Class: ForgetPasswords::State

Inherits:

Object

• Object
• ForgetPasswords::State

Defined in:

lib/forget-passwords/state.rb

Constant Summary

TEN_MINUTES =

ISO8601::Duration.new('PT10M').freeze

TWO_WEEKS =

ISO8601::Duration.new('P2W').freeze

Expiry =

ForgetPasswords::Types::SymbolHash.schema(
query:  ForgetPasswords::Types::Duration.default(TEN_MINUTES),
cookie: ForgetPasswords::Types::Duration.default(TWO_WEEKS)).hash_default

RawParams =

ForgetPasswords::Types::SymbolHash.schema(
dsn:       ForgetPasswords::Types::String,
user?:     ForgetPasswords::Types::String,
password?: ForgetPasswords::Types::String,
expiry:    Expiry).hash_default

Type =

ForgetPasswords::Types.Constructor(self) do |x|
  # this will w
  if x.is_a? self
    x
  else
    raw = RawParams.(x)
    self.new raw[:dsn], **raw.slice(:user, :password)
  end
end

Instance Attribute Summary

• #acl ⇒ Object readonly

  Returns the value of attribute acl.

• #db ⇒ Object readonly

  Returns the value of attribute db.

• #expiry ⇒ Object readonly

  Returns the value of attribute expiry.

• #token ⇒ Object readonly

  Returns the value of attribute token.

• #usage ⇒ Object readonly

  Returns the value of attribute usage.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Instance Method Summary

• #expire_tokens_for(principal, cookie: nil) ⇒ Object

  Expire all cookies associated with a principal.

• #freshen_token(token, from: Time.now, cookie: true) ⇒ true, false

  Freshen the expiry date of the token.

• #id_for(principal, create: true, email: nil) ⇒ Object
• #initialize(dsn, create: true, user: nil, password: nil, expiry: { query: TEN_MINUTES, cookie: TWO_WEEKS }, debug: false) ⇒ State constructor

  A new instance of State.

• #initialize! ⇒ Object
• #initialized? ⇒ Boolean
• #new_token(principal, cookie: false, oneoff: false, expires: nil) ⇒ Object
• #new_user(principal, email: nil) ⇒ Object
• #record_for(principal, create: false, email: nil) ⇒ Object

  XXX 2022-04-10 the email address is canonical now, lol.

• #stamp_token(token, ip, seen: DateTime.now) ⇒ ForgetPasswords::State::Usage

  Add a token to the usage log and associate it with an IP address.

• #token_for(principal, cookie: false, oneoff: false, expires: nil) ⇒ Object

  from the author of sequel (2019-05-27):.

• #transaction(&block) ⇒ Object
• #user_for(token, record: false, id: false, cookie: false) ⇒ String^?

  Retrieve the user associated with a token, whether nonce or cookie.

Constructor Details

#initialize(dsn, create: true, user: nil, password: nil, expiry: { query: TEN_MINUTES, cookie: TWO_WEEKS }, debug: false) ⇒ State

Returns a new instance of State.

# File 'lib/forget-passwords/state.rb', line 319

def initialize dsn, create: true, user: nil, password: nil,
    expiry: { query: TEN_MINUTES, cookie: TWO_WEEKS }, debug: false
  @db = Sequel.connect dsn

  # XXX more reliable way to get this info?
  if /postgres/i.match? @db.class.name
    # anyway whatever
    @db.extension :constant_sql_override
    @db.set_constant_sql S::CURRENT_TIMESTAMP,
      "TIMEZONE('UTC', CURRENT_TIMESTAMP)"
      # "(CURRENT_TIMESTAMP AT TIME ZONE 'UTC')"
  end

  @expiry = Expiry.(expiry)
  # warn expiry.inspect

  if debug
    require 'logger'
    @db.loggers << Logger.new($stderr)
  end

  first_run if create
end

Instance Attribute Details

#acl ⇒ Object (readonly)

Returns the value of attribute acl.

# File 'lib/forget-passwords/state.rb', line 317

def acl
  @acl
end

#db ⇒ Object (readonly)

Returns the value of attribute db.

