RubyGems - katalyst-koi - Versions diffs - 4.19.0 → 4.20.1 - Mend

katalyst-koi 4.19.0 → 4.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

data/app/components/koi/header/edit_component.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Koi
         super()
         @resource = resource
-        @title = title
+        @title    = title
         @header = HeaderComponent.new(title: self.title)
       end

data/app/components/koi/tables/cells/link_component.rb CHANGED Viewed

@@ -26,8 +26,8 @@ module Koi
           def initialize(cell:, url:, default_url:, **)
             super(**)
-            @cell = cell
-            @url = url
+            @cell        = cell
+            @url         = url
             @default_url = default_url
           end

data/app/controllers/admin/admin_users_controller.rb CHANGED Viewed

@@ -71,7 +71,7 @@ module Admin
     private
     def set_admin
-      @admin = Admin::User.with_archived.find(params[:id])
+      @admin = Admin::User.with_archived.find(params.expect(:id))
       request.variant << :self if @admin == current_admin_user
     end

data/app/controllers/admin/credentials_controller.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module Admin
     end
     def destroy
-      credential = @admin_user.credentials.find(params[:id])
+      credential = @admin_user.credentials.find(params.expect(:id))
       credential.destroy!
       respond_to do |format|
@@ -68,7 +68,7 @@ module Admin
     end
     def set_admin_user
-      @admin_user = Admin::User.find(params[:admin_user_id])
+      @admin_user = Admin::User.find(params.expect(:admin_user_id))
       if current_admin == @admin_user
         request.variant = :self

data/app/controllers/admin/otps_controller.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Admin
     end
     def set_admin_user
-      @admin_user = Admin::User.find(params[:admin_user_id])
+      @admin_user = Admin::User.find(params.expect(:admin_user_id))
       if current_admin == @admin_user
         request.variant = :self

data/app/controllers/admin/sessions_controller.rb CHANGED Viewed

@@ -35,9 +35,7 @@ module Admin
     end
     def destroy
-      record_sign_out!(current_admin_user)
-      session[:admin_user_id] = nil
+      destroy_admin_session!(current_admin_user)
       redirect_to new_admin_session_path
     end
@@ -95,9 +93,7 @@ module Admin
     end
     def admin_sign_in(admin_user)
-      record_sign_in!(admin_user)
-      session[:admin_user_id] = admin_user.id
+      create_admin_session!(admin_user)
       redirect_to(url_from(params[:redirect].presence) || admin_dashboard_path, status: :see_other)
     end

data/app/controllers/admin/tokens_controller.rb CHANGED Viewed

@@ -22,9 +22,7 @@ module Admin
     def update
       if (@admin_user = Admin::User.find_by_token_for(:password_reset, params[:token]))
-        record_sign_in!(admin_user)
-        session[:admin_user_id] = admin_user.id
+        create_admin_session!(admin_user)
         redirect_to admin_admin_user_path(admin_user), status: :see_other, notice: t("koi.auth.token_consumed")
       else
@@ -35,7 +33,7 @@ module Admin
     private
     def set_admin_user
-      @admin_user = Admin::User.find(params[:admin_user_id])
+      @admin_user = Admin::User.find(params.expect(:admin_user_id))
     end
   end
 end

data/app/controllers/admin/url_rewrites_controller.rb CHANGED Viewed

@@ -56,7 +56,7 @@ module Admin
     end
     def set_url_rewrite
-      @url_rewrite = UrlRewrite.find(params[:id])
+      @url_rewrite = UrlRewrite.find(params.expect(:id))
     end
     class Collection < Admin::Collection

data/app/controllers/admin/well_knowns_controller.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module Admin
     # Use callbacks to share common setup or constraints between actions.
     def set_well_known
-      @well_known = ::WellKnown.find(params[:id])
+      @well_known = ::WellKnown.find(params.expect(:id))
     end
     class Collection < Admin::Collection

data/app/controllers/concerns/koi/controller/is_admin_controller.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Koi
         include HasAttachments
         include Katalyst::Tables::Backend
-        if (pagy = "Pagy::Method".safe_constantize)
+        if (pagy    = "Pagy::Method".safe_constantize)
           include pagy
         elsif (pagy = "Pagy::Backend".safe_constantize)
           # @deprecated Pagy <43
@@ -49,8 +49,12 @@ module Koi
       def authenticate_local_admin
         return if admin_signed_in? || !Rails.env.development?
-        session[:admin_user_id] =
-          Admin::User.where(email: %W[#{ENV.fetch('USER', nil)}@katalyst.com.au admin@katalyst.com.au]).first&.id
+        admin_user = Admin::User.where(email: %W[#{ENV.fetch('USER', nil)}@katalyst.com.au admin@katalyst.com.au]).first
+        return unless admin_user
+        session[:admin_user_id]           = admin_user.id
+        session[:admin_user_signed_in_at] = Time.current.iso8601(6)
         flash.delete(:redirect) if (redirect = flash[:redirect])

data/app/controllers/concerns/koi/controller/records_authentication.rb CHANGED Viewed

