session-check 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3c086b705a832734d76b4abdeb2e2ce98c3b3278629efce7a7dd0714cedf0134
4
- data.tar.gz: 4059cbfc502675d24fbb5360e4c3e9de0917690165aaab8a1a39f2ea51f0c33d
3
+ metadata.gz: 01760d88d12d072557a3850b09592a39c0d402d18cdd5b4d48193d3c3780a15c
4
+ data.tar.gz: 1809267c20cc72d9927cacf7521f1dd025d7b7861e0e10f68fc8579191cce167
5
5
  SHA512:
6
- metadata.gz: f330839b1cee46fb05e160c0c5f3174a38611a8711a113533a41102016f2cdc6b833787fc95835a33cc07f6dd3bb36e2bd895066b905d429df68428ec48c8106
7
- data.tar.gz: c0f2cac5d5f86949e0a6c924d35badafdc2bab9c9ae435eae1f5990745476a1d8be383b7ff24f82c623f35ca9a4cc9e2ed3d00b476c4f0e1f575bc1c71548722
6
+ metadata.gz: e39eb03da722898d4a7d6e8c1618aceadbb643e53a84e549f23651919d5ddc30aab9cf7f3ba84cc8f2ded1950e963c8bf46245b64e0312d4883a8993f478ae83
7
+ data.tar.gz: 70559131eee0435399dfc94002a6456924bcdb08a8401ed12037ce4098e247f25422457eb72099760697ccecb7f481d4da8866034d41eaad86b39a93d31446ee
data/README.md CHANGED
@@ -29,7 +29,51 @@ their browser, you can start the ping process by calling:
29
29
 
30
30
  SessionCheck.should_session_check = true;
31
31
 
32
+ # Configuration
33
+
34
+ `logged_out_url` — the URL users are redirected to when their session expires. Defaults to `/users/sign_in`.
35
+
36
+ Session::Check.configure do |config|
37
+ config.logged_out_url = '/login'
38
+ config.check_every_s = 30
39
+ end
40
+
41
+ These can also be overridden per-call:
42
+
43
+ <%= session_check logged_out_url: '/login', check_every_s: 30 %>
44
+
45
+ # Custom session detection
46
+
47
+ If your application uses a non-Devise session mechanism (e.g. token-based principals stored in the session hash),
48
+ you can override how the gem detects an active session by configuring a `session_active_proc`.
49
+
50
+ The proc receives the current context (controller in the ping endpoint, view/helper context in the `session_check` helper) and must return a Hash with two keys:
51
+ - `exists` — Boolean, whether an active session is present
52
+ - `expires_in` — Integer (seconds), how long until the session expires
53
+
54
+ Session::Check.configure do |config|
55
+ config.session_active_proc = ->(controller) {
56
+ if controller.current_user
57
+ # Devise-backed session
58
+ expires_in = Session::Check::Devise.expires_in(controller.session)
59
+ { exists: true, expires_in: expires_in }
60
+ elsif controller.session[:my_custom_principal]
61
+ { exists: true, expires_in: 3600 }
62
+ else
63
+ { exists: false, expires_in: 0 }
64
+ end
65
+ }
66
+ end
67
+
68
+ When `session_active_proc` is configured it replaces the default `current_user` check in both the
69
+ server-side ping endpoint and the initial JS `should_session_check` value. All other behaviour
70
+ (check interval, AJAX counter reset, redirect URL) remains unchanged and configurable via the
71
+ `session_check` helper options.
72
+
73
+ If `session_active_proc` is not set the gem uses the default Devise behaviour, computing remaining session time from the Warden last-request timestamp.
74
+
32
75
  # Changelog
33
76
 