# File 'lib/forget-passwords/state.rb', line 317

def db
  @db
end

#expiry ⇒ Object (readonly)

Returns the value of attribute expiry.

# File 'lib/forget-passwords/state.rb', line 317

def expiry
  @expiry
end

#token ⇒ Object (readonly)

Returns the value of attribute token.

# File 'lib/forget-passwords/state.rb', line 317

def token
  @token
end

#usage ⇒ Object (readonly)

Returns the value of attribute usage.

# File 'lib/forget-passwords/state.rb', line 317

def usage
  @usage
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'lib/forget-passwords/state.rb', line 317

def user
  @user
end

Instance Method Details

#expire_tokens_for(principal, cookie: nil) ⇒ Object

Expire all cookies associated with a principal.

Parameters:

Returns:

# File 'lib/forget-passwords/state.rb', line 465

def expire_tokens_for principal, cookie: nil
  id = principal.is_a?(Integer) ? principal : id_for(principal)
  raise "No user with ID #{principal} found" unless id
  @token.for(id).expire_all cookie: cookie
end

#freshen_token(token, from: Time.now, cookie: true) ⇒ true, false

Freshen the expiry date of the token.

Parameters:

• token (String) —

  the token

• from (Time, DateTime) (defaults to: Time.now) —

  the reference time

• cookie (true, false) (defaults to: true) —

  whether the token is a cookie

Returns:

• (true, false) —

  whether any tokens were affected.

# File 'lib/forget-passwords/state.rb', line 497

def freshen_token token, from: Time.now, cookie: true
  uuid = UUID::NCName.valid?(token) ?
    UUID::NCName.from_ncname(token) : token
  exp = @expiry[cookie ? :cookie : :query]
  # this is dumb that this is how you have to do this
  delta = from.to_time.gmtime +
    exp.to_seconds(ISO8601::DateTime.new from.iso8601)
  # aaanyway...
  rows = @token.where(
    token: uuid).fresh(cookie: cookie).update(expires: delta)
  rows > 0
end

#id_for(principal, create: true, email: nil) ⇒ Object

# File 'lib/forget-passwords/state.rb', line 400

def id_for principal, create: true, email: nil
  user = record_for principal, create: create, email: email
  user.id if user
end

#initialize! ⇒ Object

# File 'lib/forget-passwords/state.rb', line 347

def initialize!
  first_run force: true
end

#initialized? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/forget-passwords/state.rb', line 343

def initialized?
  CREATE_SEQ.select { |t| db.table_exists? t } == CREATE_SEQ
end

#new_token(principal, cookie: false, oneoff: false, expires: nil) ⇒ Object

# File 'lib/forget-passwords/state.rb', line 409

def new_token principal, cookie: false, oneoff: false, expires: nil
  id = principal.is_a?(Integer) ? principal : id_for(principal)
  raise "No user with ID #{principal} found" unless id

  # this should be a duration
  raise 'Expires should be an ISO8601::Duration' if
    expires && !expires.is_a?(ISO8601::Duration)
  expires ||= @expiry[cookie ? :cookie : :query]

  oneoff = false if cookie

  now = Time.now.gmtime
  # the iso8601 guy didn't make it so you could add a duration to
  # a DateTime, even though ISO8601::DateTime embeds a DateTime.
  # noOOoOOOo that would be too easy; instead you have to reparse it.
  expires = now + expires.to_seconds(ISO8601::DateTime.new now.iso8601)
  # anyway an integer to DateTime is a day, so we divide.

  uuid = UUIDTools::UUID.random_create

  @token.insert(user: id, token: uuid.to_s, slug: !cookie,
    oneoff: !!oneoff, expires: expires)

  UUID::NCName::to_ncname uuid, version: 1
end

#new_user(principal, email: nil) ⇒ Object

# File 'lib/forget-passwords/state.rb', line 405

def new_user principal, email: nil
  record_for principal, create: true, email: email
end

