class QuoVadis::Controller::QuoVadisWrapper

Attributes

controller[R]

Public Class Methods

new(controller) click to toggle source
# File lib/quo_vadis/controller.rb, line 106
def initialize(controller)
  @controller = controller
end

Public Instance Methods

clear_session_id() click to toggle source
# File lib/quo_vadis/controller.rb, line 136
def clear_session_id
  cookies.delete QuoVadis.cookie_name
end
lifetime_expires_at(browser_session) click to toggle source
# File lib/quo_vadis/controller.rb, line 172
def lifetime_expires_at(browser_session)
  return nil if browser_session
  return nil if QuoVadis.session_lifetime == :session

  t = ActiveSupport::Duration.build(QuoVadis.session_lifetime).from_now
  QuoVadis.session_lifetime_extend_to_end_of_day ? t.end_of_day : t
end
log(account, action, metadata = {}) click to toggle source
# File lib/quo_vadis/controller.rb, line 191
def log(account, action, metadata = {})
  Log.create account: account, action: action, ip: request.remote_ip, metadata: metadata
end
logout() click to toggle source
# File lib/quo_vadis/controller.rb, line 180
def logout
  session&.destroy
  clear_session_id
  reset_session
  controller.instance_variable_set :@authenticated_model, nil
end
logout_other_sessions() click to toggle source
# File lib/quo_vadis/controller.rb, line 187
def logout_other_sessions
  session.logout_other_sessions
end
path_after_authentication() click to toggle source
# File lib/quo_vadis/controller.rb, line 195
def path_after_authentication
  if (bookmark = rails_session[:qv_bookmark])
    rails_session.delete :qv_bookmark
    return bookmark
  end
  return main_app.after_login_path if main_app.respond_to?(:after_login_path)
  return main_app.root_path        if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_login_path, root_path; define at least one of them.'
end
path_after_password_change() click to toggle source
# File lib/quo_vadis/controller.rb, line 205
def path_after_password_change
  return main_app.after_password_change_path if main_app.respond_to?(:after_password_change_path)
  return main_app.root_path                  if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_password_change_path, root_path; define at least one of them.'
end
prevent_rails_session_fixation() click to toggle source
# File lib/quo_vadis/controller.rb, line 140
def prevent_rails_session_fixation
  old_session = rails_session.to_hash
  reset_session
  old_session.each { |k,v| rails_session[k] = v }
end
replace_session() click to toggle source
# File lib/quo_vadis/controller.rb, line 163
def replace_session
  prevent_rails_session_fixation

  sess = session.replace
  store_session_id sess.id, sess.lifetime_expires_at

  controller.instance_variable_set :@authenticated_model, sess.account.model
end
second_factor_authenticated?() click to toggle source
# File lib/quo_vadis/controller.rb, line 151
def second_factor_authenticated?
  session.second_factor_authenticated?
end
second_factor_required?() click to toggle source

Assumes user is logged in.

# File lib/quo_vadis/controller.rb, line 147
def second_factor_required?
  QuoVadis.two_factor_authentication_mandatory || authenticated_model.qv_account.has_two_factors?
end
session() click to toggle source

Returns the current QuoVadis session or nil.

# File lib/quo_vadis/controller.rb, line 111
def session
  return nil unless session_id
  QuoVadis::Session.find_by id: session_id
end
session_authenticated_with_second_factor() click to toggle source
# File lib/quo_vadis/controller.rb, line 159
def session_authenticated_with_second_factor
  session.authenticated_with_second_factor
end
session_id() click to toggle source
# File lib/quo_vadis/controller.rb, line 116
def session_id
  cookies.encrypted[QuoVadis.cookie_name]
end
store_session_id(id, expires_at) click to toggle source

Store the session id in an encrypted cookie.

Given that the cookie is encrypted, it is safe to store the database primary key of the session rather than a random-value candidate key.

expires_at - the end of the QuoVadis session's lifetime (regardless of the idle timeout)

# File lib/quo_vadis/controller.rb, line 126
def store_session_id(id, expires_at)
  cookies.encrypted[QuoVadis.cookie_name] = {
    value:     id,
    httponly:  true,
    secure:    Rails.env.production?,
    same_site: :lax,
    expires:   expires_at  # setting expires_at to nil has the same effect as not setting it
  }
end
touch_session_last_seen_at() click to toggle source
# File lib/quo_vadis/controller.rb, line 155
def touch_session_last_seen_at
  session&.touch :last_seen_at
end

Private Instance Methods

cookies() click to toggle source
# File lib/quo_vadis/controller.rb, line 217
def cookies
  controller.send :cookies  # private method
end
rails_session() click to toggle source
# File lib/quo_vadis/controller.rb, line 221
def rails_session
  controller.session
end