet
+        puts "Session factory: Deleting session with key #{key}"
+      end
+
       HUB_MUTEX.synchronize do
         @hub_sessions.delete(key)
       end
@@ -674,6 +662,10 @@ module HubSsoLib
     # SESSIONS IN THE HASH and must therefore lock on mutex for the duration.
     #
     def destroy_sessions_by_user_id(user_id)
+      unless @hub_be_quiet
+        puts "Session factory: Deleting all session records for user ID #{user_id.inspect}"
+      end
+
       HUB_MUTEX.synchronize do
         @hub_sessions.reject! do | key, session |
           session&.session_user&.user_id == user_id
@@ -685,6 +677,30 @@ module HubSsoLib
       raise
     end
 
+    # WARNING: Comparatively slow.
+    #
+    # Call only if you MUST update details of a session user inside all Hub
+    # sessions. Pass the user ID and HubSsoLib::User details that are to be
+    # stored for all sessions owned by that user ID.
+    #
+    def update_sessions_by_user_id(user_id, user)
+      unless @hub_be_quiet
+        puts "Session factory: Updating all session records for user ID #{user_id.inspect}"
+      end
+
+      HUB_MUTEX.synchronize do
+        @hub_sessions.each do | key, session |
+          if session&.session_user&.user_id == user_id
+            session.session_user = user
+          end
+        end
+      end
+
+    rescue => e
+      Sentry.capture_exception(e) if defined?(Sentry) && Sentry.respond_to?(:capture_exception)
+      raise
+    end
+
     # WARNING: Slow.
     #
     # This is a housekeeping task which checks sessions against Hub expiry and,
@@ -964,34 +980,97 @@ module HubSsoLib
       end
     end
 
-    # Returns markup for a link that leads to Hub's conditional login endpoint,
-    # inline-styled as a red "Log in" or green "Account" button. This can be
-    # used in page templates to avoid needing any additional images or other
-    # such resources and using pure HTML + CSS for the login indication.
+    # Return a URL that leads to a Hub "log in" page if the user is not logged
+    # in currently, else an "account" page for logged-in users.
+    #
+    # +universal+:: Use +true+ if concerned that a "Back" browser button action
+    #               might cause a page to appear that's got a cached link which
+    #               may no longer reflect the current state. This jumps to Hub
+    #               and redirects to the "log in" or "account" destinations
+    #               depending on current state. If using this, bear in mind
+    #               that the link text must be ambiguous, because the eventual
+    #               destination isn't known.
+    #
+    #               It's often better to just use #hubssolib_account_link to
+    #               create markup for this in a navigation area.
+    #
+    #               The default is +false+, which means that a bespoke link
+    #               for the exact current instantaneous log in state is
+    #               generated; the +logged_in+ parameter applies (see below).
+    #
+    # +logged_in+:: If +universal+ is +false+, then this parameter defaults to
+    #               the current user logged-in state, but can be overridden
+    #               with +true+ (act as if someone is logged in) or +false+
+    #               (act as if someone is not logged in).
+    #
+    # +return_to+:: Overrides the use of <tt>request.original_url</tt> to give
+    #               an alternative return-after-logging-in URL. Will be of no
+    #               use for users already logged in. This is rarely used, but
+    #               might be helpful if you (say) want them to return to the
+    #               current page, but with a specific fragment added ("#foo").
+    #               Specify as a String, Symbol or URI, at your preference.
+    #
+    # Note that the universal links, or a not-logged-in state link will include
+    # a query string which takes the value of <tt>request.original_url</tt> or,
+    # if not defined, tries <tt>request.referrer</tt> (else is absent). This is
+    # a URL used for the redirection after successful login. The logged-in
+    # state link does not require this addition so omits it for brevity.
+    #
+    def hubssolib_returnable_account_url(
+      universal: false,
+      logged_in: self.hubssolib_logged_in?,
+      return_to: nil
+    )
+      account_url = if universal
+        "#{HUB_PATH_PREFIX}/account/login_conditional"
+      else
+        "#{HUB_PATH_PREFIX}/#{'account/login' unless logged_in}"
+      end
+
+      # Attach a return-to URL always for the universal case which needs to
+      # work regardless of login state; else we only need it when logged out,
+      # so that we can return to the originating location after logging in.
+      # There's no functional difference - just a simpler URL that omits what
+      # would otherwise be an unused query string parameter.
+      #
+      if universal or not logged_in
+        if return_to.nil?
+          request_obj = self.try(:request)
+          return_to   = request_obj.try(:original_url) || request_obj.try(:referrer)
+        end
+
+        if return_to.present?
+          account_url << "?return_to_url=#{CGI.escape(return_to.to_s)}"
+        end
+      end
+
+      return account_url
+    end
+
+    # Returns markup for a link that leads to Hub's login or logout link, using
+    # pure HTML + CSS for styling. A universal "conditional login" link is used
+    # since page data may be old due to e.g. a "back" button being used, after
+    # the user either logged in or out elsewhere. This possibility is also why
+    # JavaScript is used, updating the button styling the correct login state
+    # if needed. This requires the "pageshow" event to be supported. NOSCRIPT
+    # browsers use the a no-cache image-based fallback, which is much less
+    # efficient, but works.
     #
-    # JavaScript is used so that e.g. "back" button fully-cached displays by a
-    # browser will get updated with the correct login state, where needed (so
-    # long as the 'pageshow' event is supported). NOSCRIPT browsers use the old
-    # no-cache image fallback, which is much less efficient, but works.
+    # Although the JavaScript-powered option could use the non-conditional link
+    # for log in/out and swap those, it's simpler just to use generate the same
+    # link for all states - script-capable or otherwise, logged in or out,
     #
     def hubssolib_account_link
-      logged_in        = self.hubssolib_logged_in?()
-      ui_href          = "#{HUB_PATH_PREFIX}/account/login_conditional"
+      logged_in_url    = self.hubssolib_returnable_account_url(universal: false, logged_in: true)
+      logged_out_url   = self.hubssolib_returnable_account_url(universal: false, logged_in: false)
+      universal_url    = self.hubssolib_returnable_account_url(universal: true)
+
       noscript_img_src = "#{HUB_PATH_PREFIX}/account/login_indication.png"
       noscript_img_tag = helpers.image_tag(noscript_img_src, size: '90x22', border: '0', alt: 'Log in or out')
 