#record_for(principal, create: false, email: nil) ⇒ Object

XXX 2022-04-10 the email address is canonical now, lol

# File 'lib/forget-passwords/state.rb', line 357

def record_for principal, create: false, email: nil
  # so we can keep the same interface
  if principal
    # ensure this is a stripped string
    principal = principal.to_s.strip
    raise ArgumentError,
      'principal cannot be an empty string' if principal.empty?
  else
    raise ArgumentError,
      'email must be defined if principal is not' unless email
    # note we don't normalize case for the principal (may be dumb tbh)
    principal = email.to_s.strip
  end

  ds  = @user.select(:id).where(principal: principal)
  row = ds.first

  if create
    if email
      email = email.to_s.strip.downcase
      raise ArgumentError,
        "email must be a valid address, not #{email}" unless
        email.include? ?@
    elsif principal.include? ?@
      email = principal.dup
    else
      raise ArgumentError,
        'principal must be an email address if another not supplied'
    end

    if row
      row = @user[row.id]
      row.email = email
      row.save
    else
      row = { principal: principal, email: email  }
      row = @user.new.set(row).save
    end
  end

  row
end

#stamp_token(token, ip, seen: DateTime.now) ⇒ ForgetPasswords::State::Usage

Add a token to the usage log and associate it with an IP address.

Parameters:

• token (String) —

  the token

• ip (String) —

  the IP address that used

• seen (Time, DateTime) (defaults to: DateTime.now) —

  The timestamp (defaults to now).

Returns:

• (ForgetPasswords::State::Usage) —

  the token’s usage record

# File 'lib/forget-passwords/state.rb', line 519

def stamp_token token, ip, seen: DateTime.now
  uuid  = UUID::NCName::from_ncname token, version: 1
  raise "Could not get UUID from token #{token}" unless uuid
  @db.transaction do
    # warn @usage.where(token: uuid, ip: ip).inspect
    rec = @usage.where(token: uuid, ip: ip).first
    # warn "#{uuid} #{ip}"
    if rec
      rec.update(seen: seen)
      rec # yo does update return the record? or
    else
      @usage.insert(token: uuid, ip: ip, seen: seen)
    end
  end
end

#token_for(principal, cookie: false, oneoff: false, expires: nil) ⇒ Object

from the author of sequel (2019-05-27):

15:11 < jeremyevans> dorian: DB.fromsame_table.as(:a).exclude(

DB.from{same_table.as(:b)}.where{(a[:order] < b[:order]) &
  {a[:key]=>b[:key]}}.select(1).exists)

# File 'lib/forget-passwords/state.rb', line 442

def token_for principal, cookie: false, oneoff: false, expires: nil
  id = principal.is_a?(Integer) ? principal : id_for(principal)
  raise "No user with ID #{principal} found" unless id

  # only query strings can be oneoffs
  cookie = !!cookie
  oneoff = false if cookie
  oneoff = !!oneoff

  # obtain the last (newest) "fresh" token for this user
  row = @token.fresh(cookie: cookie, oneoff: oneoff).for(id).by_date.first
  return UUID::NCName::to_ncname row.token, version: 1 if row
end

#transaction(&block) ⇒ Object

# File 'lib/forget-passwords/state.rb', line 351

def transaction &block
  @db.transaction(&block)
end

#user_for(token, record: false, id: false, cookie: false) ⇒ String^?

Retrieve the user associated with a token, whether nonce or cookie.

Parameters:

• token (String) —

  the token

• id (false, true) (defaults to: false) —

  the user ID instead of the principal

• cookie (false, true) (defaults to: false) —

  whether the token is a cookie

Returns:

• (String, nil) —

  the user principal identifier or nil

# File 'lib/forget-passwords/state.rb', line 479

def user_for token, record: false, id: false, cookie: false
  uuid = UUID::NCName::from_ncname token, version: 1
  out  = @user.where(disabled: nil).join(:token, user: :id).select(
    :id, :principal, :email, :expires
  ).where(token: uuid, slug: !cookie).first

  # return the whole record if asked for it otherwise the id or principal
  record ? out : id ? out.id : out.principal if out
end