signinable 2.0.10 → 2.0.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 613fce3b113d51ec3af31824c31ef3c61b90178cc96064974e28bfca260d53a1
-  data.tar.gz: 30b3a5aa8f20d9440c468f861a668a0fb343efa775089dd01c340f6b03fa3e87
+  metadata.gz: e090b91cbbcbbfe860ca07984e3a19a965cc96bf2909f4e469e5d0ed48794dbe
+  data.tar.gz: c84bacb35618b62991ab60c984ec8f8c9786d783c3dd3dc8dc6a9ea76ed4881e
 SHA512:
-  metadata.gz: ceb30fb1d87f2ad6b49d46d0437613d1db335b23d2b2b0387017378e710733cc16db249ac394a835f65c6cc4382669e0e6de56b80a0e8f4824d8ced1cf4d949e
-  data.tar.gz: 56905aa833721288f73fca3603e08083aa4e4c59a988d21c300b7c458f1f3fab610fa4c26542c9e42e1405b390a54b98cee08baad135d03fbcf715f046245f24
+  metadata.gz: 3e96a9511dd6560c05ddfdc03b94d71ea83720e982526412a59a8e4a0461d475a4fb970ceb680636f23f144cb2273a811a0014897bf77597eeff7c7652d7e962
+  data.tar.gz: 2dcc381256505cebdeb990ac0340200c3134c8e1337f1bbe41082e233d35187ecdc4e30aebf71d316ea99da7de861649415514d9043eaf958df59b630c38d439

data/Rakefile

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 begin
   require 'bundler/setup'
 rescue LoadError
   puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
 end
 
-APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
 load 'rails/tasks/engine.rake'
 
 Bundler::GemHelper.install_tasks
@@ -12,7 +14,7 @@ Bundler::GemHelper.install_tasks
 require 'rspec/core'
 require 'rspec/core/rake_task'
 
-desc "Run all specs in spec directory (excluding plugin specs)"
-RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+desc 'Run all specs in spec directory (excluding plugin specs)'
+RSpec::Core::RakeTask.new(spec: 'app:db:test:prepare')
 
-task :default => :spec
+task default: :spec

data/app/models/signin.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'resolv'
 
 class Signin < ActiveRecord::Base
@@ -8,19 +10,36 @@ class Signin < ActiveRecord::Base
             presence: true,
             format: { with: Regexp.union(Resolv::IPv4::Regex, Resolv::IPv6::Regex) }
 
+  scope :active, -> { where('expiration_time IS NULL OR expiration_time > ?', Time.zone.now) }
+
   before_validation on: :create do
-    self.token = SecureRandom.urlsafe_base64(rand(50..100))
+    self.token = generate_token
   end
 
+  serialize :custom_data if ActiveRecord::Base.connection.instance_values['config'][:adapter].match('mysql')
+
   def expire!
-    update_attributes(expiration_time: Time.zone.now)
+    renew!(period: 0, ip: ip, user_agent: user_agent)
   end
 
   def expired?
-    expiration_time && expiration_time <= Time.zone.now
+    expireable? && expiration_time.past?
+  end
+
+  def expireable?
+    !expiration_time.nil?
+  end
+
+  def renew!(period:, ip:, user_agent:, refresh_token: false)
+    update_hash = { ip: ip, user_agent: user_agent }
+    update_hash[:expiration_time] = Time.zone.now + period if expireable?
+    update_hash[:token] = generate_token if refresh_token
+    update!(update_hash)
   end
 
-  if ActiveRecord::Base.connection.instance_values['config'][:adapter].match('mysql')
-    serialize :custom_data
+  private
+
+  def generate_token
+    SecureRandom.urlsafe_base64(rand(50..100))
   end
 end

data/config/routes.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 Rails.application.routes.draw do
 end

data/db/migrate/20140103165607_create_signins.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 migration_kls = Rails::VERSION::MAJOR > 4 ? ActiveRecord::Migration[5.0] : ActiveRecord::Migration
 class CreateSignins < migration_kls
   def self.up
@@ -5,18 +7,18 @@ class CreateSignins < migration_kls
       t.integer   :signinable_id, null: false
       t.string    :signinable_type, null: false
       t.string    :token, null: false
-      t.string    :referer, default: ""
-      t.string    :user_agent, default: ""
+      t.string    :referer, default: ''
+      t.string    :user_agent, default: ''
       t.string    :ip, null: false
       t.datetime  :expiration_time
       t.timestamps
     end
 
-    if ActiveRecord::Base.connection.instance_values["config"][:adapter] == "postgresql"
-      execute "ALTER TABLE signins ALTER COLUMN ip TYPE inet USING ip::inet"
+    if ActiveRecord::Base.connection.instance_values['config'][:adapter] == 'postgresql'
+      execute 'ALTER TABLE signins ALTER COLUMN ip TYPE inet USING ip::inet'
     end
 
