Class: DoorMat::Session

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• DoorMat::Session

Defined in:

app/models/door_mat/session.rb

Instance Attribute Summary

• #token ⇒ Object

  Returns the value of attribute token.

Class Method Summary

• .clean_up(cookies) ⇒ Object
• .clear_current_session ⇒ Object

  destroy existing valid session if any at sign_in and sign_up time or when expired to prevent unreferenced sessions from accumulating in the store.

• .current_session ⇒ Object

  The current_session is never nil but it might not be valid Check with DoorMat::Session.current_session.valid?.

• .destroy_if_linked_to(cookies) ⇒ Object
• .for(actor, password, request) ⇒ Object
• .from(cookies, request) ⇒ Object
• .new_sub_session_for_actor(actor, password) ⇒ Object

Instance Method Summary

• #append_sub_session(session) ⇒ Object
• #autoload_sesion_for(actor) ⇒ Object
• #decrypt(ciphertext) ⇒ Object
• #encrypt(message) ⇒ Object
• #initialization_performed? ⇒ Boolean
• #initialize_with(actor, password) ⇒ Object
• #is_older_than(minutes_old) ⇒ Object
• #memberships_for(actor) ⇒ Object
• #package_recovery_key ⇒ Object
• #re_key_with(actor, password) ⇒ Object
• #reconfirm_password(password) ⇒ Object
• #recovery_key_restore(actor, recovery_key) ⇒ Object
• #renew_session_key_and_token(old_session_key, cookies) ⇒ Object
• #session_for_actor_loaded?(actor) ⇒ Boolean
• #set_up(cookies) ⇒ Object
• #unlock_with(session_key) ⇒ Object
• #with_session_for_actor(actor) ⇒ Object

Instance Attribute Details

#token ⇒ Object

Returns the value of attribute token.

# File 'app/models/door_mat/session.rb', line 7

def token
  @token
end

Class Method Details

.clean_up(cookies) ⇒ Object

# File 'app/models/door_mat/session.rb', line 224

def self.clean_up(cookies)
  cookies.delete(:session_guid)
  cookies.delete(:session_key)

  nil
end

.clear_current_session ⇒ Object

destroy existing valid session if any at sign_in and sign_up time or when expired to prevent unreferenced sessions from accumulating in the store

# File 'app/models/door_mat/session.rb', line 28

def self.clear_current_session
  session = current_session
  RequestStore.store[:current_session] = nil

  session.destroy if session.persisted?

  nil
end

.current_session ⇒ Object

The current_session is never nil but it might not be valid Check with DoorMat::Session.current_session.valid?

# File 'app/models/door_mat/session.rb', line 21

def self.current_session
  RequestStore.store[:current_session] ||= self.new
end

.destroy_if_linked_to(cookies) ⇒ Object

# File 'app/models/door_mat/session.rb', line 199

def self.destroy_if_linked_to(cookies)
  session_guid = cookies.encrypted[:session_guid].to_s.strip
  clean_up(cookies)

  return false if DoorMat::Regex.session_guid.match(session_guid).blank?
  session = self.find_by(hashed_token: DoorMat::Crypto::FastHash.sha256(session_guid) ) || self.new
  return false unless session.persisted?
  session.destroy!

  true
end

.for(actor, password, request) ⇒ Object

# File 'app/models/door_mat/session.rb', line 37

def self.for(actor, password, request)
  clear_current_session

  return nil if password.blank? || actor.key_salt.blank?

  session = self.new
  session.ip = request.remote_ip
  session.agent = request.user_agent

  RequestStore.store[:current_session] = session.initialize_with(actor, password)
end

