ixtlan-session-timeout 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/ixtlan/sessions/timeout.rb +7 -3
- data/spec/timeout_spec.rb +142 -0
- metadata +14 -44
- data/README.textile +0 -42
- data/features/generators.feature +0 -5
- data/features/step_definitions/simple_steps.rb +0 -22
@@ -27,7 +27,11 @@ module Ixtlan
|
|
27
27
|
protected
|
28
28
|
|
29
29
|
def check_session_expiry
|
30
|
-
|
30
|
+
puts "- - - -"
|
31
|
+
p session[:expires_at].asctime if session[:expires_at]
|
32
|
+
p DateTime.now.asctime
|
33
|
+
p ( session[:expires_at] && session[:expires_at] < DateTime.now)
|
34
|
+
if session[:expires_at] && session[:expires_at] < DateTime.now
|
31
35
|
# Session has expired.
|
32
36
|
session_log("session timeout")
|
33
37
|
expire_session
|
@@ -41,7 +45,7 @@ module Ixtlan
|
|
41
45
|
# IP binding is not very useful in the wild since some ISP use
|
42
46
|
# a different IP for each request, i.e. the session uses many IPs
|
43
47
|
def check_session_ip_binding
|
44
|
-
if !session[:session_ip].nil?
|
48
|
+
if !session[:session_ip].nil? && session[:session_ip] != request.headers['REMOTE_ADDR']
|
45
49
|
# client IP has changed
|
46
50
|
session_log("IP changed from #{session[:session_ip]} to #{request.headers['REMOTE_ADDR']}")
|
47
51
|
expire_session
|
@@ -87,7 +91,7 @@ module Ixtlan
|
|
87
91
|
end
|
88
92
|
|
89
93
|
def session_idle_timeout
|
90
|
-
Rails.configuration.
|
94
|
+
Rails.configuration.session_idle_timeout
|
91
95
|
end
|
92
96
|
end
|
93
97
|
end
|
@@ -0,0 +1,142 @@
|
|
1
|
+
require 'ixtlan/sessions/timeout'
|
2
|
+
require 'logger'
|
3
|
+
require 'date'
|
4
|
+
|
5
|
+
class Controller
|
6
|
+
|
7
|
+
def logger
|
8
|
+
@logger ||= Logger.new(STDOUT)
|
9
|
+
end
|
10
|
+
|
11
|
+
def session
|
12
|
+
@session ||= {}
|
13
|
+
end
|
14
|
+
|
15
|
+
def request
|
16
|
+
self
|
17
|
+
end
|
18
|
+
|
19
|
+
def headers
|
20
|
+
@header ||= {}
|
21
|
+
end
|
22
|
+
|
23
|
+
def respond_to(&block)
|
24
|
+
block.call(self)
|
25
|
+
end
|
26
|
+
|
27
|
+
def format
|
28
|
+
self
|
29
|
+
end
|
30
|
+
|
31
|
+
def html(&block)
|
32
|
+
block.call(self)
|
33
|
+
end
|
34
|
+
|
35
|
+
def xml(&block)
|
36
|
+
block.call(self)
|
37
|
+
end
|
38
|
+
|
39
|
+
def head(status)
|
40
|
+
@status = status
|
41
|
+
end
|
42
|
+
|
43
|
+
def redirect_to(loc)
|
44
|
+
@location = loc
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
|
49
|
+
class Rails
|
50
|
+
|
51
|
+
def self.configuration
|
52
|
+
self
|
53
|
+
end
|
54
|
+
|
55
|
+
def self.session_idle_timeout(val = nil)
|
56
|
+
@val = MyDate.new(val) if val
|
57
|
+
@val
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
class MyDate
|
63
|
+
|
64
|
+
def initialize(val)
|
65
|
+
from_now(val)
|
66
|
+
end
|
67
|
+
|
68
|
+
def minutes
|
69
|
+
self
|
70
|
+
end
|
71
|
+
|
72
|
+
def from_now(val = nil)
|
73
|
+
@val ||= val if val
|
74
|
+
DateTime.now + @val/1440.0
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
describe Ixtlan::Sessions::Timeout do
|
79
|
+
|
80
|
+
before :all do
|
81
|
+
Controller.send :include, Ixtlan::Sessions::Timeout
|
82
|
+
@controller = Controller.new
|
83
|
+
end
|
84
|
+
|
85
|
+
before :each do
|
86
|
+
@controller.session.clear
|
87
|
+
end
|
88
|
+
|
89
|
+
it "should keep session when staying on same remote IP" do
|
90
|
+
@controller.headers['REMOTE_ADDR'] = "127.0.1.1"
|
91
|
+
@controller.session.size.should == 0
|
92
|
+
@controller.send(:check_session_ip_binding).should be_true
|
93
|
+
@controller.session.size.should == 1
|
94
|
+
@controller.send(:check_session_ip_binding).should be_true
|
95
|
+
@controller.session.size.should == 1
|
96
|
+
end
|
97
|
+
|
98
|
+
it "should kill session when changing remote IP" do
|
99
|
+
@controller.headers['REMOTE_ADDR'] = "127.0.1.1"
|
100
|
+
@controller.session.size.should == 0
|
101
|
+
@controller.send(:check_session_ip_binding).should be_true
|
102
|
+
@controller.session.size.should == 1
|
103
|
+
|
104
|
+
@controller.headers['REMOTE_ADDR'] = "127.0.0.1"
|
105
|
+
@controller.send(:check_session_ip_binding).should be_false
|
106
|
+
@controller.session.size.should == 0
|
107
|
+
end
|
108
|
+
|
109
|
+
it "should keep session if idle timeout is in the future" do
|
110
|
+
Rails.configuration.session_idle_timeout(1)
|
111
|
+
@controller.session.size.should == 0
|
112
|
+
@controller.send(:check_session_expiry).should be_true
|
113
|
+
@controller.session.size.should == 1
|
114
|
+
