summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-09-03 10:43:34 -0700
committerjessib <jessib@riseup.net>2013-09-03 10:43:34 -0700
commitf3e17149116f6a3aeb87f8a6d0ecf29e8e33ad93 (patch)
tree2dfae950a25c5db22a456d96016898c5a9add5a6
parentf97777ed0252abe94f8d94cb4565fb5a6c35ab23 (diff)
parent42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 (diff)
Merge pull request #75 from azul/feature/token-expiry
Token expiry
-rw-r--r--config/defaults.yml2
-rw-r--r--users/app/controllers/controller_extension/token_authentication.rb2
-rw-r--r--users/app/models/token.rb30
-rw-r--r--users/test/functional/test_helpers_test.rb2
-rw-r--r--users/test/support/auth_test_helper.rb2
-rw-r--r--users/test/unit/token_test.rb33
6 files changed, 66 insertions, 5 deletions
diff --git a/config/defaults.yml b/config/defaults.yml
index 910fbf8..8d81668 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -16,6 +16,8 @@ cert_options: &cert_options
common: &common
force_ssl: false
pagination_size: 30
+ auth:
+ token_expires_after: 60
development:
<<: *dev_ca
diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb
index 3e2816d..530294a 100644
--- a/users/app/controllers/controller_extension/token_authentication.rb
+++ b/users/app/controllers/controller_extension/token_authentication.rb
@@ -5,7 +5,7 @@ module ControllerExtension::TokenAuthentication
authenticate_with_http_token do |token_id, options|
@token = Token.find(token_id)
end
- @token.user if @token
+ @token.authenticate if @token
end
def logout
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index 3de0059..dd87344 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base
belongs_to :user
+ # timestamps! does not create setters and only sets updated_at
+ # if the object has changed and been saved. Instead of triggering
+ # that we rather use our own property we have control over:
+ property :last_seen_at, Time, accessible: false
+
validates :user_id, presence: true
+ def authenticate
+ if expired?
+ destroy
+ return nil
+ else
+ touch
+ return user
+ end
+ end
+
+ def touch
+ self.last_seen_at = Time.now
+ save
+ end
+
+ def expired?
+ expires_after and
+ last_seen_at + expires_after.minutes < Time.now
+ end
+
+ def expires_after
+ APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+ end
+
def initialize(*args)
super
self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+ self.last_seen_at = Time.now
end
design do
diff --git a/users/test/functional/test_helpers_test.rb b/users/test/functional/test_helpers_test.rb
index 9bd01ad..845e516 100644
--- a/users/test/functional/test_helpers_test.rb
+++ b/users/test/functional/test_helpers_test.rb
@@ -21,7 +21,7 @@ class TestHelpersTest < ActionController::TestCase
def test_login_stubs_token
login
assert @token
- assert_equal @current_user, @token.user
+ assert_equal @current_user, @token.authenticate
end
def test_login_adds_token_header
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index 47147fc..609f115 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -41,7 +41,7 @@ module AuthTestHelper
protected
def header_for_token_auth
- @token = find_record(:token, :user => @current_user)
+ @token = find_record(:token, :authenticate => @current_user)
ActionController::HttpAuthentication::Token.encode_credentials @token.id
end
end
diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb
index bff6b71..f56c576 100644
--- a/users/test/unit/token_test.rb
+++ b/users/test/unit/token_test.rb
@@ -1,19 +1,20 @@
require 'test_helper'
class ClientCertificateTest < ActiveSupport::TestCase
+ include StubRecordHelper
setup do
- @user = FactoryGirl.create(:user)
+ @user = find_record :user
end
teardown do
- @user.destroy
end
test "new token for user" do
sample = Token.new(:user_id => @user.id)
assert sample.valid?
assert_equal @user.id, sample.user_id
+ assert_equal @user, sample.authenticate
end
test "token id is secure" do
@@ -34,4 +35,32 @@ class ClientCertificateTest < ActiveSupport::TestCase
assert !sample.valid?, "Token should require a user record"
end
+ test "token updates timestamps" do
+ sample = Token.new(user_id: @user.id)
+ sample.last_seen_at = 1.minute.ago
+ sample.expects(:save)
+ assert_equal @user, sample.authenticate
+ assert Time.now - sample.last_seen_at < 1.minute, "last_seen_at has not been updated"
+ end
+
+ test "token will not expire if token_expires_after is not set" do
+ sample = Token.new(user_id: @user.id)
+ sample.last_seen_at = 2.years.ago
+ with_config auth: {} do
+ sample.expects(:save)
+ assert_equal @user, sample.authenticate
+ end
+ end
+
+ test "expired token returns nil on authenticate" do
+ sample = Token.new(user_id: @user.id)
+ sample.last_seen_at = 2.hours.ago
+ with_config auth: {token_expires_after: 60} do
+ sample.expects(:destroy)
+ assert_nil sample.authenticate
+ end
+ end
+
+
+
end