-    add_index :signins, [:signinable_id, :signinable_type]
+    add_index :signins, %i[signinable_id signinable_type]
     add_index :signins, :token
   end
 

data/db/migrate/20180530131006_add_custom_data_to_sigins.rb

@@ -1,13 +1,13 @@
+# frozen_string_literal: true
+
 migration_kls = Rails::VERSION::MAJOR > 4 ? ActiveRecord::Migration[5.0] : ActiveRecord::Migration
 
 class AddCustomDataToSigins < migration_kls
   def change
-
-    if ActiveRecord::Base.connection.instance_values["config"][:adapter] == "postgresql"
-      add_column :signins, :custom_data, :jsonb, null:false, default: {}
+    if ActiveRecord::Base.connection.instance_values['config'][:adapter] == 'postgresql'
+      add_column :signins, :custom_data, :jsonb, null: false, default: {}
     else
-      add_column :signins, :custom_data, :string, null:false, default: {}.to_json
+      add_column :signins, :custom_data, :string, null: false, default: {}.to_json
     end
-
   end
 end

data/lib/signinable/engine.rb

@@ -1,18 +1,15 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
 module Signinable
   class Engine < ::Rails::Engine
     initializer :append_migrations do |app|
       unless app.root.to_s.match(root.to_s)
-        config.paths["db/migrate"].expanded.each do |path|
-          app.config.paths["db/migrate"] << path
+        config.paths['db/migrate'].expanded.each do |path|
+          app.config.paths['db/migrate'] << path
         end
       end
     end
-
-    config.generators do |g|
-      g.test_framework      :rspec,        :fixture => false
-      g.fixture_replacement :factory_girl, :dir => 'spec/factories'
-      g.assets false
-      g.helper false
-    end
   end
 end

data/lib/signinable/model_additions.rb

@@ -1,87 +1,153 @@
+# frozen_string_literal: true
+
 module Signinable
   module ModelAdditions
     extend ActiveSupport::Concern
 
     module ClassMethods
+      ALLOWED_RESTRICTIONS = %i[ip user_agent].freeze
+      DEFAULT_REFRESH_EXP = 7200
+      DEFAULT_JWT_EXP = 900
+
+      cattr_reader :refresh_exp
+      cattr_reader :simultaneous_signings
+      cattr_reader :signin_restrictions
+      cattr_reader :jwt_secret
+      cattr_reader :jwt_exp
+
       def signinable(options = {})
-        cattr_accessor :signin_expiration
-        cattr_accessor :signin_simultaneous
-        cattr_accessor :signin_restrictions
-        self.signin_expiration = options.fetch(:expiration, 2.hours)
-        self.signin_simultaneous = options.fetch(:simultaneous, true)
+        self.refresh_exp = options.fetch(:expiration, DEFAULT_REFRESH_EXP)
+        self.simultaneous_signings = options.fetch(:simultaneous, true)
         self.signin_restrictions = options[:restrictions]
+        self.jwt_secret = options.fetch(:jwt_secret)
+        self.jwt_exp = options.fetch(:jwt_exp, DEFAULT_JWT_EXP)
 
         has_many :signins, as: :signinable, dependent: :destroy
+
+        attr_accessor :jwt
       end
 
-      def authenticate_with_token(token, ip, user_agent, skip_restrictions=[])
-        if(signin = Signin.find_by_token(token))
-          if self.signin_expiration.respond_to?(:call)
-            self.signin_expiration = self.signin_expiration.call(signin.signinable)
-          end
+      def authenticate_with_token(jwt, ip, user_agent, skip_restrictions: [])
+        jwt_payload = extract_jwt_payload(jwt)
+        return refresh_jwt(jwt, ip, user_agent, skip_restrictions: skip_restrictions) unless jwt_payload
 
-          if self.signin_expiration > 0
-            return nil if signin.expired?
-          end
+        find_by(primary_key => jwt_payload['signinable_id'])
+      end
 
-          unless self.signin_simultaneous
-            return nil unless signin == signin.signinable.last_signin
-          end
+      def check_signin_permission(signin, restrictions_to_check, skip_restrictions)
+        signin_permitted?(signin, restrictions_to_check, skip_restrictions)
+      end
 
-          return nil unless self.check_signin_permission(signin, ip, user_agent, skip_restrictions)
-          signin.update!(expiration_time: (Time.zone.now + self.signin_expiration)) unless signin.expiration_time.nil? || self.signin_expiration == 0
-          signin.signinable
-        end
+      def expiration_period
+        return refresh_exp.call if refresh_exp.respond_to?(:call)
+
+        refresh_exp
+      end
+
+      def generate_jwt(refresh_token, signinable_id)
+        JWT.encode(
+          {
+            refresh_token: refresh_token,
+            signinable_id: signinable_id,
+            exp: Time.zone.now.to_i + jwt_exp
+          },
+          jwt_secret,
+          'HS256'
+        )
       end
 
