diff options
author | jessib <jessib@riseup.net> | 2013-09-03 10:43:34 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-09-03 10:43:34 -0700 |
commit | f3e17149116f6a3aeb87f8a6d0ecf29e8e33ad93 (patch) | |
tree | 2dfae950a25c5db22a456d96016898c5a9add5a6 /users/app/models/token.rb | |
parent | f97777ed0252abe94f8d94cb4565fb5a6c35ab23 (diff) | |
parent | 42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 (diff) |
Merge pull request #75 from azul/feature/token-expiry
Token expiry
Diffstat (limited to 'users/app/models/token.rb')
-rw-r--r-- | users/app/models/token.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/users/app/models/token.rb b/users/app/models/token.rb index 3de0059..dd87344 100644 --- a/users/app/models/token.rb +++ b/users/app/models/token.rb @@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base belongs_to :user + # timestamps! does not create setters and only sets updated_at + # if the object has changed and been saved. Instead of triggering + # that we rather use our own property we have control over: + property :last_seen_at, Time, accessible: false + validates :user_id, presence: true + def authenticate + if expired? + destroy + return nil + else + touch + return user + end + end + + def touch + self.last_seen_at = Time.now + save + end + + def expired? + expires_after and + last_seen_at + expires_after.minutes < Time.now + end + + def expires_after + APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after] + end + def initialize(*args) super self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') + self.last_seen_at = Time.now end design do |