.from(cookies, request) ⇒ Object

# File 'app/models/door_mat/session.rb', line 126

def self.from(cookies, request)
  clear_current_session
  session_guid = cookies.encrypted[:session_guid].to_s.strip
  session_key = cookies.encrypted[:session_key].to_s.strip

  return nil if session_guid.blank? || session_key.blank?
  return nil if DoorMat::Regex.session_guid.match(session_guid).blank?
  session = self.find_by(hashed_token: DoorMat::Crypto::FastHash.sha256(session_guid) ) || self.new
  session.token = session_guid
  if session.actor.nil?
    session.destroy!
    return nil
  end

  case
    when session.remember_me?
      if session.created_at < DoorMat.configuration.remember_me_max_day_count.days.ago
        session.destroy!
        return nil
      end
      if session.updated_at < DoorMat.configuration.private_computer_access_session_timeout.minutes.ago
        session_key = session.renew_session_key_and_token(session_key, cookies)
      end
    when session.private_computer?
      if session.updated_at < DoorMat.configuration.private_computer_access_session_timeout.minutes.ago
        session.destroy!
        return nil
      end
    else
      if session.updated_at < DoorMat.configuration.public_computer_access_session_timeout.minutes.ago
        session.destroy!
        return nil
      end
  end

  session.ip = request.remote_ip
  session.agent = request.user_agent # Check for major change in user_agent in case of strict session policy
  session.updated_at = DateTime.current

  RequestStore.store[:current_session] = session
  if session.unlock_with(session_key)
    session.save
  else
    clear_current_session
  end
end

.new_sub_session_for_actor(actor, password) ⇒ Object

# File 'app/models/door_mat/session.rb', line 78

def self.new_sub_session_for_actor(actor, password)
  session = self.new
  session.initialize_with(actor, password)
  session.actor = actor

  session
end

Instance Method Details

#append_sub_session(session) ⇒ Object

# File 'app/models/door_mat/session.rb', line 86

def append_sub_session(session)
  unless DoorMat::Session.current_session == self
    DoorMat.configuration.logger.error "ERROR: append_sub_session must only be called on DoorMat::Session.current_session"
    return false
  end

  unless session.valid?
    DoorMat.configuration.logger.error "ERROR: append_sub_session was given an invalid session"
    return false
  end

  actor_id = session.actor.id
  if sub_sessions.has_key? actor_id
    DoorMat.configuration.logger.warn "WARN: sub_session #{actor_id} already present; updating."
  end
  sub_sessions[actor_id] = session

  return true
end

#autoload_sesion_for(actor) ⇒ Object

# File 'app/models/door_mat/session.rb', line 115

def autoload_sesion_for(actor)
  return if session_for_actor_loaded?(actor)

  memberships = memberships_for(actor)
  unless memberships.empty?
    membership = memberships.first
    session = DoorMat::Session.new_sub_session_for_actor(membership.member_of, membership.key)
    append_sub_session(session)
  end
end

#decrypt(ciphertext) ⇒ Object

# File 'app/models/door_mat/session.rb', line 247

def decrypt(ciphertext)
  DoorMat::Crypto::SymmetricStore.decrypt(ciphertext, @symmetric_actor_key.first)
rescue OpenSSL::Cipher::CipherError => e
  DoorMat.configuration.logger.warn "WARN: Failed to decrypt for actor #{self.actor.id} - #{e}"
  nil
end

#encrypt(message) ⇒ Object

# File 'app/models/door_mat/session.rb', line 243

def encrypt(message)
  DoorMat::Crypto::SymmetricStore.encrypt(message, @symmetric_actor_key.last)[:ciphertext]
end

#initialization_performed? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/door_mat/session.rb', line 13

def initialization_performed?
  if @symmetric_actor_key.blank? || @symmetric_actor_key.first.blank? || @session_key.blank? || @token.blank? || self.hashed_token.blank?
    errors.add(:base, I18n.t("door_mat.session.initialization_failure"))
  end
end

#initialize_with(actor, password) ⇒ Object

# File 'app/models/door_mat/session.rb', line 49

def initialize_with(actor, password)
  reset
  self.email = actor.current_email

  re_key_with(actor, password)

  self
rescue Exception => e
  reset
  DoorMat.configuration.logger.error "ERROR: Failed to initialize session with password for actor #{actor.id} - #{e}"

  nil
end

#is_older_than(minutes_old) ⇒ Object

# File 'app/models/door_mat/session.rb', line 231

def is_older_than(minutes_old)
  self.password_authenticated_at < minutes_old.minutes.ago
end

#memberships_for(actor) ⇒ Object

# File 'app/models/door_mat/session.rb', line 106

def memberships_for(actor)
  current_session_ids = sub_sessions.keys
  current_session_ids.push(self.actor_id) unless self.actor_id.nil?