77
+ Version 2.0.0 : **Breaking change** — default Devise behaviour now correctly computes remaining session time from the Warden last-request timestamp rather than always returning the full timeout. `current_user` is no longer exposed to the session check partial. Added `session_active_proc` configuration option for non-Devise session support. Fixed setTimeout multiplier (5000 → 1000) so session checks fire at the correct interval. Bump your dependency to `>= 2.0.0`.
34
78
  Version 1.1.0 : Added optional nonce
35
79
  Version 0.2.1 : Added explicit reference to Devise (which is required)
@@ -7,38 +7,15 @@ module Session
7
7
 
8
8
  prepend_before_action :dont_update_request_time
9
9
 
10
- # Find it there is a session, and if it has any warden information. If so, the user is logged in.
11
10
  def time_to_session_expiry
12
- session_exists = false
13
- session_expires_in = 0
14
- if current_user
15
- session_exists = true
16
- # This calculates how many seconds there are until they are logged out
17
- session_expires_in = calculate_session_expires_in
18
- end
19
- render json: { session_exists: session_exists, session_expires_in: session_expires_in }
11
+ result = Session::Check.configuration.call_session_active_proc(self)
12
+ render json: { session_exists: !!result[:exists], session_expires_in: result[:expires_in].to_i }
20
13
  end
21
14
 
22
15
  # This ensures this request ping doesn't update their last access time.
23
16
  private def dont_update_request_time
24
17
  request.env['devise.skip_trackable'] = true
25
18
  end
26
-
27
- private def calculate_session_expires_in
28
- User.timeout_in -
29
- Time.now.utc.to_i.seconds +
30
- SessionChecksController.time_of_last_warden_request(session).to_i.seconds
31
- rescue => _e
32
- 1000000.seconds
33
- end
34
-
35
- class << self
36
- def time_of_last_warden_request(session)
37
- session['warden.user.user.session']['last_request_at']
38
- rescue => _e
39
- Time.zone.now
40
- end
41
- end
42
19
  end
43
20
  end
44
21
  end
@@ -1,18 +1,20 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'devise'
4
-
5
3
  module Session
6
4
  module Check
7
5
  module SessionCheckHelper
8
6
  def session_check(options = {})
7
+ result = Session::Check.configuration.call_session_active_proc(self)
8
+ session_active = !!result[:exists]
9
+ session_time = result[:expires_in].to_i
10
+
9
11
  locals = {
10
- session_time: Devise.timeout_in,
11
- check_every: 10,
12
+ session_time: session_time,
13
+ check_every_s: Session::Check.configuration.check_every_s,
12
14
  reset_counter_on_ajax: true,
13
- logged_out_url: '/users/sign_in',
14
- current_user: current_user
15
- }.merge options
15
+ logged_out_url: Session::Check.configuration.logged_out_url,
16
+ session_active: session_active
17
+ }.merge(options)
16
18
 
