session-check 1.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +44 -0
- data/app/controllers/session/check/session_checks_controller.rb +2 -25
- data/app/helpers/session/check/session_check_helper.rb +9 -7
- data/app/views/_session_check.html.erb +5 -5
- data/lib/session/check/configuration.rb +43 -0
- data/lib/session/check/devise.rb +17 -0
- data/lib/session/check/version.rb +1 -1
- data/lib/session/check.rb +17 -1
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 01760d88d12d072557a3850b09592a39c0d402d18cdd5b4d48193d3c3780a15c
|
|
4
|
+
data.tar.gz: 1809267c20cc72d9927cacf7521f1dd025d7b7861e0e10f68fc8579191cce167
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e39eb03da722898d4a7d6e8c1618aceadbb643e53a84e549f23651919d5ddc30aab9cf7f3ba84cc8f2ded1950e963c8bf46245b64e0312d4883a8993f478ae83
|
|
7
|
+
data.tar.gz: 70559131eee0435399dfc94002a6456924bcdb08a8401ed12037ce4098e247f25422457eb72099760697ccecb7f481d4da8866034d41eaad86b39a93d31446ee
|
data/README.md
CHANGED
|
@@ -29,7 +29,51 @@ their browser, you can start the ping process by calling:
|
|
|
29
29
|
|
|
30
30
|
SessionCheck.should_session_check = true;
|
|
31
31
|
|
|
32
|
+
# Configuration
|
|
33
|
+
|
|
34
|
+
`logged_out_url` — the URL users are redirected to when their session expires. Defaults to `/users/sign_in`.
|
|
35
|
+
|
|
36
|
+
Session::Check.configure do |config|
|
|
37
|
+
config.logged_out_url = '/login'
|
|
38
|
+
config.check_every_s = 30
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
These can also be overridden per-call:
|
|
42
|
+
|
|
43
|
+
<%= session_check logged_out_url: '/login', check_every_s: 30 %>
|
|
44
|
+
|
|
45
|
+
# Custom session detection
|
|
46
|
+
|
|
47
|
+
If your application uses a non-Devise session mechanism (e.g. token-based principals stored in the session hash),
|
|
48
|
+
you can override how the gem detects an active session by configuring a `session_active_proc`.
|
|
49
|
+
|
|
50
|
+
The proc receives the current context (controller in the ping endpoint, view/helper context in the `session_check` helper) and must return a Hash with two keys:
|
|
51
|
+
- `exists` — Boolean, whether an active session is present
|
|
52
|
+
- `expires_in` — Integer (seconds), how long until the session expires
|
|
53
|
+
|
|
54
|
+
Session::Check.configure do |config|
|
|
55
|
+
config.session_active_proc = ->(controller) {
|
|
56
|
+
if controller.current_user
|
|
57
|
+
# Devise-backed session
|
|
58
|
+
expires_in = Session::Check::Devise.expires_in(controller.session)
|
|
59
|
+
{ exists: true, expires_in: expires_in }
|
|
60
|
+
elsif controller.session[:my_custom_principal]
|
|
61
|
+
{ exists: true, expires_in: 3600 }
|
|
62
|
+
else
|
|
63
|
+
{ exists: false, expires_in: 0 }
|
|
64
|
+
end
|
|
65
|
+
}
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
When `session_active_proc` is configured it replaces the default `current_user` check in both the
|
|
69
|
+
server-side ping endpoint and the initial JS `should_session_check` value. All other behaviour
|
|
70
|
+
(check interval, AJAX counter reset, redirect URL) remains unchanged and configurable via the
|
|
71
|
+
`session_check` helper options.
|
|
72
|
+
|
|
73
|
+
If `session_active_proc` is not set the gem uses the default Devise behaviour, computing remaining session time from the Warden last-request timestamp.
|
|
74
|
+
|
|
32
75
|
# Changelog
|
|
33
76
|
|
|
77
|
+
Version 2.0.0 : **Breaking change** — default Devise behaviour now correctly computes remaining session time from the Warden last-request timestamp rather than always returning the full timeout. `current_user` is no longer exposed to the session check partial. Added `session_active_proc` configuration option for non-Devise session support. Fixed setTimeout multiplier (5000 → 1000) so session checks fire at the correct interval. Bump your dependency to `>= 2.0.0`.
