Class: QuoVadis::Controller::QuoVadisWrapper

Inherits:
Object
  • Object
show all
Defined in:
lib/quo_vadis/controller.rb

Instance Method Summary collapse

Constructor Details

#initialize(controller) ⇒ QuoVadisWrapper

Returns a new instance of QuoVadisWrapper.



103
104
105
 
# File 'lib/quo_vadis/controller.rb', line 103

def initialize(controller)
  @controller = controller
end

Instance Method Details

#clear_session_idObject 



133
134
135
 
# File 'lib/quo_vadis/controller.rb', line 133

def clear_session_id
  cookies.delete QuoVadis.cookie_name
end

#lifetime_expires_at(browser_session) ⇒ Object 



182
183
184
185
186
187
188
 
# File 'lib/quo_vadis/controller.rb', line 182

def lifetime_expires_at(browser_session)
  return nil if browser_session
  return nil if QuoVadis.session_lifetime == :session

  t = ActiveSupport::Duration.build(QuoVadis.session_lifetime).from_now
  QuoVadis.session_lifetime_extend_to_end_of_day ? t.end_of_day : t
end

#log(account, action, metadata = {}) ⇒ Object 



201
202
203
 
# File 'lib/quo_vadis/controller.rb', line 201

def log(, action, metadata = {})
  Log.create account: , action: action, ip: request.remote_ip, metadata: metadata
end

#logoutObject 



190
191
192
193
194
195
 
# File 'lib/quo_vadis/controller.rb', line 190

def logout
  session&.destroy
  clear_session_id
  prevent_rails_session_fixation
  controller.instance_variable_set :@authenticated_model, nil
end

#logout_other_sessionsObject 



197
198
199
 
# File 'lib/quo_vadis/controller.rb', line 197

def logout_other_sessions
  session.logout_other_sessions
end

#path_after_authenticationObject

Raises:

  • (RuntimeError) 


212
213
214
215
216
217
218
219
220
 
# File 'lib/quo_vadis/controller.rb', line 212

def path_after_authentication
  if (bookmark = rails_session[:qv_bookmark])
    rails_session.delete :qv_bookmark
    return bookmark
  end
  return main_app. if main_app.respond_to?(:after_login_path)
  return main_app.root_path        if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_login_path, root_path; define at least one of them.'
end

#path_after_password_changeObject

Raises:

  • (RuntimeError) 


222
223
224
225
226
 
# File 'lib/quo_vadis/controller.rb', line 222

def path_after_password_change
  return main_app.after_password_change_path if main_app.respond_to?(:after_password_change_path)
  return main_app.root_path                  if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_password_change_path, root_path; define at least one of them.'
end

#path_after_signupObject

Raises:

  • (RuntimeError) 


205
206
207
208
209
210
 
# File 'lib/quo_vadis/controller.rb', line 205

def 
  return main_app. if main_app.respond_to?(:after_signup_path)
  return main_app.  if main_app.respond_to?(:after_login_path)
  return main_app.root_path         if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_signup_path, after_login_path, root_path; define at least one of them.'
end

#prevent_rails_session_fixationObject 



137
138
139
140
141
 
# File 'lib/quo_vadis/controller.rb', line 137

def prevent_rails_session_fixation
  old_session = rails_session.to_hash
  reset_session
  old_session.each { |k,v| rails_session[k] = v }
end

#replace_sessionObject 



173
174
175
176
177
178
179
180
 
# File 'lib/quo_vadis/controller.rb', line 173

def replace_session
  prevent_rails_session_fixation

  sess = session.replace
  store_session_id sess.id, sess.lifetime_expires_at

  controller.instance_variable_set :@authenticated_model, sess..model
end

#request_confirmation(model) ⇒ Object 



143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/quo_vadis/controller.rb', line 143

def request_confirmation(model)
  rails_session[:account_pending_confirmation] = model..id

  expiration = QuoVadis..from_now.to_i
  rails_session[:account_confirmation_expires_at] = expiration

  otp = model..otp_for_confirmation(expiration)

  QuoVadis.deliver :account_confirmation, {email: model.email, otp: otp}

  controller.flash[:notice] = QuoVadis.translate 'flash.confirmation.sent'
end

#second_factor_authenticated?Boolean

Returns:

  • (Boolean) 


161
162
163
 
# File 'lib/quo_vadis/controller.rb', line 161

def second_factor_authenticated?
  session.second_factor_authenticated?
end

#second_factor_required?Boolean

Assumes user is logged in.

Returns:

  • (Boolean) 


157
158
159
 
# File 'lib/quo_vadis/controller.rb', line 157

def second_factor_required?
  QuoVadis.two_factor_authentication_mandatory || authenticated_model..has_two_factors?
end

#sessionObject

Returns the current QuoVadis session or nil.



108
109
110
111
 
# File 'lib/quo_vadis/controller.rb', line 108

def session
  return nil unless session_id
  QuoVadis::Session.find_by id: session_id
end

#session_authenticated_with_second_factorObject 



169
170
171
 
# File 'lib/quo_vadis/controller.rb', line 169

def session_authenticated_with_second_factor
  session.authenticated_with_second_factor
end

#session_idObject 



113
114
115
 
# File 'lib/quo_vadis/controller.rb', line 113

def session_id
  cookies.encrypted[QuoVadis.cookie_name]
end

#store_session_id(id, expires_at) ⇒ Object

Store the session id in an encrypted cookie.

Given that the cookie is encrypted, it is safe to store the database primary key of the session rather than a random-value candidate key.

expires_at - the end of the QuoVadis session’s lifetime (regardless of the idle timeout)



123
124
125
126
127
128
129
130
131
 
# File 'lib/quo_vadis/controller.rb', line 123

def store_session_id(id, expires_at)
  cookies.encrypted[QuoVadis.cookie_name] = {
    value:     id,
    httponly:  true,
    secure:    Rails.env.production?,
    same_site: :lax,
    expires:   expires_at  # setting expires_at to nil has the same effect as not setting it
  }
end

#touch_session_last_seen_atObject 



165
166
167
 
# File 'lib/quo_vadis/controller.rb', line 165

def touch_session_last_seen_at
  session&.touch :last_seen_at
end