-      def check_signin_permission(signin, ip, user_agent, skip_restrictions)
-        signin_permitted?(signin, ip, user_agent, skip_restrictions)
+      def refresh_jwt(jwt, ip, user_agent, skip_restrictions: [])
+        token = refresh_token_from_jwt(jwt)
+        return nil unless token
+
+        signin = Signin.find_by(token: token)
+
+        return unless signin
+        return nil if signin.expired?
+        return nil unless check_signin_permission(signin, { ip: ip, user_agent: user_agent }, skip_restrictions)
+
+        signin.renew!(period: expiration_period, ip: ip, user_agent: user_agent, refresh_token: true)
+        signin.signinable.jwt = generate_jwt(signin.token, signin.signinable_id)
+        signin.signinable
       end
 
       private
-      def signin_permitted?(signin, ip, user_agent, skip_restrictions)
-        restriction_fields = case
-        when self.signin_restrictions.respond_to?(:call)
-          self.signin_restrictions.call(signin.signinable)
-        when self.signin_restrictions.is_a?(Array)
-          self.signin_restrictions
-        else
-          []
-        end
 
-        (restriction_fields - skip_restrictions).each do |field|
-          if(local_variables.include?(field.to_sym) && signin.respond_to?("#{field}"))
-            return false unless signin.send("#{field}") == eval("#{field}")
-          end
+      cattr_writer :refresh_exp
+      cattr_writer :simultaneous_signings
+      cattr_writer :signin_restrictions
+      cattr_writer :jwt_secret
+      cattr_writer :jwt_exp
+
+      def extract_jwt_payload(jwt)
+        JWT.decode(jwt, jwt_secret, true, { algorithm: 'HS256' })[0]
+      rescue JWT::DecodeError
+        nil
+      end
+
+      def refresh_token_from_jwt(jwt)
+        JWT.decode(jwt, jwt_secret, true, { verify_expiration: false, algorithm: 'HS256' })[0]['refresh_token']
+      rescue JWT::DecodeError
+        nil
+      end
+
+      def signin_permitted?(signin, restrictions_to_check, skip_restrictions)
+        restriction_fields = signin_restriction_fields(signin, skip_restrictions)
+
+        restrictions_to_check.slice(*restriction_fields).each do |field, value|
+          return false unless signin.send(field) == value
         end
 
-        return true
+        true
       end
-    end
 
-    def signin(ip, user_agent, referer, permanent = false, custom_data = {})
-      if self.class.signin_expiration.respond_to?(:call)
-        self.class.signin_expiration = self.class.signin_expiration.call(self)
+      def signin_restriction_fields(signin, skip_restrictions)
+        fields = if signin_restrictions.respond_to?(:call)
+                   signin_restrictions.call(signin.signinable)
+                 elsif signin_restrictions.is_a?(Array)
+                   signin_restrictions
+                 else
+                   []
+                 end
+        (fields - skip_restrictions) & ALLOWED_RESTRICTIONS
       end
-      expiration_time = (self.class.signin_expiration == 0 || permanent) ? nil : (Time.zone.now + self.class.signin_expiration)
-      Signin.create!(custom_data: custom_data, signinable: self, ip: ip, referer: referer, user_agent: user_agent, expiration_time: expiration_time).token
     end
 
-    def signout(token, ip, user_agent, skip_restrictions=[])
-      if(signin = Signin.find_by_token(token))
-        return nil unless self.class.check_signin_permission(signin, ip, user_agent, skip_restrictions)
-        signin.expire!
+    def signin(ip, user_agent, referer, permanent: false, custom_data: {})
+      expires_in = self.class.expiration_period
+      expiration_time = expires_in.zero? || permanent ? nil : expires_in.seconds.from_now
+      Signin.where(signinable: self).active.map(&:expire!) unless self.class.simultaneous_signings
+      signin = Signin.create!(
+        signinable: self,
+        ip: ip,
+        referer: referer,
+        user_agent: user_agent,
+        expiration_time: expiration_time,
+        custom_data: custom_data
+      )
+
+      self.jwt = self.class.generate_jwt(signin.token, signin.signinable_id)
+    end
+
+    def signout(token, ip, user_agent, skip_restrictions: [])
+      signin = Signin.find_by_token(token)
 
-        return true
-      end
+      return unless signin
+      return unless self.class.check_signin_permission(
+        signin,
+        { ip: ip, user_agent: user_agent },
+        skip_restrictions
+      )
+
+      signin.expire!
 
