class Authie::SessionModel

Attributes

temporary_token[RW]

Private Class Methods

cleanup() click to toggle source

Cleanup any old sessions.

# File lib/authie/session_model.rb, line 140
def cleanup
  Authie.notify(:cleanup) do
    # Invalidate transient sessions that haven't been used
    active.where('expires_at IS NULL AND last_activity_at < ?',
                 Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
    # Invalidate persistent sessions that have expired
    active.where('expires_at IS NOT NULL AND expires_at < ?', Time.now).each(&:invalidate!)
  end
  true
end
find_session_by_token(token) click to toggle source

Find a session by a token (either from a hash or from the raw token)

# File lib/authie/session_model.rb, line 133
def find_session_by_token(token)
  return nil if token.blank?

  active.where(token_hash: hash_token(token)).first
end
hash_token(token) click to toggle source

Return a hash of a given token

# File lib/authie/session_model.rb, line 152
def hash_token(token)
  Digest::SHA256.hexdigest(token)
end

Public Instance Methods

activate!() click to toggle source
# File lib/authie/session_model.rb, line 60
def activate!
  self.active = true
  save!
end
expired?() click to toggle source
# File lib/authie/session_model.rb, line 45
def expired?
  expires_at.present? &&
    expires_at < Time.now
end
first_session_for_browser?() click to toggle source

Is this the first session for this session’s browser?

# File lib/authie/session_model.rb, line 98
def first_session_for_browser?
  self.class.where('id < ?', id).for_user(user).where(browser_id: browser_id).empty?
end
first_session_for_ip?() click to toggle source

Is this the first session for the IP?

# File lib/authie/session_model.rb, line 103
def first_session_for_ip?
  self.class.where('id < ?', id).for_user(user).where(login_ip: login_ip).empty?
end
get(key) click to toggle source
# File lib/authie/session_model.rb, line 79
def get(key)
  (self.data ||= {})[key.to_s]
end
inactive?() click to toggle source
# File lib/authie/session_model.rb, line 50
def inactive?
  expires_at.nil? &&
    last_activity_at.present? &&
    last_activity_at < Authie.config.session_inactivity_timeout.ago
end
invalidate!() click to toggle source
# File lib/authie/session_model.rb, line 65
def invalidate!
  active_now = active?
  self.active = false
  save!
  Authie.notify(:session_invalidate, session: self) if active_now
  true
end
invalidate_others!() click to toggle source
# File lib/authie/session_model.rb, line 83
def invalidate_others!
  self.class.where('id != ?', id).active.for_user(user).each(&:invalidate!)
end
persistent?() click to toggle source
# File lib/authie/session_model.rb, line 56
def persistent?
  !!expires_at
end
recently_seen_password?() click to toggle source

Have we seen the user’s password recently in this sesion?

# File lib/authie/session_model.rb, line 88
def recently_seen_password?
  !!(password_seen_at && password_seen_at >= Authie.config.sudo_session_timeout.ago)
end
reset_token() click to toggle source

Reset a new token for the session and return the new token

@return [String]

# File lib/authie/session_model.rb, line 110
def reset_token
  set_new_token
  save!
  temporary_token
end
set(key, value) click to toggle source
# File lib/authie/session_model.rb, line 73
def set(key, value)
  self.data ||= {}
  self.data[key.to_s] = value
  save!
end
two_factored?() click to toggle source

Is two factor authentication required for this request?

# File lib/authie/session_model.rb, line 93
def two_factored?
  !!(two_factored_at || parent_id)
end
user() click to toggle source

Return the user that

# File lib/authie/session_model.rb, line 26
def user
  return unless user_id && user_type
  return @user if instance_variable_defined?('@user')

  @user = user_type.constantize.find_by(id: user_id)
end
user=(user) click to toggle source

Set the user

# File lib/authie/session_model.rb, line 34
def user=(user)
  @user = user
  if user
    self.user_type = user.class.name
    self.user_id = user.id
  else
    self.user_type = nil
    self.user_id = nil
  end
end

Private Instance Methods

set_new_token() click to toggle source
# File lib/authie/session_model.rb, line 123
def set_new_token
  self.temporary_token = SecureRandom.alphanumeric(Authie.config.session_token_length)
  self.token_hash = self.class.hash_token(temporary_token)
end
shorten_strings() click to toggle source
# File lib/authie/session_model.rb, line 118
def shorten_strings
  self.user_agent = user_agent[0, 255] if user_agent.is_a?(String)
  self.last_activity_path = last_activity_path[0, 255] if last_activity_path.is_a?(String)
end