@controller.send(:check_session_expiry).should be_true
|
115
|
+
@controller.session.size.should == 1
|
116
|
+
end
|
117
|
+
|
118
|
+
it "should kill session if idle timeout is in the past" do
|
119
|
+
Rails.configuration.session_idle_timeout(-1)
|
120
|
+
@controller.session.size.should == 0
|
121
|
+
# first the session has not expiration_date so it will be set
|
122
|
+
@controller.send(:check_session_expiry).should be_true
|
123
|
+
@controller.session.size.should == 1
|
124
|
+
# now the expiration date is in the past so there is a timeout
|
125
|
+
@controller.send(:check_session_expiry).should be_false
|
126
|
+
@controller.session.size.should == 0
|
127
|
+
end
|
128
|
+
|
129
|
+
it "should use the controller session_idle_timeout if overwritten" do
|
130
|
+
@controller.class.class_eval do
|
131
|
+
def session_idle_timeout
|
132
|
+
MyDate.new(1)
|
133
|
+
end
|
134
|
+
end
|
135
|
+
@controller.session.size.should == 0
|
136
|
+
@controller.send(:check_session_expiry).should be_true
|
137
|
+
@controller.session.size.should == 1
|
138
|
+
@controller.send(:check_session_expiry).should be_true
|
139
|
+
@controller.session.size.should == 1
|
140
|
+
end
|
141
|
+
|
142
|
+
end
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
version: 0.1.
|
8
|
+
- 1
|
9
|
+
version: 0.1.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- mkristian
|
@@ -14,55 +14,27 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-03-
|
17
|
+
date: 2011-03-22 00:00:00 +05:30
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
|
-
- !ruby/object:Gem::Dependency
|
21
|
-
name: rails
|
22
|
-
prerelease: false
|
23
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
-
requirements:
|
25
|
-
- - "="
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
segments:
|
28
|
-
- 3
|
29
|
-
- 0
|
30
|
-
- 1
|
31
|
-
version: 3.0.1
|
32
|
-
type: :development
|
33
|
-
version_requirements: *id001
|
34
20
|
- !ruby/object:Gem::Dependency
|
35
21
|
name: rspec
|
36
22
|
prerelease: false
|
37
|
-
requirement: &
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
38
24
|
requirements:
|
39
25
|
- - "="
|
40
26
|
- !ruby/object:Gem::Version
|
41
27
|
segments:
|
42
28
|
- 2
|
43
|
-
- 0
|
44
|
-
- 1
|
45
|
-
version: 2.0.1
|
46
|
-
type: :development
|
47
|
-
version_requirements: *id002
|
48
|
-
- !ruby/object:Gem::Dependency
|
49
|
-
name: cucumber
|
50
|
-
prerelease: false
|
51
|
-
requirement: &id003 !ruby/object:Gem::Requirement
|
52
|
-
requirements:
|
53
|
-
- - "="
|
54
|
-
- !ruby/object:Gem::Version
|
55
|
-
segments:
|
56
|
-
- 0
|
57
|
-
- 9
|
58
29
|
- 4
|
59
|
-
|
30
|
+
- 0
|
31
|
+
version: 2.4.0
|
60
32
|
type: :development
|
61
|
-
version_requirements: *
|
33
|
+
version_requirements: *id001
|
62
34
|
- !ruby/object:Gem::Dependency
|
63
35
|
name: rake
|
64
36
|
prerelease: false
|
65
|
-
requirement: &
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
66
38
|
requirements:
|
67
39
|
- - "="
|
68
40
|
- !ruby/object:Gem::Version
|
@@ -72,7 +44,7 @@ dependencies:
|
|
72
44
|
- 7
|
73
45
|
version: 0.8.7
|
74
46
|
type: :development
|
75
|
-
version_requirements: *
|
47
|
+
version_requirements: *id002
|
76
48
|
description: idle session timeout for rails on a per controller base
|
77
49
|
email:
|
78
50
|
- m.kristian@web.de
|
@@ -83,16 +55,14 @@ extensions: []
|
|
83
55
|
extra_rdoc_files: []
|
84
56
|
|
85
57
|
files:
|
86
|
-
- README.textile
|
87
|
-
- features/step_definitions/simple_steps.rb
|
88
|
-
- features/generators.feature
|
89
58
|
- lib/ixtlan-session-timeout.rb
|
90
59
|
- lib/ixtlan/sessions/timeout.rb
|
91
60
|
- lib/ixtlan/sessions/railtie.rb
|
61
|
+
- spec/timeout_spec.rb
|
92
62
|
has_rdoc: true
|
93
63
|
homepage: http://github.com/mkristian/ixtlan-session-timeout
|
94
|
-
licenses:
|
95
|
-
|
64
|
+
licenses:
|
65
|
+
- MIT-LICENSE
|
96
66
|
post_install_message:
|
97
67
|
rdoc_options:
|
98
68
|
- --main
|
@@ -120,5 +90,5 @@ rubygems_version: 1.3.6
|
|
120
90
|
signing_key:
|
121
91
|
specification_version: 3
|
122
92
|
summary: idle session timeout on a per controller base
|
123
|
-
test_files:
|
124
|
-
|
93
|
+
test_files:
|
94
|
+
- spec/timeout_spec.rb
|
data/README.textile
DELETED
@@ -1,42 +0,0 @@
|
|
1
|
-
h1. Rails Idle Session Timeout
|
2
|
-
|
3
|
-
p. when you deal with privacy related data during a session then it is important to timeout these session since it happens to often that a session stays open. there a lot of examples how to "reuse" an open session.