-      if self.respond_to?(:request)
-        return_to_url = self.request.try(:original_url)
-
-        if return_to_url.present?
-          return_query = URI.encode_www_form({ return_to_url: return_to_url.to_s })
-          ui_href << "?#{return_query}"
-        end
-      end
-
-      logged_in_link   = helpers.link_to('Account',        ui_href, id: 'hubssolib_logged_in_link')
-      logged_out_link  = helpers.link_to('Log in',         ui_href, id: 'hubssolib_logged_out_link')
-      noscript_link    = helpers.link_to(noscript_img_tag, ui_href, id: 'hubssolib_login_noscript')
+      logged_in_link   = helpers.link_to('Account',        logged_in_url,  id: 'hubssolib_logged_in_link')
+      logged_out_link  = helpers.link_to('Log in',         logged_out_url, id: 'hubssolib_logged_out_link')
+      noscript_link    = helpers.link_to(noscript_img_tag, universal_url,  id: 'hubssolib_login_noscript')
 
       # Yes, it's ugly, but yes, it works and it's a lot better for the server
       # to avoid the repeated image fetches. It probably works out as overall
@@ -1217,6 +1296,18 @@ module HubSsoLib
       hubssolib_factory().destroy_sessions_by_user_id(hub_user_id) unless hub_user_id.nil?
     end
 
+    # WARNING: Comparatively slow.
+    #
+    # If a Hub user record changes, make sure their session records reflect
+    # the updated demographics according to the HubSsoLib::User provided.
+    #
+    # For information about performance limitations, see
+    # HubSsoLib::SessionFactory#destroy_sessions_by_user_id.
+    #
+    def hubssolib_update_user_sessions(hub_user_id, hub_user)
+      hubssolib_factory().update_sessions_by_user_id(hub_user_id, hub_user) unless hub_user_id.nil?
+    end
+
     # If an application needs to know about changes of a user e-mail address
     # or display name (e.g. because of sync to a local relational store of
     # users related to other application-managed resources, with therefore a
@@ -1327,7 +1418,6 @@ module HubSsoLib
         cookies.delete(HUB_LOGIN_INDICATOR_COOKIE, domain: :all, path: '/')
 
         if login_is_required
-          hubssolib_store_location()
           return hubssolib_must_login()
         else
           return true
@@ -1354,14 +1444,10 @@ module HubSsoLib
         # if OK, else indicate that access is denied.
 
         if (hubssolib_session_expired?)
-          hubssolib_store_location()
           hubssolib_log_out()
           hubssolib_set_flash(:attention, 'Sorry, your session timed out; you need to log in again to continue.')
 
