Class: Authie::SessionModel

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Authie::SessionModel

Defined in:

lib/authie/session_model.rb

Instance Attribute Summary

• #temporary_token ⇒ Object

  Returns the value of attribute temporary_token.

Class Method Summary

• .cleanup ⇒ Object

  Cleanup any old sessions.

• .find_session_by_token(token) ⇒ Object

  Find a session by a token (either from a hash or from the raw token).

• .hash_token(token) ⇒ Object

  Return a hash of a given token.

Instance Method Summary

• #activate! ⇒ Object
• #expired? ⇒ Boolean
• #first_session_for_browser? ⇒ Boolean

  Is this the first session for this session’s browser?.

• #first_session_for_ip? ⇒ Boolean

  Is this the first session for the IP?.

• #get(key) ⇒ Object
• #inactive? ⇒ Boolean
• #invalidate! ⇒ Object
• #invalidate_others! ⇒ Object
• #persistent? ⇒ Boolean
• #recently_seen_password? ⇒ Boolean

  Have we seen the user’s password recently in this sesion?.

• #reset_token ⇒ String

  Reset a new token for the session and return the new token.

• #set(key, value) ⇒ Object
• #two_factored? ⇒ Boolean

  Is two factor authentication required for this request?.

• #user ⇒ Object

  Return the user that.

• #user=(user) ⇒ Object

  Set the user.

Instance Attribute Details

#temporary_token ⇒ Object

Returns the value of attribute temporary_token.

# File 'lib/authie/session_model.rb', line 9

def temporary_token
  @temporary_token
end

Class Method Details

.cleanup ⇒ Object

Cleanup any old sessions.

# File 'lib/authie/session_model.rb', line 140

def cleanup
  Authie.notify(:cleanup) do
    # Invalidate transient sessions that haven't been used
    active.where('expires_at IS NULL AND last_activity_at < ?',
                 Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
    # Invalidate persistent sessions that have expired
    active.where('expires_at IS NOT NULL AND expires_at < ?', Time.now).each(&:invalidate!)
  end
  true
end

.find_session_by_token(token) ⇒ Object

Find a session by a token (either from a hash or from the raw token)

# File 'lib/authie/session_model.rb', line 133

def find_session_by_token(token)
  return nil if token.blank?

  active.where(token_hash: hash_token(token)).first
end

.hash_token(token) ⇒ Object

Return a hash of a given token

# File 'lib/authie/session_model.rb', line 152

def hash_token(token)
  Digest::SHA256.hexdigest(token)
end

Instance Method Details

#activate! ⇒ Object

# File 'lib/authie/session_model.rb', line 60

def activate!
  self.active = true
  save!
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authie/session_model.rb', line 45

def expired?
  expires_at.present? &&
    expires_at < Time.now
end

#first_session_for_browser? ⇒ Boolean

Is this the first session for this session’s browser?

Returns:

• (Boolean)

# File 'lib/authie/session_model.rb', line 98

def first_session_for_browser?
  self.class.where('id < ?', id).for_user(user).where(browser_id: browser_id).empty?
end

#first_session_for_ip? ⇒ Boolean

Is this the first session for the IP?

Returns:

• (Boolean)

# File 'lib/authie/session_model.rb', line 103

def first_session_for_ip?
  self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
end

#get(key) ⇒ Object

# File 'lib/authie/session_model.rb', line 79

def get(key)
  (self.data ||= {})[key.to_s]
end

#inactive? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authie/session_model.rb', line 50

def inactive?
  expires_at.nil? &&
    last_activity_at.present? &&
    last_activity_at < Authie.config.session_inactivity_timeout.ago
end

#invalidate! ⇒ Object

# File 'lib/authie/session_model.rb', line 65

def invalidate!
  active_now = active?
  self.active = false
  save!
  Authie.notify(:session_invalidate, session: self) if active_now
  true
end

#invalidate_others! ⇒ Object

# File 'lib/authie/session_model.rb', line 83

def invalidate_others!
  self.class.where('id != ?', id).active.for_user(user).each(&:invalidate!)
end

#persistent? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authie/session_model.rb', line 56

def persistent?
  !!expires_at
end

#recently_seen_password? ⇒ Boolean

Have we seen the user’s password recently in this sesion?

Returns:

• (Boolean)

# File 'lib/authie/session_model.rb', line 88

def recently_seen_password?
  !!(password_seen_at && password_seen_at >= Authie.config.sudo_session_timeout.ago)
end

#reset_token ⇒ String

Reset a new token for the session and return the new token

Returns:

• (String)

# File 'lib/authie/session_model.rb', line 110

def reset_token
  set_new_token
  save!
  temporary_token
end

#set(key, value) ⇒ Object

# File 'lib/authie/session_model.rb', line 73

def set(key, value)
  self.data ||= {}
  self.data[key.to_s] = value
  save!
end

#two_factored? ⇒ Boolean

Is two factor authentication required for this request?

Returns:

• (Boolean)

# File 'lib/authie/session_model.rb', line 93

def two_factored?
  !!(two_factored_at || parent_id)
end

#user ⇒ Object

Return the user that

# File 'lib/authie/session_model.rb', line 26

def user
  return unless user_id && user_type
  return @user if instance_variable_defined?('@user')

  @user = user_type.constantize.find_by(id: user_id)
end

#user=(user) ⇒ Object

Set the user

# File 'lib/authie/session_model.rb', line 34

def user=(user)
  @user = user
  if user
    self.user_type = user.class.name
    self.user_id = user.id
  else
    self.user_type = nil
    self.user_id = nil
  end
end