|
|
34
78
|
Version 1.1.0 : Added optional nonce
|
|
35
79
|
Version 0.2.1 : Added explicit reference to Devise (which is required)
|
|
@@ -7,38 +7,15 @@ module Session
|
|
|
7
7
|
|
|
8
8
|
prepend_before_action :dont_update_request_time
|
|
9
9
|
|
|
10
|
-
# Find it there is a session, and if it has any warden information. If so, the user is logged in.
|
|
11
10
|
def time_to_session_expiry
|
|
12
|
-
|
|
13
|
-
session_expires_in
|
|
14
|
-
if current_user
|
|
15
|
-
session_exists = true
|
|
16
|
-
# This calculates how many seconds there are until they are logged out
|
|
17
|
-
session_expires_in = calculate_session_expires_in
|
|
18
|
-
end
|
|
19
|
-
render json: { session_exists: session_exists, session_expires_in: session_expires_in }
|
|
11
|
+
result = Session::Check.configuration.call_session_active_proc(self)
|
|
12
|
+
render json: { session_exists: !!result[:exists], session_expires_in: result[:expires_in].to_i }
|
|
20
13
|
end
|
|
21
14
|
|
|
22
15
|
# This ensures this request ping doesn't update their last access time.
|
|
23
16
|
private def dont_update_request_time
|
|
24
17
|
request.env['devise.skip_trackable'] = true
|
|
25
18
|
end
|
|
26
|
-
|
|
27
|
-
private def calculate_session_expires_in
|
|
28
|
-
User.timeout_in -
|
|
29
|
-
Time.now.utc.to_i.seconds +
|
|
30
|
-
SessionChecksController.time_of_last_warden_request(session).to_i.seconds
|
|
31
|
-
rescue => _e
|
|
32
|
-
1000000.seconds
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
class << self
|
|
36
|
-
def time_of_last_warden_request(session)
|
|
37
|
-
session['warden.user.user.session']['last_request_at']
|
|
38
|
-
rescue => _e
|
|
39
|
-
Time.zone.now
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
19
|
end
|
|
43
20
|
end
|
|
44
21
|
end
|
|
@@ -1,18 +1,20 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'devise'
|
|
4
|
-
|
|
5
3
|
module Session
|
|
6
4
|
module Check
|
|
7
5
|
module SessionCheckHelper
|
|
8
6
|
def session_check(options = {})
|
|
7
|
+
result = Session::Check.configuration.call_session_active_proc(self)
|
|
8
|
+
session_active = !!result[:exists]
|
|
9
|
+
session_time = result[:expires_in].to_i
|
|
10
|
+
|
|
9
11
|
locals = {
|
|
10
|
-
session_time:
|
|
11
|
-
|
|
12
|
+
session_time: session_time,
|
|
13
|
+
check_every_s: Session::Check.configuration.check_every_s,
|
|
12
14
|
reset_counter_on_ajax: true,
|
|
13
|
-
logged_out_url:
|
|
14
|
-
|
|
15
|
-
}.merge
|
|
15
|
+
logged_out_url: Session::Check.configuration.logged_out_url,
|
|
16
|
+
session_active: session_active
|
|
17
|
+
}.merge(options)
|
|
16
18
|
|
|
17
19
|
ActionController::Base.render(partial: '/session_check', locals: locals)
|
|
18
20
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
<script<% if local_assigns[:nonce] %> nonce="<%= nonce %>"<% end %>>
|
|
2
2
|
var SessionCheck = {
|
|
3
|
-
should_session_check: <%=
|
|
3
|
+
should_session_check: <%= session_active %>
|
|
4
4
|
};
|
|
5
5
|
(function () {
|
|
6
|
-
var check_every_s = <%=
|
|
6
|
+
var check_every_s = <%= check_every_s %>;
|
|
7
7
|
var session_time_left = <%= session_time %>;
|
|
8
8
|
var force_sign_in = function () {
|
|
9
9
|
window.location = '<%= logged_out_url %>';
|
|
@@ -21,9 +21,9 @@
|
|
|
21
21
|
})
|
|
22
22
|
.fail(force_sign_in);
|
|
23
23
|
}
|
|
24
|
-
setTimeout(session_check, check_every_s *
|
|
24
|
+
setTimeout(session_check, check_every_s * 1000);
|
|
25
25
|
};
|
|
26
|
-
setTimeout(session_check, check_every_s *
|
|
26
|
+
setTimeout(session_check, check_every_s * 1000);
|
|
27
27
|
<% if reset_counter_on_ajax %>
|
|
28
28
|
$.ajaxSetup({
|
|
29
29
|
complete: function (xhr) {
|
|
@@ -32,4 +32,4 @@
|
|
|
32
32
|
});
|
|
33
33
|
<% end %>
|
|
34
34
|
}());
|
|
35
|
-
</script>
|
|
35
|
+
</script>
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'devise'
