Class: Securial::Session

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• Securial::Session

Defined in:

app/models/securial/session.rb

Overview

Session

# This class represents a user session in the Securial authentication system. # It is used to manage user sessions, including session creation, validation, and refresh functionality.

## Attributes

• user_id: The ID of the user associated with the session

• ip_address: The IP address from which the session was created

• user_agent: The user agent string of the browser or client used to create

the session

• refresh_token: A token used to refresh the session

• refresh_token_expires_at: The expiration time of the refresh token

• refresh_count: The number of times the session has been refreshed

• last_refreshed_at: The timestamp of the last time the session was refreshed

• revoked: A boolean indicating whether the session has been revoked

## Associations

• Belongs to a user, linking the session to a specific user

## Validations

• ip_address: Must be present

• user_agent: Must be present

• refresh_token: Must be present

Instance Method Summary

• #expired? ⇒ Boolean

  Checks if the session has expired based on the refresh token expiration time.

• #is_valid_session? ⇒ Boolean

  Checks if the session is valid based on its state.

• #is_valid_session_request?(request) ⇒ Boolean

  Checks if the session is valid for a specific request.

• #refresh! ⇒ void

  Refreshes the session by generating a new refresh token and updating the session attributes.

• #revoke! ⇒ void

  Revokes the session by setting the revoked attribute to true.

• #revoked? ⇒ Boolean

  Checks if the session is revoked.

Methods inherited from ApplicationRecord

#generate_uuid_v7

Instance Method Details

#expired? ⇒ Boolean

Checks if the session has expired based on the refresh token expiration time.

A session is considered expired if the refresh_token_expires_at time is in the past.

Returns:

• (Boolean) —

  Returns true if the session has expired, false otherwise.

# File 'app/models/securial/session.rb', line 114

def expired?; refresh_token_expires_at < Time.current; end

#is_valid_session? ⇒ Boolean

Checks if the session is valid based on its state.

A session is considered valid if it is not revoked and has not expired.

Returns:

• (Boolean) —

  Returns true if the session is valid, false otherwise.

# File 'app/models/securial/session.rb', line 54

def is_valid_session?
  !(revoked? || expired?)
end

#is_valid_session_request?(request) ⇒ Boolean

Checks if the session is valid for a specific request.

A session is valid for a request if it is not revoked, has not expired, and the IP address and user agent match those of the request.

Parameters:

• request (ActionDispatch::Request) —

  The request to validate against

Returns:

• (Boolean) —

  Returns true if the session is valid for the request, false otherwise.

# File 'app/models/securial/session.rb', line 65

def is_valid_session_request?(request)
  is_valid_session? && ip_address == request.ip && user_agent == request.user_agent
end

#refresh! ⇒ void

Note:

This method uses the Securial::Auth::TokenGenerator to

Note:

The refresh token expiration duration is configured in Securial.configuration.session_refresh_token_expires_in.

This method returns an undefined value.

Refreshes the session by generating a new refresh token and updating the session attributes.

This method raises an error if the session is revoked or expired.

generate a new refresh token and updates the session’s attributes accordingly.

Examples:

session.refresh! # => Updates the session with a new refresh token

Raises:

• (Securial::Error::Auth::TokenRevokedError) —

  if the session is revoked

• (Securial::Error::Auth::TokenExpiredError) —

  if the session is expired

See Also:

• Auth::TokenGenerator

# File 'app/models/securial/session.rb', line 84

def refresh!
  raise Securial::Error::Auth::TokenRevokedError if revoked?
  raise Securial::Error::Auth::TokenExpiredError if expired?

  new_refresh_token = Securial::Auth::TokenGenerator.generate_refresh_token

  refresh_token_duration = Securial.configuration.session_refresh_token_expires_in

  update!(refresh_token: new_refresh_token,
          refresh_count: self.refresh_count + 1,
          last_refreshed_at: Time.current,
          refresh_token_expires_at: refresh_token_duration.from_now)
end

#revoke! ⇒ void

Note:

This method does not delete the session record; it only marks it as revoked.

This method returns an undefined value.

Revokes the session by setting the revoked attribute to true.

This method updates the session record in the database to indicate that the session is no longer valid.

Examples:

session.revoke! # => Updates the session to be revoked

Raises:

• (ActiveRecord::RecordInvalid) —

  if the update fails due to validation errors

# File 'app/models/securial/session.rb', line 45

def revoke!
  update!(revoked: true)
end

#revoked? ⇒ Boolean

Note:

This method checks the revoked attribute of the session.

Note:

This method is used to determine if the session is still active or has been revoked

Checks if the session is revoked.

Examples:

session.revoked? # => true or false

Returns:

• (Boolean) —

  Returns true if the session is revoked, false otherwise.

See Also:

• #revoked

# File 'app/models/securial/session.rb', line 107

def revoked?; revoked; end