summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-08-28 11:13:38 +0200
committerAzul <azul@leap.se>2013-09-03 08:36:17 +0200
commit42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 (patch)
tree712cb953ec449c48d8589be0c3a74ab54592556d
parent2875af7cf9fe22c40a3ea7c1cc34eb563a4f3eed (diff)
expire token according to config setting auth:token_expires_after
-rw-r--r--config/defaults.yml2
-rw-r--r--users/app/models/token.rb30
-rw-r--r--users/test/functional/test_helpers_test.rb2
-rw-r--r--users/test/unit/token_test.rb33
4 files changed, 64 insertions, 3 deletions
diff --git a/config/defaults.yml b/config/defaults.yml
index 910fbf8..8d81668 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -16,6 +16,8 @@ cert_options: &cert_options
common: &common
force_ssl: false
pagination_size: 30
+ auth:
+ token_expires_after: 60
development:
<<: *dev_ca
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index 3de0059..dd87344 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base
belongs_to :user
+ # timestamps! does not create setters and only sets updated_at
+ # if the object has changed and been saved. Instead of triggering
+ # that we rather use our own property we have control over:
+ property :last_seen_at, Time, accessible: false
+
validates :user_id, presence: true
+ def authenticate
+ if expired?
+ destroy
+ return nil
+ else
+ touch
+ return user
+ end
+ end
+
+ def touch
+ self.last_seen_at = Time.now
+ save
+ end
+
+ def expired?
+ expires_after and
+ last_seen_at + expires_after.minutes < Time.now
+ end
+
+ def expires_after
+ APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+ end
+
def initialize(*args)
super
self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+ self.last_seen_at = Time.now
end
design do
diff --git a/users/test/functional/test_helpers_test.rb b/users/test/functional/test_helpers_test.rb
index 9bd01ad..845e516 100644
--- a/users/test/functional/test_helpers_test.rb
+++ b/users/test/functional/test_helpers_test.rb
@@ -21,7 +21,7 @@ class TestHelpersTest < ActionController::TestCase
def test_login_stubs_token
login
assert @token
- assert_equal @current_user, @token.user
+ assert_equal @current_user, @token.authenticate
end
def test_login_adds_token_header
diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb
index bff6b71..f56c576 100644
--- a/users/test/unit/token_test.rb
+++ b/users/test/unit/token_test.rb
@@ -1,19 +1,20 @@
require 'test_helper'
class ClientCertificateTest < ActiveSupport::TestCase
+ include StubRecordHelper
setup do
- @user = FactoryGirl.create(:user)
+ @user = find_record :user
end
teardown do
- @user.destroy
end
test "new token for user" do
sample = Token.new(:user_id => @user.id)
assert sample.valid?
assert_equal @user.id, sample.user_id
+ assert_equal @user, sample.authenticate
end
test "token id is secure" do
@@ -34,4 +35,32 @@ class ClientCertificateTest < ActiveSupport::TestCase
assert !sample.valid?, "Token should require a user record"
end
+ test "token updates timestamps" do
+ sample = Token.new(user_id: @user.id)
+ sample.last_seen_at = 1.minute.ago
+ sample.expects(:save)
+ assert_equal @user, sample.authenticate
+ assert Time.now - sample.last_seen_at < 1.minute, "last_seen_at has not been updated"
+ end
+
+ test "token will not expire if token_expires_after is not set" do
+ sample = Token.new(user_id: @user.id)
+ sample.last_seen_at = 2.years.ago
+ with_config auth: {} do
+ sample.expects(:save)
+ assert_equal @user, sample.authenticate
+ end
+ end
+
+ test "expired token returns nil on authenticate" do
+ sample = Token.new(user_id: @user.id)
+ sample.last_seen_at = 2.hours.ago
+ with_config auth: {token_expires_after: 60} do
+ sample.expects(:destroy)
+ assert_nil sample.authenticate
+ end
+ end
+
+
+
end