17
19
  ActionController::Base.render(partial: '/session_check', locals: locals)
18
20
  end
@@ -1,9 +1,9 @@
1
1
  <script<% if local_assigns[:nonce] %> nonce="<%= nonce %>"<% end %>>
2
2
  var SessionCheck = {
3
- should_session_check: <%= !current_user.nil? %>
3
+ should_session_check: <%= session_active %>
4
4
  };
5
5
  (function () {
6
- var check_every_s = <%= check_every %>;
6
+ var check_every_s = <%= check_every_s %>;
7
7
  var session_time_left = <%= session_time %>;
8
8
  var force_sign_in = function () {
9
9
  window.location = '<%= logged_out_url %>';
@@ -21,9 +21,9 @@
21
21
  })
22
22
  .fail(force_sign_in);
23
23
  }
24
- setTimeout(session_check, check_every_s * 5000);
24
+ setTimeout(session_check, check_every_s * 1000);
25
25
  };
26
- setTimeout(session_check, check_every_s * 5000);
26
+ setTimeout(session_check, check_every_s * 1000);
27
27
  <% if reset_counter_on_ajax %>
28
28
  $.ajaxSetup({
29
29
  complete: function (xhr) {
@@ -32,4 +32,4 @@
32
32
  });
33
33
  <% end %>
34
34
  }());
35
- </script>
35
+ </script>
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'devise'
4
+
5
+ module Session
6
+ module Check
7
+ class Configuration
8
+ # Proc used to determine session state. Called with the controller/helper context as its
9
+ # sole argument. Must return a Hash: { exists: Boolean, expires_in: Integer (seconds) }
10
+ #
11
+ # Override to customise session detection for non-Devise sessions.
12
+ attr_accessor :session_active_proc, :logged_out_url, :check_every_s
13
+
14
+ def initialize
15
+ @logged_out_url = '/users/sign_in'
16
+ @check_every_s = 10
17
+ @session_active_proc = ->(controller) {
18
+ user = begin
19
+ controller.current_user
20
+ rescue NoMethodError
21
+ nil
22
+ end
23
+ if user
24
+ expires_in = Session::Check::Devise.expires_in(controller.session)
25
+ { exists: true, expires_in: expires_in }
26
+ else
27
+ { exists: false, expires_in: 0 }
28
+ end
29
+ }
30
+ end
31
+
32
+ def call_session_active_proc(context)
33
+ result = session_active_proc.call(context)
34
+ unless result.is_a?(Hash)
35
+ raise ArgumentError,
36
+ "session_active_proc must return a Hash with :exists and :expires_in keys, got #{result.class}"
37
+ end
38
+ normalized = result.transform_keys(&:to_sym)
39
+ { exists: normalized[:exists], expires_in: normalized[:expires_in] }
40
+ end
41
+ end
42
+ end
43
+ end
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Session
4
+ module Check
5
+ module Devise
6
+ def self.expires_in(session)
7
+ last_request_at = begin
8
+ session['warden.user.user.session']['last_request_at'].to_i
9
+ rescue NoMethodError, TypeError
10
+ Time.now.utc.to_i
11
+ end
12
+ remaining = ::Devise.timeout_in.to_i - (Time.now.utc.to_i - last_request_at)
13
+ [remaining, 0].max
14
+ end
15
+ end
16
+ end
17
+ end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Session
4
4
  module Check
5
- VERSION = '1.1.0'
5
+ VERSION = '2.0.0'
6
6
  end
7
7
  end
data/lib/session/check.rb CHANGED
@@ -1 +1,17 @@
1
- require_relative 'check/engine'
1
+ require_relative 'check/configuration'
2
+ require_relative 'check/devise'
3
+ require_relative 'check/engine'
4
+
5
+ module Session
6
+ module Check
7
+ class << self
8
+ def configure
9
+ yield configuration
10
+ end
11
+
12
+ def configuration
13
+ @configuration ||= Configuration.new
14
+ end
15
+ end
16
+ end
17
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: session-check
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Harry Lascelles
@@ -71,14 +71,14 @@ dependencies:
71
71
  requirements:
72
72
  - - "~>"
73
73
  - !ruby/object:Gem::Version
74
- version: '5.0'
74
+ version: '7.0'
75
75
  type: :development
76
76
  prerelease: false
77
77
  version_requirements: !ruby/object:Gem::Requirement
78
78
  requirements:
79
79
  - - "~>"
80
80
  - !ruby/object:Gem::Version
81
- version: '5.0'
81
+ version: '7.0'
82
82
  - !ruby/object:Gem::Dependency
83
83
  name: rspec
84
84
  requirement: !ruby/object:Gem::Requirement
@@ -134,6 +134,8 @@ files:
134
134
  - config/routes.rb
135
135
  - lib/session-check.rb
136
136
  - lib/session/check.rb
137
+ - lib/session/check/configuration.rb
138
+ - lib/session/check/devise.rb
137
139
  - lib/session/check/engine.rb
138
140
  - lib/session/check/version.rb
139
141
  homepage: https://github.com/bambooengineering/session-check