Class: Authie::Session

Inherits:

Object

• Object
• Authie::Session

Defined in:

lib/authie/session.rb

Defined Under Namespace

Classes: BrowserMismatch, ExpiredSession, HostMismatch, InactiveSession, ValidityError

Instance Attribute Summary

• #session ⇒ Authie::SessionModel readonly

  The underlying session model instance.

Class Method Summary

• .get_session(controller) ⇒ Authie::Session

  Lookup a session for a given controller and return the session object.

• .start(controller, user:, persistent: false, see_password: false, **params) ⇒ Authie::Session

  Create a new session within the given controller for the.

Instance Method Summary

• #initialize(controller, session) ⇒ Authie::Session constructor

  Initialize a new session object.

• #invalidate ⇒ Authie::Session (also: #invalidate!)

  Invalidates the current session by marking it inactive and removing the current cookie.

• #mark_as_two_factored(skip: nil) ⇒ Authie::Session (also: #mark_as_two_factored!)

  Mark this request as two factored by setting the time and the current IP address.

• #persist ⇒ Authie::Session (also: #persist!)

  Mark the current session as persistent.

• #reset_token ⇒ Authie::Session

  Resets the token for the currently active session to a new string.

• #see_password ⇒ Authie::Session (also: #see_password!)

  Mark the session’s password as seen at the current time.

• #start ⇒ Authie::Session

  Starts a new session by setting the cookie.

• #touch ⇒ Authie::Session (also: #touch!)

  Touches the current session to ensure it is currently valid and to update attributes which should be updatd on each request.

• #validate ⇒ Authie::Session (also: #check_security!)

  Validate that the session is valid and raise and error if not.

Constructor Details

#initialize(controller, session) ⇒ Authie::Session

Initialize a new session object

Parameters:

• controller (ActionController::Base) —

  any controller

• session (Authie::SessionModel) —

  an Authie session model instance

# File 'lib/authie/session.rb', line 43

def initialize(controller, session)
  @controller = controller
  @session = session
end

Instance Attribute Details

#session ⇒ Authie::SessionModel (readonly)

The underlying session model instance

Returns:

• (Authie::SessionModel)

# File 'lib/authie/session.rb', line 13

def session
  @session
end

Class Method Details

.get_session(controller) ⇒ Authie::Session

Lookup a session for a given controller and return the session object.

Parameters:

• controller (ActionController::Base)

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 267

def get_session(controller)
  cookies = controller.send(:cookies)
  return nil if cookies[:user_session].blank?

  session = SessionModel.find_session_by_token(cookies[:user_session])
  return nil if session.blank?

  session.temporary_token = cookies[:user_session]
  new(controller, session)
end

.start(controller, user:, persistent: false, see_password: false, **params) ⇒ Authie::Session

Create a new session within the given controller for the

Parameters:

• controller (ActionController::Base)
• user (ActiveRecord::Base) —

  user

• persistent (Boolean) (defaults to: false) —

  create a persistent session

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 243

def start(controller, user:, persistent: false, see_password: false, **params)
  cookies = controller.send(:cookies)
  SessionModel.active.where(browser_id: cookies[:browser_id]).each(&:invalidate!)

  session = SessionModel.new(params)
  session.user = user
  session.browser_id = cookies[:browser_id]
  session.login_at = Time.now
  session.login_ip = controller.request.ip
  session.login_ip_country = Authie.config.lookup_ip_country(session.login_ip)
  session.host = controller.request.host
  session.user_agent = controller.request.user_agent
  session.expires_at = Time.now + Authie.config.persistent_session_length if persistent
  session.password_seen_at = Time.now if see_password
  session.save!

  new(controller, session).start
end

Instance Method Details

#invalidate ⇒ Authie::Session Also known as: invalidate!

Invalidates the current session by marking it inactive and removing the current cookie.

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 80

def invalidate
  @session.invalidate!
  cookies.delete(:user_session)
  self
end

#mark_as_two_factored(skip: nil) ⇒ Authie::Session Also known as: mark_as_two_factored!

Mark this request as two factored by setting the time and the current IP address.

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 128

def mark_as_two_factored(skip: nil)
  @session.two_factored_at = Time.now
  @session.two_factored_ip = @controller.request.ip
  @session.two_factored_ip_country = Authie.config.lookup_ip_country(@controller.request.ip)
  @session.skip_two_factor = skip unless skip.nil?
  @session.save!
  Authie.notify(:mark_as_two_factor, session: self)
  self
end

#persist ⇒ Authie::Session Also known as: persist!

Mark the current session as persistent. Will set the expiry time of the underlying session and update the cookie.

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 69

def persist
  @session.expires_at = Authie.config.persistent_session_length.from_now
  @session.save!
  set_cookie
  self
end

#reset_token ⇒ Authie::Session

Resets the token for the currently active session to a new string

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 152

def reset_token
  @session.reset_token
  set_cookie
  self
end

#see_password ⇒ Authie::Session Also known as: see_password!

Mark the session’s password as seen at the current time

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 116

def see_password
  @session.password_seen_at = Time.now
  @session.save!
  Authie.notify(:see_password, session: self)
  self
end

#start ⇒ Authie::Session

Starts a new session by setting the cookie. This should be invoked whenever a new session begins. It usually does not need to be called directly as it will be taken care of by the class-level start method.

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 143

def start
  set_cookie
  Authie.notify(:session_start, session: self)
  self
end

#touch ⇒ Authie::Session Also known as: touch!

Touches the current session to ensure it is currently valid and to update attributes which should be updatd on each request. This will raise the same errors as the #validate method. It will set the last activity time, IP and path as well as incrementing the request counter.

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 97

def touch
  @session.last_activity_at = Time.now
  if @controller.request.ip != @session.last_activity_ip
    @session.last_activity_ip_country = Authie.config.lookup_ip_country(@controller.request.ip)
  end
  @session.last_activity_ip = @controller.request.ip

  @session.last_activity_path = @controller.request.path
  @session.requests += 1
  extend_session_expiry_if_appropriate
  @session.save!
  Authie.notify(:touch, session: self)
  self
end

#validate ⇒ Authie::Session Also known as: check_security!

Validate that the session is valid and raise and error if not

Returns:

• (Authie::Session)

# File 'lib/authie/session.rb', line 55

def validate
  validate_browser_id
  validate_active
  validate_expiry
  validate_inactivity
  validate_host
  self
end