@@ -3,33 +3,46 @@
 module Koi
   module Controller
     module RecordsAuthentication
-      def update_last_sign_in(admin_user)
-        return if admin_user.current_sign_in_at.blank?
+      def create_admin_session!(admin_user)
+        sign_in_at = Time.current
-        admin_user.last_sign_in_at = admin_user.current_sign_in_at
-        admin_user.last_sign_in_ip = admin_user.current_sign_in_ip
-      end
-      def record_sign_in!(admin_user)
         update_last_sign_in(admin_user)
-        admin_user.current_sign_in_at = Time.current
+        admin_user.current_sign_in_at = sign_in_at
         admin_user.current_sign_in_ip = request.remote_ip
-        admin_user.sign_in_count += 1
+        admin_user.sign_in_count     += 1
         admin_user.save!
+        session[:admin_user_id]           = admin_user.id
+        session[:admin_user_signed_in_at] = sign_in_at.iso8601(6)
       end
-      def record_sign_out!(admin_user)
+      def destroy_admin_session!(admin_user)
+        session[:admin_user_id]           = nil
+        session[:admin_user_signed_in_at] = nil
         return unless admin_user
+        sign_out_at = Time.current
         update_last_sign_in(admin_user)
+        admin_user.last_sign_out_at   = sign_out_at
         admin_user.current_sign_in_at = nil
         admin_user.current_sign_in_ip = nil
         admin_user.save!
       end
+      private
+      def update_last_sign_in(admin_user)
+        return if admin_user.current_sign_in_at.blank?
+        admin_user.last_sign_in_at = admin_user.current_sign_in_at
+        admin_user.last_sign_in_ip = admin_user.current_sign_in_ip
+      end
     end
   end
 end

data/app/controllers/well_knowns_controller.rb CHANGED Viewed

@@ -10,6 +10,6 @@ class WellKnownsController < ApplicationController
   private
   def set_well_known
-    @well_known = WellKnown.find_by!(name: params[:name])
+    @well_known = WellKnown.find_by!(name: params.expect(:name))
   end
 end

data/app/helpers/koi/date_helper.rb CHANGED Viewed

@@ -5,8 +5,8 @@ module Koi
     # Returns a string representing the number of days ago or from now.
     # If the date is not 'recent' returns nil.
     def days_ago_in_words(value)
-      from_time = value.to_time
-      to_time = Date.current.to_time
+      from_time        = value.to_time
+      to_time          = Date.current.to_time
       distance_in_days = ((to_time - from_time) / (24.0 * 60.0 * 60.0)).round
       case distance_in_days

data/db/migrate/20260501000000_add_last_sign_out_at_to_admin_users.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+class AddLastSignOutAtToAdminUsers < ActiveRecord::Migration[8.0]
+  def change
+    add_column :admins, :last_sign_out_at, :datetime
+  end
+end

data/lib/generators/koi/admin/admin_generator.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Koi
     hook_for :admin_controller, in: :koi, as: :admin, type: :boolean, default: true do |instance, controller|
       args, opts, config = @_initializer
-      opts               ||= {}
+      opts             ||= {}
       # setting model_name so that generators will use the controller_class_path
       instance.invoke controller, args, { model_name: instance.name, **opts }, config

data/lib/generators/koi/admin_controller/admin_controller_generator.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Koi
     def permitted_params
       attachments, others = attributes_names.partition { |name| attachments?(name) }
       params              = others.map { |name| ":#{name}" }
-      params += attachments.map { |name| "#{name}: []" }
+      params             += attachments.map { |name| "#{name}: []" }
       params.join(", ")
     end

