Class: Gitlab::Auth::SessionExpireFromInitEnforcer

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/auth/session_expire_from_init_enforcer.rb

Constant Summary collapse

SESSION_NAMESPACE = 
:sefie

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(warden, opts) ⇒ SessionExpireFromInitEnforcer

Returns a new instance of SessionExpireFromInitEnforcer.



29
30
31
32
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 29

def initialize(warden, opts)
  @warden = warden
  @opts = opts
end

Instance Attribute Details

#optsObject (readonly)

Returns the value of attribute opts.



10
11
12
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 10

def opts
  @opts
end

#wardenObject (readonly)

Returns the value of attribute warden.



10
11
12
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 10

def warden
  @warden
end

Class Method Details

.enabled?Boolean

Returns:



21
22
23
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 21

def self.enabled?
  Gitlab::CurrentSettings.session_expire_from_init
end

.session_expires_at(controller_session = Session.current) ⇒ Object 



12
13
14
15
16
17
18
19
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 12

def self.session_expires_at(controller_session = Session.current)
  warden_session = controller_session['warden.user.user.session']
  session = Gitlab::NamespacedSessionStore.new(SESSION_NAMESPACE, warden_session)
  signed_in_at = session['signed_in_at']
  return 0 unless signed_in_at.present?

  signed_in_at + timeout_value
end

.timeout_valueObject 



25
26
27
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 25

def self.timeout_value
  Gitlab::CurrentSettings.session_expire_delay * 60
end

Instance Method Details

#enabled?Boolean

Returns:



34
35
36
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 34

def enabled?
  self.class.enabled? && opts[:store] != false
end

#enforce!Object 



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 44

def enforce!
  return unless enabled?

  signed_in_at = session['signed_in_at']

  # immediately after the setting is enabled, users may not have this value set
  # we set it here so users don't have to log out and log back in to set the expiry
  unless signed_in_at.present?
    set_signed_in_at
    return
  end

   = Time.current.utc.to_i - signed_in_at

  return unless  > timeout_value

  ::Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)
  throw :warden, scope: scope, message: :timeout # rubocop:disable Cop/BanCatchThrow -- this is called from a Warden hook, which depends on throw :warden to halt and redirect
end

#set_login_timeObject 



38
39
40
41
42
 
# File 'lib/gitlab/auth/session_expire_from_init_enforcer.rb', line 38

def 
  return unless enabled?

  set_signed_in_at
end