ixtlan-session-timeout 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/lib/ixtlan/sessions/railtie.rb +2 -1
- data/lib/ixtlan/sessions/timeout.rb +14 -8
- data/spec/timeout_spec.rb +19 -5
- metadata +7 -7
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2008 Kristian Meier
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -9,11 +9,12 @@ module Ixtlan
|
|
9
9
|
app.config.class.class_eval do
|
10
10
|
attr_accessor :idle_session_timeout
|
11
11
|
end
|
12
|
-
app.config.idle_session_timeout =
|
12
|
+
app.config.idle_session_timeout = 15 #minutes
|
13
13
|
end
|
14
14
|
|
15
15
|
config.after_initialize do |app|
|
16
16
|
::ActionController::Base.send(:include, Ixtlan::Sessions::Timeout)
|
17
|
+
::ActionController::Base.send(:before_filter, :check_session)
|
17
18
|
end
|
18
19
|
end
|
19
20
|
end
|
@@ -23,21 +23,24 @@ module Ixtlan
|
|
23
23
|
session_timeout
|
24
24
|
return false
|
25
25
|
end
|
26
|
-
|
26
|
+
|
27
|
+
unless respond_to? :logged_in?
|
28
|
+
def logged_in?
|
29
|
+
respond_to?(:current_user) && send(:current_user)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
27
33
|
protected
|
28
34
|
|
29
35
|
def check_session_expiry
|
30
|
-
|
31
|
-
p session[:expires_at].asctime if session[:expires_at]
|
32
|
-
p DateTime.now.asctime
|
33
|
-
p ( session[:expires_at] && session[:expires_at] < DateTime.now)
|
36
|
+
return true unless logged_in?
|
34
37
|
if session[:expires_at] && session[:expires_at] < DateTime.now
|
35
38
|
# Session has expired.
|
36
39
|
session_log("session timeout")
|
37
40
|
expire_session
|
38
41
|
else
|
39
42
|
# Assign a new expiry time
|
40
|
-
session[:expires_at] =
|
43
|
+
session[:expires_at] = idle_session_timeout.minutes.from_now
|
41
44
|
return true
|
42
45
|
end
|
43
46
|
end
|
@@ -45,6 +48,7 @@ p ( session[:expires_at] && session[:expires_at] < DateTime.now)
|
|
45
48
|
# IP binding is not very useful in the wild since some ISP use
|
46
49
|
# a different IP for each request, i.e. the session uses many IPs
|
47
50
|
def check_session_ip_binding
|
51
|
+
return true unless logged_in?
|
48
52
|
if !session[:session_ip].nil? && session[:session_ip] != request.headers['REMOTE_ADDR']
|
49
53
|
# client IP has changed
|
50
54
|
session_log("IP changed from #{session[:session_ip]} to #{request.headers['REMOTE_ADDR']}")
|
@@ -57,10 +61,12 @@ p ( session[:expires_at] && session[:expires_at] < DateTime.now)
|
|
57
61
|
end
|
58
62
|
|
59
63
|
def check_session
|
64
|
+
return true unless logged_in?
|
60
65
|
check_session_browser_signature && check_session_expiry
|
61
66
|
end
|
62
67
|
|
63
68
|
def check_session_browser_signature
|
69
|
+
return true unless logged_in?
|
64
70
|
if !session[:session_browser_signature].nil? and session[:session_browser_signature] != retrieve_browser_signature
|
65
71
|
# browser signature has changed
|
66
72
|
session_log("browser signature changed from #{session[:session_browser_signature]} to #{retrieve_browser_signature}")
|
@@ -90,8 +96,8 @@ p ( session[:expires_at] && session[:expires_at] < DateTime.now)
|
|
90
96
|
end
|
91
97
|
end
|
92
98
|
|
93
|
-
def
|
94
|
-
Rails.configuration.
|
99
|
+
def idle_session_timeout
|
100
|
+
Rails.configuration.idle_session_timeout
|
95
101
|
end
|
96
102
|
end
|
97
103
|
end
|
data/spec/timeout_spec.rb
CHANGED
@@ -4,6 +4,8 @@ require 'date'
|
|
4
4
|
|
5
5
|
class Controller
|
6
6
|
|
7
|
+
attr_accessor :current_user
|
8
|
+
|
7
9
|
def logger
|
8
10
|
@logger ||= Logger.new(STDOUT)
|
9
11
|
end
|
@@ -52,7 +54,7 @@ class Rails
|
|
52
54
|
self
|
53
55
|
end
|
54
56
|
|
55
|
-
def self.