|
|
4
|
+
|
|
5
|
+
module Session
|
|
6
|
+
module Check
|
|
7
|
+
class Configuration
|
|
8
|
+
# Proc used to determine session state. Called with the controller/helper context as its
|
|
9
|
+
# sole argument. Must return a Hash: { exists: Boolean, expires_in: Integer (seconds) }
|
|
10
|
+
#
|
|
11
|
+
# Override to customise session detection for non-Devise sessions.
|
|
12
|
+
attr_accessor :session_active_proc, :logged_out_url, :check_every_s
|
|
13
|
+
|
|
14
|
+
def initialize
|
|
15
|
+
@logged_out_url = '/users/sign_in'
|
|
16
|
+
@check_every_s = 10
|
|
17
|
+
@session_active_proc = ->(controller) {
|
|
18
|
+
user = begin
|
|
19
|
+
controller.current_user
|
|
20
|
+
rescue NoMethodError
|
|
21
|
+
nil
|
|
22
|
+
end
|
|
23
|
+
if user
|
|
24
|
+
expires_in = Session::Check::Devise.expires_in(controller.session)
|
|
25
|
+
{ exists: true, expires_in: expires_in }
|
|
26
|
+
else
|
|
27
|
+
{ exists: false, expires_in: 0 }
|
|
28
|
+
end
|
|
29
|
+
}
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def call_session_active_proc(context)
|
|
33
|
+
result = session_active_proc.call(context)
|
|
34
|
+
unless result.is_a?(Hash)
|
|
35
|
+
raise ArgumentError,
|
|
36
|
+
"session_active_proc must return a Hash with :exists and :expires_in keys, got #{result.class}"
|
|
37
|
+
end
|
|
38
|
+
normalized = result.transform_keys(&:to_sym)
|
|
39
|
+
{ exists: normalized[:exists], expires_in: normalized[:expires_in] }
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Session
|
|
4
|
+
module Check
|
|
5
|
+
module Devise
|
|
6
|
+
def self.expires_in(session)
|
|
7
|
+
last_request_at = begin
|
|
8
|
+
session['warden.user.user.session']['last_request_at'].to_i
|
|
9
|
+
rescue NoMethodError, TypeError
|
|
10
|
+
Time.now.utc.to_i
|
|
11
|
+
end
|
|
12
|
+
remaining = ::Devise.timeout_in.to_i - (Time.now.utc.to_i - last_request_at)
|
|
13
|
+
[remaining, 0].max
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
data/lib/session/check.rb
CHANGED
|
@@ -1 +1,17 @@
|
|
|
1
|
-
require_relative 'check/
|
|
1
|
+
require_relative 'check/configuration'
|
|
2
|
+
require_relative 'check/devise'
|
|
3
|
+
require_relative 'check/engine'
|
|
4
|
+
|
|
5
|
+
module Session
|
|
6
|
+
module Check
|
|
7
|
+
class << self
|
|
8
|
+
def configure
|
|
9
|
+
yield configuration
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def configuration
|
|
13
|
+
@configuration ||= Configuration.new
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: session-check
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Harry Lascelles
|
|
@@ -71,14 +71,14 @@ dependencies:
|
|
|
71
71
|
requirements:
|
|
72
72
|
- - "~>"
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: '
|
|
74
|
+
version: '7.0'
|
|
75
75
|
type: :development
|
|
76
76
|
prerelease: false
|
|
77
77
|
version_requirements: !ruby/object:Gem::Requirement
|
|
78
78
|
requirements:
|
|
79
79
|
- - "~>"
|
|
80
80
|
- !ruby/object:Gem::Version
|
|
81
|
-
version: '
|
|
81
|
+
version: '7.0'
|
|
82
82
|
- !ruby/object:Gem::Dependency
|
|
83
83
|
name: rspec
|
|
84
84
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -134,6 +134,8 @@ files:
|
|
|
134
134
|
- config/routes.rb
|
|
135
135
|
- lib/session-check.rb
|
|
136
136
|
- lib/session/check.rb
|
|
137
|
+
- lib/session/check/configuration.rb
|
|
138
|
+
- lib/session/check/devise.rb
|
|
137
139
|
- lib/session/check/engine.rb
|
|
138
140
|
- lib/session/check/version.rb
|
|
139
141
|
homepage: https://github.com/bambooengineering/session-check
|