-      return nil
+      true
     end
 
     def last_signin
-      signins.last unless signins.empty?
+      signins.active.last
     end
   end
 end
 
-ActiveRecord::Base.send(:include, Signinable::ModelAdditions)
+ActiveRecord::Base.include Signinable::ModelAdditions

data/lib/signinable/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Signinable
-  VERSION = "2.0.10"
+  VERSION = '2.0.13'
 end

data/lib/signinable.rb

@@ -1,3 +1,5 @@
-require "signinable/engine"
+# frozen_string_literal: true
+
+require 'signinable/engine'
 require 'signinable/version'
 require 'signinable/model_additions'

data/spec/dummy/Rakefile

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('../config/application', __FILE__)
+require File.expand_path('config/application', __dir__)
 
 Dummy::Application.load_tasks

data/spec/dummy/app/models/user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class User < ActiveRecord::Base
-  signinable
+  signinable jwt_secret: 'test', jwt_exp: 100
 end

data/spec/dummy/bin/bundle

@@ -1,3 +1,5 @@
 #!/usr/bin/env ruby
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+# frozen_string_literal: true
+
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
 load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
-APP_PATH = File.expand_path('../../config/application',  __FILE__)
+# frozen_string_literal: true
+
+APP_PATH = File.expand_path('../config/application', __dir__)
 require_relative '../config/boot'
 require 'rails/commands'

data/spec/dummy/bin/rake

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 require_relative '../config/boot'
 require 'rake'
 Rake.application.run

data/spec/dummy/config/application.rb

@@ -1,28 +1,13 @@
-require File.expand_path('../boot', __FILE__)
+# frozen_string_literal: true
 
-# Pick the frameworks you want:
-require "active_record/railtie"
-require "action_controller/railtie"
-require "action_mailer/railtie"
-require "sprockets/railtie"
-# require "rails/test_unit/railtie"
+require File.expand_path('boot', __dir__)
+
+require 'active_record/railtie'
 
 Bundler.require(*Rails.groups)
-require "signinable"
+require 'signinable'
 
 module Dummy
   class Application < Rails::Application
-    # Settings in config/environments/* take precedence over those specified here.
-    # Application configuration should go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded.
-
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    # config.time_zone = 'Central Time (US & Canada)'
-
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :de
   end
 end
-

data/spec/dummy/config/boot.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
 
-require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
-$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)

data/spec/dummy/config/environment.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Load the Rails application.
-require File.expand_path('../application', __FILE__)
+require File.expand_path('application', __dir__)
 
 # Initialize the Rails application.
 Dummy::Application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
@@ -14,7 +16,7 @@ Dummy::Application.configure do
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  # config.action_mailer.raise_delivery_errors = false
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
@@ -25,5 +27,5 @@ Dummy::Application.configure do
   # Debug mode disables concatenation and preprocessing of assets.
   # This option may cause significant delays in view rendering with a large
   # number of complex assets.
-  config.assets.debug = true
+  # config.assets.debug = true
 end

data/spec/dummy/config/environments/production.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 

data/spec/dummy/config/environments/test.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
@@ -14,7 +16,7 @@ Dummy::Application.configure do
 
   # Configure static asset server for tests with Cache-Control for performance.
   config.serve_static_assets  = true
-  config.static_cache_control = "public, max-age=3600"
+  config.static_cache_control = 'public, max-age=3600'
 
   # Show full error reports and disable caching.
   config.consider_all_requests_local       = true
@@ -29,7 +31,7 @@ Dummy::Application.configure do
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
-  config.action_mailer.delivery_method = :test
+  # config.action_mailer.delivery_method = :test
 
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
 
 # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.

data/spec/dummy/config/initializers/filter_parameter_logging.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.

data/spec/dummy/config/initializers/inflections.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
 
 # Add new inflection rules using the following format. Inflections

data/spec/dummy/config/initializers/mime_types.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
 
 # Add new mime types for use in respond_to blocks:

data/spec/dummy/config/initializers/secret_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Your secret key is used for verifying the integrity of signed cookies.

data/spec/dummy/config/initializers/session_store.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # This file contains settings for ActionController::ParamsWrapper which

data/spec/dummy/config/routes.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Dummy::Application.routes.draw do
   # The priority is based upon order of creation: first created -> highest priority.
   # See how all your routes lay out with "rake routes".

data/spec/dummy/config.ru

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 # This file is used by Rack-based servers to start the application.
 
-require ::File.expand_path('../config/environment',  __FILE__)
+require ::File.expand_path('config/environment', __dir__)
 run Rails.application

data/spec/dummy/db/migrate/20140103165606_create_users.rb

@@ -1,4 +1,6 @@
-class CreateUsers < ActiveRecord::Migration
+# frozen_string_literal: true
+
+class CreateUsers < ActiveRecord::Migration[5.0]
   def self.up
     create_table :users do |t|
       t.string :name