|
57
|
+
def self.idle_session_timeout(val = nil)
|
56
58
|
@val = MyDate.new(val) if val
|
57
59
|
@val
|
58
60
|
end
|
@@ -84,6 +86,7 @@ describe Ixtlan::Sessions::Timeout do
|
|
84
86
|
|
85
87
|
before :each do
|
86
88
|
@controller.session.clear
|
89
|
+
@controller.current_user = Object.new
|
87
90
|
end
|
88
91
|
|
89
92
|
it "should keep session when staying on same remote IP" do
|
@@ -107,7 +110,7 @@ describe Ixtlan::Sessions::Timeout do
|
|
107
110
|
end
|
108
111
|
|
109
112
|
it "should keep session if idle timeout is in the future" do
|
110
|
-
Rails.configuration.
|
113
|
+
Rails.configuration.idle_session_timeout(1)
|
111
114
|
@controller.session.size.should == 0
|
112
115
|
@controller.send(:check_session_expiry).should be_true
|
113
116
|
@controller.session.size.should == 1
|
@@ -116,7 +119,7 @@ describe Ixtlan::Sessions::Timeout do
|
|
116
119
|
end
|
117
120
|
|
118
121
|
it "should kill session if idle timeout is in the past" do
|
119
|
-
Rails.configuration.
|
122
|
+
Rails.configuration.idle_session_timeout(-1)
|
120
123
|
@controller.session.size.should == 0
|
121
124
|
# first the session has not expiration_date so it will be set
|
122
125
|
@controller.send(:check_session_expiry).should be_true
|
@@ -126,9 +129,20 @@ describe Ixtlan::Sessions::Timeout do
|
|
126
129
|
@controller.session.size.should == 0
|
127
130
|
end
|
128
131
|
|
129
|
-
it "should
|
132
|
+
it "should leave session along if there is no current_user" do
|
133
|
+
@controller.current_user = nil
|
134
|
+
@controller.session.size.should == 0
|
135
|
+
@controller.send(:check_session_expiry).should be_true
|
136
|
+
@controller.session.size.should == 0
|
137
|
+
@controller.send(:check_session_browser_signature).should be_true
|
138
|
+
@controller.session.size.should == 0
|
139
|
+
@controller.send(:check_session_ip_binding).should be_true
|
140
|
+
@controller.session.size.should == 0
|
141
|
+
end
|
142
|
+
|
143
|
+
it "should use the controller idle_session_timeout if overwritten" do
|
130
144
|
@controller.class.class_eval do
|
131
|
-
def
|
145
|
+
def idle_session_timeout
|
132
146
|
MyDate.new(1)
|
133
147
|
end
|
134
148
|
end
|
metadata
CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease: false
|
5
5
|
segments:
|
6
6
|
- 0
|
7
|
-
-
|
8
|
-
-
|
9
|
-
version: 0.
|
7
|
+
- 2
|
8
|
+
- 0
|
9
|
+
version: 0.2.0
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- mkristian
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-03
|
17
|
+
date: 2011-04-03 00:00:00 +05:30
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -55,6 +55,7 @@ extensions: []
|
|
55
55
|
extra_rdoc_files: []
|
56
56
|
|
57
57
|
files:
|
58
|
+
- MIT-LICENSE
|
58
59
|
- lib/ixtlan-session-timeout.rb
|
59
60
|
- lib/ixtlan/sessions/timeout.rb
|
60
61
|
- lib/ixtlan/sessions/railtie.rb
|
@@ -64,9 +65,8 @@ homepage: http://github.com/mkristian/ixtlan-session-timeout
|
|
64
65
|
licenses:
|
65
66
|
- MIT-LICENSE
|
66
67
|
post_install_message:
|
67
|
-
rdoc_options:
|
68
|
-
|
69
|
-
- README.textile
|
68
|
+
rdoc_options: []
|
69
|
+
|
70
70
|
require_paths:
|
71
71
|
- lib
|
72
72
|
required_ruby_version: !ruby/object:Gem::Requirement
|