|
4
|
-
|
5
|
-
p. sometimes it is nessecary to have different timeout for different parts of the system. you can do this with
|
6
|
-
|
7
|
-
bc. class MyController
|
8
|
-
def session_idle_timeout
|
9
|
-
Configuration.instance.user_idle_session_timeout
|
10
|
-
end
|
11
|
-
. . .
|
12
|
-
end
|
13
|
-
|
14
|
-
p. or you want to bind your admin session to the IP of the admin:
|
15
|
-
|
16
|
-
bc. class MyAdminController
|
17
|
-
before_filter :check_session_ip_binding
|
18
|
-
. . .
|
19
|
-
end
|
20
|
-
|
21
|
-
p. or you do not want any session timeout
|
22
|
-
|
23
|
-
bc. class MyAdminController
|
24
|
-
skip_before_filter :check_session_expiry
|
25
|
-
. . .
|
26
|
-
end
|
27
|
-
|
28
|
-
h2. install
|
29
|
-
|
30
|
-
p. in Gemfile add *gem 'ixtlan-session-timeout'*
|
31
|
-
|
32
|
-
p. for the configuration add for example in _config/initializers/session-timeout.rb_. without that the default idle timeout is 5 minutes.
|
33
|
-
|
34
|
-
bc. Rails.application.config.idle_session_timeout = 30 #minutes
|
35
|
-
|
36
|
-
h2. relation to ixtlan gem
|
37
|
-
|
38
|
-
p. the ixtlan gem provides a setup generator which adds configuration examples for this gem in _config/initializer/ixtlan.rb_ (the dynamic configuration is part of the ixtlan gem and it is just easier to keep that inside that gem !!!)
|
39
|
-
|
40
|
-
h2. relation to ixtlan-audit gem
|
41
|
-
|
42
|
-
p. if that gem is present and loaded than any timeout will be log with the help of _Ixtlan::Audit::UserLogger_
|
data/features/generators.feature
DELETED
@@ -1,5 +0,0 @@
|
|
1
|
-
Feature: Generators for Ixtlan Audit
|
2
|
-
|
3
|
-
Scenario: The slf4r rails template creates a rails application which uses slf4r-wrapper
|
4
|
-
Given I create new rails application with template "simple.template"
|
5
|
-
Then the output should contain "setup slf4r logger wrapper with ActiveSupport::BufferedLogger"
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require 'fileutils'
|
2
|
-
Given /^I create new rails application with template "(.*)"$/ do |template|
|
3
|
-
name = template.sub(/.template$/, '')
|
4
|
-
directory = File.join('target', name)
|
5
|
-
rails_version = ENV['RAILS_VERSION'] || '3.0.1'
|
6
|
-
|
7
|
-
ruby = defined?(JRUBY_VERSION) ? "jruby" : "ruby"
|
8
|
-
rails_command = "#{ENV['GEM_HOME']}/bin/rails"
|
9
|
-
rails_command = "-S rails" unless File.exists?(rails_command)
|
10
|
-
command = "#{rails_command} _#{rails_version}_ new #{directory} -f -m templates/#{template}"
|
11
|
-
FileUtils.rm_rf(directory)
|
12
|
-
|
13
|
-
system "#{ruby} #{command}"
|
14
|
-
|
15
|
-
@result = File.read("target/#{name}/log/development.log")
|
16
|
-
puts @result
|
17
|
-
end
|
18
|
-
|
19
|
-
Then /^the output should contain \"(.*)\"$/ do |expected|
|
20
|
-
(@result =~ /.*#{expected}.*/).should_not be_nil
|
21
|
-
end
|
22
|
-
|