data/lib/generators/koi/admin_route/admin_route_generator.rb CHANGED Viewed

@@ -67,9 +67,10 @@ module Koi
       in_root do
         if (namespace_match = match_file(route_file, namespace_pattern))
           base_indent, *, existing_block_indent = namespace_match.captures.compact.map(&:length)
-          existing_line_pattern                 = /^ {,#{existing_block_indent}}\S.+\n?/
-          routing_code = rebase_indentation(routing_code, base_indent + 2).gsub(existing_line_pattern, "")
-          namespace_pattern = /#{Regexp.escape namespace_match.to_s}/
+          existing_line_pattern = /^ {,#{existing_block_indent}}\S.+\n?/
+          routing_code          = rebase_indentation(routing_code, base_indent + 2).gsub(existing_line_pattern, "")
+          namespace_pattern     = /#{Regexp.escape namespace_match.to_s}/
         end
         inject_into_file route_file, routing_code, after: namespace_pattern, verbose: true, force: false

data/lib/koi/form/builder.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Koi
       # @see GOVUKDesignSystemFormBuilder::Builder#govuk_document_field
       def govuk_document_field(attribute_name, hint: {}, **, &)
         if hint.is_a?(Hash)
-          max_size = hint.fetch(:max_size, Koi.config.document_size_limit)
+          max_size      = hint.fetch(:max_size, Koi.config.document_size_limit)
           hint[:text] ||= t("helpers.hint.default.document", max_size: @template.number_to_human_size(max_size))
         end
@@ -52,7 +52,7 @@ module Koi
       # @see GOVUKDesignSystemFormBuilder::Builder#govuk_image_field
       def govuk_image_field(attribute_name, hint: {}, **, &)
         if hint.is_a?(Hash)
-          max_size = hint.fetch(:max_size, Koi.config.image_size_limit)
+          max_size      = hint.fetch(:max_size, Koi.config.image_size_limit)
           hint[:text] ||= t("helpers.hint.default.document", max_size: @template.number_to_human_size(max_size))
         end

data/lib/koi/form/elements/file_element.rb CHANGED Viewed

@@ -97,7 +97,7 @@ module Koi
           {
             id:    field_id(link_errors: true),
             class: classes,
-            aria:  { describedby: combine_references(hint_id, error_id, supplemental_id) },
+            aria:  { describedby: combine_references(hint_id, error_id) },
           }
         end

data/lib/koi/middleware/admin_authentication.rb CHANGED Viewed

@@ -16,10 +16,11 @@ module Koi
       end
       def admin_call(env)
-        request = ActionDispatch::Request.new(env)
-        session = ActionDispatch::Request::Session.find(request)
+        request       = ActionDispatch::Request.new(env)
+        session       = ActionDispatch::Request::Session.find(request)
+        authenticated = authenticated?(session)
-        if requires_authentication?(request) && !authenticated?(session)
+        if requires_authentication?(request) && !authenticated
           # Set the redirection path for returning the user to their requested path after login
           if request.get?
             request.flash[:redirect] = request.fullpath
@@ -39,7 +40,34 @@ module Koi
       end
       def authenticated?(session)
-        session[:admin_user_id].present?
+        admin_user = Admin::User.find_by(id: session[:admin_user_id])
+        unless admin_user
+          clear_admin_session(session)
+          return false
+        end
+        signed_in_at = session_signed_in_at(session)
+        if signed_in_at.blank? || session_expired?(admin_user, signed_in_at)
+          clear_admin_session(session)
+          return false
+        end
+        true
+      end
+      def session_signed_in_at(session)
+        Time.zone.parse(session[:admin_user_signed_in_at].to_s)
+      rescue ArgumentError
+        nil
+      end
+      def session_expired?(admin_user, signed_in_at)
+        admin_user.last_sign_out_at.present? && signed_in_at < admin_user.last_sign_out_at
+      end
+      def clear_admin_session(session)
+        session.delete(:admin_user_id)
+        session.delete(:admin_user_signed_in_at)
       end
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: katalyst-koi
 version: !ruby/object:Gem::Version
-  version: 4.19.0
+  version: 4.20.1
 platform: ruby
 authors:
 - Katalyst Interactive
@@ -478,6 +478,7 @@ files:
 - db/migrate/20231211005214_add_status_code_to_url_rewrites.rb
 - db/migrate/20241214060913_add_otp_secret_to_admin_users.rb
 - db/migrate/20250204060748_create_well_knowns.rb
+- db/migrate/20260501000000_add_last_sign_out_at_to_admin_users.rb
 - db/seeds.rb
 - lib/generators/koi/active_record/active_record_generator.rb
 - lib/generators/koi/admin/USAGE
@@ -537,7 +538,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.10
 specification_version: 4
 summary: Koi CMS admin framework
 test_files: []