diff options
author | jessib <jessib@riseup.net> | 2013-09-03 10:43:34 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-09-03 10:43:34 -0700 |
commit | f3e17149116f6a3aeb87f8a6d0ecf29e8e33ad93 (patch) | |
tree | 2dfae950a25c5db22a456d96016898c5a9add5a6 | |
parent | f97777ed0252abe94f8d94cb4565fb5a6c35ab23 (diff) | |
parent | 42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 (diff) |
Merge pull request #75 from azul/feature/token-expiry
Token expiry
-rw-r--r-- | config/defaults.yml | 2 | ||||
-rw-r--r-- | users/app/controllers/controller_extension/token_authentication.rb | 2 | ||||
-rw-r--r-- | users/app/models/token.rb | 30 | ||||
-rw-r--r-- | users/test/functional/test_helpers_test.rb | 2 | ||||
-rw-r--r-- | users/test/support/auth_test_helper.rb | 2 | ||||
-rw-r--r-- | users/test/unit/token_test.rb | 33 |
6 files changed, 66 insertions, 5 deletions
diff --git a/config/defaults.yml b/config/defaults.yml index 910fbf8..8d81668 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -16,6 +16,8 @@ cert_options: &cert_options common: &common force_ssl: false pagination_size: 30 + auth: + token_expires_after: 60 development: <<: *dev_ca diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb index 3e2816d..530294a 100644 --- a/users/app/controllers/controller_extension/token_authentication.rb +++ b/users/app/controllers/controller_extension/token_authentication.rb @@ -5,7 +5,7 @@ module ControllerExtension::TokenAuthentication authenticate_with_http_token do |token_id, options| @token = Token.find(token_id) end - @token.user if @token + @token.authenticate if @token end def logout diff --git a/users/app/models/token.rb b/users/app/models/token.rb index 3de0059..dd87344 100644 --- a/users/app/models/token.rb +++ b/users/app/models/token.rb @@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base belongs_to :user + # timestamps! does not create setters and only sets updated_at + # if the object has changed and been saved. Instead of triggering + # that we rather use our own property we have control over: + property :last_seen_at, Time, accessible: false + validates :user_id, presence: true + def authenticate + if expired? + destroy + return nil + else + touch + return user + end + end + + def touch + self.last_seen_at = Time.now + save + end + + def expired? + expires_after and + last_seen_at + expires_after.minutes < Time.now + end + + def expires_after + APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after] + end + def initialize(*args) super self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') + self.last_seen_at = Time.now end design do diff --git a/users/test/functional/test_helpers_test.rb b/users/test/functional/test_helpers_test.rb index 9bd01ad..845e516 100644 --- a/users/test/functional/test_helpers_test.rb +++ b/users/test/functional/test_helpers_test.rb @@ -21,7 +21,7 @@ class TestHelpersTest < ActionController::TestCase def test_login_stubs_token login assert @token - assert_equal @current_user, @token.user + assert_equal @current_user, @token.authenticate end def test_login_adds_token_header diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb index 47147fc..609f115 100644 --- a/users/test/support/auth_test_helper.rb +++ b/users/test/support/auth_test_helper.rb @@ -41,7 +41,7 @@ module AuthTestHelper protected def header_for_token_auth - @token = find_record(:token, :user => @current_user) + @token = find_record(:token, :authenticate => @current_user) ActionController::HttpAuthentication::Token.encode_credentials @token.id end end diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb index bff6b71..f56c576 100644 --- a/users/test/unit/token_test.rb +++ b/users/test/unit/token_test.rb @@ -1,19 +1,20 @@ require 'test_helper' class ClientCertificateTest < ActiveSupport::TestCase + include StubRecordHelper setup do - @user = FactoryGirl.create(:user) + @user = find_record :user end teardown do - @user.destroy end test "new token for user" do sample = Token.new(:user_id => @user.id) assert sample.valid? assert_equal @user.id, sample.user_id + assert_equal @user, sample.authenticate end test "token id is secure" do @@ -34,4 +35,32 @@ class ClientCertificateTest < ActiveSupport::TestCase assert !sample.valid?, "Token should require a user record" end + test "token updates timestamps" do + sample = Token.new(user_id: @user.id) + sample.last_seen_at = 1.minute.ago + sample.expects(:save) + assert_equal @user, sample.authenticate + assert Time.now - sample.last_seen_at < 1.minute, "last_seen_at has not been updated" + end + + test "token will not expire if token_expires_after is not set" do + sample = Token.new(user_id: @user.id) + sample.last_seen_at = 2.years.ago + with_config auth: {} do + sample.expects(:save) + assert_equal @user, sample.authenticate + end + end + + test "expired token returns nil on authenticate" do + sample = Token.new(user_id: @user.id) + sample.last_seen_at = 2.hours.ago + with_config auth: {token_expires_after: 60} do + sample.expects(:destroy) + assert_nil sample.authenticate + end + end + + + end |