-          # We mean this: redirect_to :controller => 'account', :action => 'login'
-          # ...except for the Hub, rather than the current application (whatever
-          # it may be).
-          redirect_to HUB_PATH_PREFIX + '/account/login'
+          redirect_to hubssolib_returnable_account_url(logged_in: false)
         else
           hubssolib_set_last_used(Time.now.utc)
           return hubssolib_authorized? ? true : hubssolib_access_denied()
@@ -1410,28 +1496,17 @@ module HubSsoLib
       end
     end
 
-    # Store the URI of the current request in the session, or store the
-    # optional supplied specific URI.
-    #
-    # We can return to this location by calling #redirect_back_or_default.
+    # Deprecated. Don't use this. See #hubssolib_returnable_account_url.
     #
     def hubssolib_store_location(uri_str = request.url)
-      if (uri_str && !uri_str.empty?)
-        uri_str = hubssolib_promote_uri_to_ssl(uri_str, request.host) unless request.ssl?
-        hubssolib_set_return_to(uri_str)
-      else
-        hubssolib_set_return_to(nil)
-      end
+      Rails.logger.warn('hubssolib_store_location: DEPRECATED (no-op)') rescue nil
     end
 
-    # Redirect to the URI stored by the most recent store_location call or
-    # to the passed default.
+    # Deprecated. Don't use this. See #hubssolib_returnable_account_url.
     #
     def hubssolib_redirect_back_or_default(default)
-      url = hubssolib_get_return_to()
-      hubssolib_set_return_to(nil)
-
-      redirect_to(url || default)
+      Rails.logger.warn('hubssolib_redirect_back_or_default: DEPRECATED (always redirects to default)') rescue nil
+      redirect_to(default)
     end
 
     # Take a URI and pass an optional host parameter. Decomposes the URI,
@@ -1440,9 +1515,10 @@ module HubSsoLib
     # as a flat string.
     #
     def hubssolib_promote_uri_to_ssl(uri_str, host = nil)
-      uri = URI.parse(uri_str)
-      uri.host = host if host
+      uri        = URI.parse(uri_str)
+      uri.host   = host if host
       uri.scheme = hub_bypass_ssl? ? 'http' : 'https'
+
       return uri.to_s
     end
 
@@ -1454,8 +1530,7 @@ module HubSsoLib
       if request.ssl? || hub_bypass_ssl?
         return true
       else
-        # This isn't reliable: redirect_to({ :protocol => 'https://' })
-        redirect_to( hubssolib_promote_uri_to_ssl( request.request_uri, request.host ) )
+        redirect_to(hubssolib_promote_uri_to_ssl(request.original_url))
         return false
       end
     end
@@ -1465,21 +1540,32 @@ module HubSsoLib
     # dropped. However, we also want this to work without being logged in, so
     # in that case it uses the normal flash as a backup when *writing*.
     #
+    # This method returns the Hub flash if logged in, else +nil+.
+    #
     def hubssolib_get_flash
       session = self.hubssolib_get_session()
-      session&.session_flash || {}
+      session&.session_flash
     end
 
+    # Set Flash information under the given symbol with the given text message,
+    # using the Hub cross-application flash store if logged in, else the
+    # this-application local session flash store otherwise.
+    #
     def hubssolib_set_flash(symbol, message)
       session = self.hubssolib_get_session()
-      f       = hubssolib_get_flash() unless session.nil?
-      f       = self.flash if f.nil? && self.respond_to?(:flash)
+
+      f   = hubssolib_get_flash()
+      f ||= self.flash if self.respond_to?(:flash)
+      f ||= {}
 
       f[symbol] = message
 
       session.session_flash = f unless session.nil?
     end
 
+    # Clears the *hub* flash for logged-in users, but not the local application
+    # session flash.
+    #
     def hubssolib_clear_flash
       session = self.hubssolib_get_session()
       session.session_flash = {} unless session.nil?
@@ -1495,6 +1581,10 @@ module HubSsoLib
     # values. This allows both the Hub and standard flashes to have values
     # inside them under the same key. All keys are strings.
     #
+    # You may well prefer to use #hubssolib_flash_markup to obtain something
+    # that can be written straight into a view, unless it doesn't meet your
+    # markup requirements.
+    #
     def hubssolib_flash_data
 
       # These known key values are used to guarantee an order in the output
@@ -1510,14 +1600,14 @@ module HubSsoLib
       # Get an array of keys for the Hub flash with the ordered key items
       # first and store data from that flash; same again for standard.
 