  DoorMat::Membership.where("member_of_id = :member_of and member_id in (:ids)",
                            :member_of => actor.id,
                            :ids => current_session_ids).select {|m| !m.readonly?}
end

#package_recovery_key ⇒ Object

# File 'app/models/door_mat/session.rb', line 254

def package_recovery_key
  h = DoorMat::Crypto::SymmetricStore.encrypt(@symmetric_actor_key.last)
  self.actor.recovery_key = h[:ciphertext]
  self.actor.save!
  self.actor.system_encrypt(h[:key])
end

#re_key_with(actor, password) ⇒ Object

# File 'app/models/door_mat/session.rb', line 63

def re_key_with(actor, password)
  @symmetric_actor_key << DoorMat::Crypto::PasswordHash.pbkdf2_hash(password, actor.key_salt)

  encrypt_actor_key(actor, @symmetric_actor_key.last)
  set_new_token

  self.password_authenticated_at = DateTime.current

  self
end

#reconfirm_password(password) ⇒ Object

# File 'app/models/door_mat/session.rb', line 271

def reconfirm_password(password)
  if self.actor.authenticate(password)
    self.password_authenticated_at = DateTime.current
    self.save!
    true
  else
    false
  end
end

#recovery_key_restore(actor, recovery_key) ⇒ Object

# File 'app/models/door_mat/session.rb', line 261

def recovery_key_restore(actor, recovery_key)
  self.actor = actor
  key = self.actor.system_decrypt(recovery_key)
  @symmetric_actor_key = [DoorMat::Crypto::SymmetricStore.decrypt(self.actor.recovery_key, key)]
  true
rescue OpenSSL::Cipher::CipherError => e
  DoorMat.configuration.logger.warn "WARN: Failed recovery_key_restore for actor #{self.actor.id} - #{e}"
  false
end

#renew_session_key_and_token(old_session_key, cookies) ⇒ Object

# File 'app/models/door_mat/session.rb', line 173

def renew_session_key_and_token(old_session_key, cookies)

  if unlock_with(old_session_key)
    encrypt_actor_key(self.actor, @symmetric_actor_key.last)
    set_new_token

    set_up(cookies)
  end

  @session_key
end

#session_for_actor_loaded?(actor) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/door_mat/session.rb', line 74

def session_for_actor_loaded?(actor)
  actor.nil? || (self.actor == actor) || (sub_sessions.has_key? actor.id)
end

#set_up(cookies) ⇒ Object

# File 'app/models/door_mat/session.rb', line 211

def set_up(cookies)
  options = {
      secure: DoorMat.configuration.transmit_cookies_only_over_https,
      httponly: true
  }
  options.merge!({ expires: DoorMat.configuration.remember_me_max_day_count.days.since(self.created_at) }) unless self.public_computer?

  cookies.encrypted[:session_guid] = options.merge({value: self.token})
  cookies.encrypted[:session_key] = options.merge({value: @session_key})

  nil
end

#unlock_with(session_key) ⇒ Object

# File 'app/models/door_mat/session.rb', line 185

def unlock_with(session_key)
  @symmetric_actor_key = [DoorMat::Crypto::SymmetricStore.decrypt(
      self.encrypted_symmetric_actor_key,
      self.actor.system_decrypt(session_key)
  )]
  @session_key = session_key

  true
rescue Exception => e
  reset
  DoorMat.configuration.logger.error "ERROR: Failed to unlock session with session_key for actor #{self.actor.id} - #{e}"
  false
end

#with_session_for_actor(actor) ⇒ Object

# File 'app/models/door_mat/session.rb', line 235

def with_session_for_actor(actor)
  if self.valid? && (actor.nil? || self.actor_id.nil? || self.actor == actor)
    yield(self)
  elsif !actor.nil? && (sub_sessions.has_key? actor.id)
    yield(sub_sessions[actor.id])
  end
end