class QuoVadis::Controller::QuoVadisWrapper
Attributes
controller[R]
Public Class Methods
new(controller)
click to toggle source
# File lib/quo_vadis/controller.rb, line 106 def initialize(controller) @controller = controller end
Public Instance Methods
clear_session_id()
click to toggle source
# File lib/quo_vadis/controller.rb, line 136 def clear_session_id cookies.delete QuoVadis.cookie_name end
lifetime_expires_at(browser_session)
click to toggle source
# File lib/quo_vadis/controller.rb, line 172 def lifetime_expires_at(browser_session) return nil if browser_session return nil if QuoVadis.session_lifetime == :session t = ActiveSupport::Duration.build(QuoVadis.session_lifetime).from_now QuoVadis.session_lifetime_extend_to_end_of_day ? t.end_of_day : t end
log(account, action, metadata = {})
click to toggle source
# File lib/quo_vadis/controller.rb, line 191 def log(account, action, metadata = {}) Log.create account: account, action: action, ip: request.remote_ip, metadata: metadata end
logout()
click to toggle source
# File lib/quo_vadis/controller.rb, line 180 def logout session&.destroy clear_session_id reset_session controller.instance_variable_set :@authenticated_model, nil end
logout_other_sessions()
click to toggle source
# File lib/quo_vadis/controller.rb, line 187 def logout_other_sessions session.logout_other_sessions end
path_after_authentication()
click to toggle source
# File lib/quo_vadis/controller.rb, line 195 def path_after_authentication if (bookmark = rails_session[:qv_bookmark]) rails_session.delete :qv_bookmark return bookmark end return main_app.after_login_path if main_app.respond_to?(:after_login_path) return main_app.root_path if main_app.respond_to?(:root_path) raise RuntimeError, 'Missing routes: after_login_path, root_path; define at least one of them.' end
path_after_password_change()
click to toggle source
# File lib/quo_vadis/controller.rb, line 205 def path_after_password_change return main_app.after_password_change_path if main_app.respond_to?(:after_password_change_path) return main_app.root_path if main_app.respond_to?(:root_path) raise RuntimeError, 'Missing routes: after_password_change_path, root_path; define at least one of them.' end
prevent_rails_session_fixation()
click to toggle source
# File lib/quo_vadis/controller.rb, line 140 def prevent_rails_session_fixation old_session = rails_session.to_hash reset_session old_session.each { |k,v| rails_session[k] = v } end
replace_session()
click to toggle source
# File lib/quo_vadis/controller.rb, line 163 def replace_session prevent_rails_session_fixation sess = session.replace store_session_id sess.id, sess.lifetime_expires_at controller.instance_variable_set :@authenticated_model, sess.account.model end
second_factor_authenticated?()
click to toggle source
# File lib/quo_vadis/controller.rb, line 151 def second_factor_authenticated? session.second_factor_authenticated? end
second_factor_required?()
click to toggle source
Assumes user is logged in.
# File lib/quo_vadis/controller.rb, line 147 def second_factor_required? QuoVadis.two_factor_authentication_mandatory || authenticated_model.qv_account.has_two_factors? end
session()
click to toggle source
Returns the current QuoVadis
session or nil.
# File lib/quo_vadis/controller.rb, line 111 def session return nil unless session_id QuoVadis::Session.find_by id: session_id end
session_authenticated_with_second_factor()
click to toggle source
# File lib/quo_vadis/controller.rb, line 159 def session_authenticated_with_second_factor session.authenticated_with_second_factor end
session_id()
click to toggle source
# File lib/quo_vadis/controller.rb, line 116 def session_id cookies.encrypted[QuoVadis.cookie_name] end
store_session_id(id, expires_at)
click to toggle source
Store the session id in an encrypted cookie.
Given that the cookie is encrypted, it is safe to store the database primary key of the session rather than a random-value candidate key.
expires_at - the end of the QuoVadis
session's lifetime (regardless of the idle timeout)
# File lib/quo_vadis/controller.rb, line 126 def store_session_id(id, expires_at) cookies.encrypted[QuoVadis.cookie_name] = { value: id, httponly: true, secure: Rails.env.production?, same_site: :lax, expires: expires_at # setting expires_at to nil has the same effect as not setting it } end
touch_session_last_seen_at()
click to toggle source
# File lib/quo_vadis/controller.rb, line 155 def touch_session_last_seen_at session&.touch :last_seen_at end
Private Instance Methods
rails_session()
click to toggle source
# File lib/quo_vadis/controller.rb, line 221 def rails_session controller.session end