-      hash = hubssolib_get_flash()
+      hash = hubssolib_get_flash() || {}
       keys = ordered_keys | hash.keys
 
       keys.each do | key |
         compiled_data['hub'][key] = hash[key] if hash.key?(key)
       end
 
-      if defined?( flash )
+      if self.respond_to?( :flash )
         hash = flash.to_h()
         keys = ordered_keys | hash.keys
 
@@ -1527,11 +1617,60 @@ module HubSsoLib
       end
 
       hubssolib_clear_flash()
-      flash.discard()
+      flash.clear()
 
       return compiled_data
     end
 
+    # A companion to #hubssolib_flash_data which returns standardised Flash
+    # markup for your view. THIS MUST ONLY BE USED IN A VIEW / HELPER, or at
+    # least somewhere that ActionView::Helpers::TagHelper#tag is available.
+    #
+    # * An outer DIV with class "flash" wraps the content.
+    #
+    # * Within that, +H2+ tags wrap each message in the flash data. These
+    #   tags also have class "flash", along with an additional tag which is
+    #   equal to the key under which the message was found - so if adding a
+    #   flash message under, say, <tt>:alert</tt>, the rendered result would
+    #   be <tt>&lt;h2 class="flash alert"&gt;...&lt;/h2&gt;</tt>.
+    #
+    # * As a special case, a key with the suffix <tt>_html_safe</tt> is taken
+    #   to contain HTML-safe strings and potential markup, so you could do
+    #   things like add emphasis, other classes or styles to the data written
+    #   inside the +H2+ tag. Be very careful to make sure any non-markup data
+    #   is properly escaped first. The key-related class in the arising +H2+
+    #   tag _excludes_ the suffix, so e.g. <tt>:notice_html_safe</tt> will
+    #   lead to class +notice+.
+    #
+    # Hub session-sourced and Rails local app session-sourced flash data is
+    # treated the same, with Hub-sourced data listed first. The other is
+    # otherwise undefined (it's rare for there to be more than one thing in
+    # the flash at any given time, though).
+    #
+    def hubssolib_flash_markup
+      data = hubssolib_flash_data()
+      proc = Proc.new do | key, value |
+        key = key.to_s
+
+        if key.end_with?( '_html_safe' )
+          value = value.html_safe()
+          key   = key.chomp( '_html_safe' )
+        end
+
+        helpers.tag.h2(value, class: "flash #{ key }")
+      end
+
+      return helpers.tag.div(class: 'flash') do
+        data['hub'].each do | key, value |
+          helpers.concat(proc.call(key, value))
+        end
+
+        data['standard'].each do | key, value |
+          helpers.concat(proc.call(key, value))
+        end
+      end
+    end
+
     # Retrieve the message of an exception stored as an object in the given
     # string.
     #
@@ -1548,8 +1687,10 @@ module HubSsoLib
 
           :hubssolib_current_user,
           :hubssolib_unique_name,
+          :hubssolib_returnable_account_url,
           :hubssolib_account_link,
           :hubssolib_flash_data,
+          :hubssolib_flash_markup,
 
           :hubssolib_logged_in?,
           :hubssolib_authorized?,
@@ -1703,7 +1844,7 @@ module HubSsoLib
       #
       if hubssolib_ensure_https
         hubssolib_set_flash(:alert, 'You must log in before you can continue.')
-        redirect_to HUB_PATH_PREFIX + '/account/login'
+        redirect_to hubssolib_returnable_account_url(logged_in: false)
       end
 
       return false
@@ -1795,16 +1936,6 @@ module HubSsoLib
       session = self.hubssolib_get_session()
       session.session_last_used = time unless session.nil?
     end
-
-    def hubssolib_get_return_to
-      self.hubssolib_get_session()&.session_return_to
-    end
-
-    def hubssolib_set_return_to(uri)
-      session = self.hubssolib_get_session()
-      session.session_return_to = uri unless session.nil?
-    end
-
   end # Core module
 end # HubSsoLib module
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: hubssolib
 version: !ruby/object:Gem::Version
-  version: 3.7.1
+  version: 3.8.0
 platform: ruby
 authors:
 - Andrew Hodgkinson and others
 bindir: bin
 cert_chain: []
-date: 2025-03-28 00:00:00.000000000 Z
+date: 2025-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: drb
@@ -51,6 +51,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement