Class: Securial::Session

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• Securial::Session

Defined in:

app/models/securial/session.rb

Overview

Session

# This class represents a user session in the Securial authentication system. # It is used to manage user sessions, including session creation, validation, and refresh functionality.

## Attributes

• ‘user_id`: The ID of the user associated with the session

• ‘ip_address`: The IP address from which the session was created

• ‘user_agent`: The user agent string of the browser or client used to create

the session

• ‘refresh_token`: A token used to refresh the session

• ‘refresh_token_expires_at`: The expiration time of the refresh token

• ‘refresh_count`: The number of times the session has been refreshed

• ‘last_refreshed_at`: The timestamp of the last time the session was refreshed

• ‘revoked`: A boolean indicating whether the session has been revoked

## Associations

• Belongs to a user, linking the session to a specific user

## Validations

• ‘ip_address`: Must be present

• ‘user_agent`: Must be present

• ‘refresh_token`: Must be present

Instance Method Summary

• #expired? ⇒ Boolean

  Checks if the session has expired based on the refresh token expiration time.

• #is_valid_session? ⇒ Boolean

  Checks if the session is valid based on its state.

• #is_valid_session_request?(request) ⇒ Boolean

  Checks if the session is valid for a specific request.

• #refresh! ⇒ void

  Refreshes the session by generating a new refresh token and updating the session attributes.

• #revoke! ⇒ void

  Revokes the session by setting the ‘revoked` attribute to true.

• #revoked? ⇒ Boolean

  Checks if the session is revoked.

Methods inherited from ApplicationRecord

#generate_uuid_v7

Instance Method Details

#expired? ⇒ Boolean

Checks if the session has expired based on the refresh token expiration time.

A session is considered expired if the ‘refresh_token_expires_at` time is in the past.

# File 'app/models/securial/session.rb', line 114

def expired?; refresh_token_expires_at < Time.current; end

#is_valid_session? ⇒ Boolean

Checks if the session is valid based on its state.

A session is considered valid if it is not revoked and has not expired.

# File 'app/models/securial/session.rb', line 54

def is_valid_session?
  !(revoked? || expired?)
end

#is_valid_session_request?(request) ⇒ Boolean

Checks if the session is valid for a specific request.

A session is valid for a request if it is not revoked, has not expired, and the IP address and user agent match those of the request.

# File 'app/models/securial/session.rb', line 65

def is_valid_session_request?(request)
  is_valid_session? && ip_address == request.ip && user_agent == request.user_agent
end

#refresh! ⇒ void

Note:

This method uses the Securial::Auth::TokenGenerator to

Note:

The refresh token expiration duration is configured in Securial.configuration.session_refresh_token_expires_in.

This method returns an undefined value.

Refreshes the session by generating a new refresh token and updating the session attributes.

This method raises an error if the session is revoked or expired.

generate a new refresh token and updates the session’s attributes accordingly.

Examples:

session.refresh! # => Updates the session with a new refresh token

Raises:

• (Securial::Error::Auth::TokenRevokedError) —

  if the session is revoked

• (Securial::Error::Auth::TokenExpiredError) —

  if the session is expired

See Also:

• Auth::TokenGenerator

# File 'app/models/securial/session.rb', line 84

def refresh!
  raise Securial::Error::Auth::TokenRevokedError if revoked?
  raise Securial::Error::Auth::TokenExpiredError if expired?

  new_refresh_token = Securial::Auth::TokenGenerator.generate_refresh_token

  refresh_token_duration = Securial.configuration.session_refresh_token_expires_in

  update!(refresh_token: new_refresh_token,
          refresh_count: self.refresh_count + 1,
          last_refreshed_at: Time.current,
          refresh_token_expires_at: refresh_token_duration.from_now)
end

#revoke! ⇒ void

Note:

This method does not delete the session record; it only marks it as revoked.

This method returns an undefined value.

Revokes the session by setting the ‘revoked` attribute to true.

This method updates the session record in the database to indicate that the session is no longer valid.

Examples:

session.revoke! # => Updates the session to be revoked

Raises:

• (ActiveRecord::RecordInvalid) —

  if the update fails due to validation errors

# File 'app/models/securial/session.rb', line 45

def revoke!
  update!(revoked: true)
end

#revoked? ⇒ Boolean

Note:

This method checks the ‘revoked` attribute of the session.

Note:

This method is used to determine if the session is still active or has been revoked

Checks if the session is revoked.

Examples:

session.revoked? # => true or false

See Also:

• #revoked

# File 'app/models/securial/session.rb', line 107

def revoked?; revoked; end