Class: Authie::Session
- Inherits:
-
Object
- Object
- Authie::Session
- Defined in:
- lib/authie/session.rb
Defined Under Namespace
Classes: BrowserMismatch, ExpiredSession, HostMismatch, InactiveSession, ValidityError
Instance Attribute Summary collapse
-
#session ⇒ Authie::SessionModel
readonly
The underlying session model instance.
Class Method Summary collapse
-
.get_session(controller) ⇒ Authie::Session
Lookup a session for a given controller and return the session object.
-
.start(controller, user:, persistent: false, see_password: false, **params) ⇒ Authie::Session
Create a new session within the given controller for the.
Instance Method Summary collapse
-
#initialize(controller, session) ⇒ Authie::Session
constructor
Initialize a new session object.
-
#invalidate ⇒ Authie::Session
(also: #invalidate!)
Invalidates the current session by marking it inactive and removing the current cookie.
-
#mark_as_two_factored(skip: nil) ⇒ Authie::Session
(also: #mark_as_two_factored!)
Mark this request as two factored by setting the time and the current IP address.
-
#persist ⇒ Authie::Session
(also: #persist!)
Mark the current session as persistent.
-
#reset_token ⇒ Authie::Session
Resets the token for the currently active session to a new string.
-
#see_password ⇒ Authie::Session
(also: #see_password!)
Mark the session’s password as seen at the current time.
-
#start ⇒ Authie::Session
Starts a new session by setting the cookie.
-
#touch ⇒ Authie::Session
(also: #touch!)
Touches the current session to ensure it is currently valid and to update attributes which should be updatd on each request.
-
#validate ⇒ Authie::Session
(also: #check_security!)
Validate that the session is valid and raise and error if not.
Constructor Details
#initialize(controller, session) ⇒ Authie::Session
Initialize a new session object
43 44 45 46 |
# File 'lib/authie/session.rb', line 43 def initialize(controller, session) @controller = controller @session = session end |
Instance Attribute Details
#session ⇒ Authie::SessionModel (readonly)
The underlying session model instance
13 14 15 |
# File 'lib/authie/session.rb', line 13 def session @session end |
Class Method Details
.get_session(controller) ⇒ Authie::Session
Lookup a session for a given controller and return the session object.
267 268 269 270 271 272 273 274 275 276 |
# File 'lib/authie/session.rb', line 267 def get_session(controller) = controller.send(:cookies) return nil if [:user_session].blank? session = SessionModel.find_session_by_token([:user_session]) return nil if session.blank? session.temporary_token = [:user_session] new(controller, session) end |
.start(controller, user:, persistent: false, see_password: false, **params) ⇒ Authie::Session
Create a new session within the given controller for the
243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 |
# File 'lib/authie/session.rb', line 243 def start(controller, user:, persistent: false, see_password: false, **params) = controller.send(:cookies) SessionModel.active.where(browser_id: [:browser_id]).each(&:invalidate!) session = SessionModel.new(params) session.user = user session.browser_id = [:browser_id] session.login_at = Time.now session.login_ip = controller.request.ip session.login_ip_country = Authie.config.lookup_ip_country(session.login_ip) session.host = controller.request.host session.user_agent = controller.request.user_agent session.expires_at = Time.now + Authie.config.persistent_session_length if persistent session.password_seen_at = Time.now if see_password session.save! new(controller, session).start end |
Instance Method Details
#invalidate ⇒ Authie::Session Also known as: invalidate!
Invalidates the current session by marking it inactive and removing the current cookie.
80 81 82 83 84 |
# File 'lib/authie/session.rb', line 80 def invalidate @session.invalidate! .delete(:user_session) self end |
#mark_as_two_factored(skip: nil) ⇒ Authie::Session Also known as: mark_as_two_factored!
Mark this request as two factored by setting the time and the current IP address.
128 129 130 131 132 133 134 135 136 |
# File 'lib/authie/session.rb', line 128 def mark_as_two_factored(skip: nil) @session.two_factored_at = Time.now @session.two_factored_ip = @controller.request.ip @session.two_factored_ip_country = Authie.config.lookup_ip_country(@controller.request.ip) @session.skip_two_factor = skip unless skip.nil? @session.save! Authie.notify(:mark_as_two_factor, session: self) self end |
#persist ⇒ Authie::Session Also known as: persist!
Mark the current session as persistent. Will set the expiry time of the underlying session and update the cookie.
69 70 71 72 73 74 |
# File 'lib/authie/session.rb', line 69 def persist @session.expires_at = Authie.config.persistent_session_length.from_now @session.save! self end |
#reset_token ⇒ Authie::Session
Resets the token for the currently active session to a new string
152 153 154 155 156 |
# File 'lib/authie/session.rb', line 152 def reset_token @session.reset_token self end |
#see_password ⇒ Authie::Session Also known as: see_password!
Mark the session’s password as seen at the current time
116 117 118 119 120 121 |
# File 'lib/authie/session.rb', line 116 def see_password @session.password_seen_at = Time.now @session.save! Authie.notify(:see_password, session: self) self end |
#start ⇒ Authie::Session
Starts a new session by setting the cookie. This should be invoked whenever a new session begins. It usually does not need to be called directly as it will be taken care of by the class-level start method.
143 144 145 146 147 |
# File 'lib/authie/session.rb', line 143 def start Authie.notify(:session_start, session: self) self end |
#touch ⇒ Authie::Session Also known as: touch!
Touches the current session to ensure it is currently valid and to update attributes which should be updatd on each request. This will raise the same errors as the #validate method. It will set the last activity time, IP and path as well as incrementing the request counter.
97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/authie/session.rb', line 97 def touch @session.last_activity_at = Time.now if @controller.request.ip != @session.last_activity_ip @session.last_activity_ip_country = Authie.config.lookup_ip_country(@controller.request.ip) end @session.last_activity_ip = @controller.request.ip @session.last_activity_path = @controller.request.path @session.requests += 1 extend_session_expiry_if_appropriate @session.save! Authie.notify(:touch, session: self) self end |
#validate ⇒ Authie::Session Also known as: check_security!
Validate that the session is valid and raise and error if not
55 56 57 58 59 60 61 62 |
# File 'lib/authie/session.rb', line 55 def validate validate_browser_id validate_active validate_expiry validate_inactivity validate_host self end |