diff options
author | Azul <azul@leap.se> | 2013-08-28 11:13:38 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2013-09-03 08:36:17 +0200 |
commit | 42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 (patch) | |
tree | 712cb953ec449c48d8589be0c3a74ab54592556d /users/app/models | |
parent | 2875af7cf9fe22c40a3ea7c1cc34eb563a4f3eed (diff) |
expire token according to config setting auth:token_expires_after
Diffstat (limited to 'users/app/models')
-rw-r--r-- | users/app/models/token.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/users/app/models/token.rb b/users/app/models/token.rb index 3de0059..dd87344 100644 --- a/users/app/models/token.rb +++ b/users/app/models/token.rb @@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base belongs_to :user + # timestamps! does not create setters and only sets updated_at + # if the object has changed and been saved. Instead of triggering + # that we rather use our own property we have control over: + property :last_seen_at, Time, accessible: false + validates :user_id, presence: true + def authenticate + if expired? + destroy + return nil + else + touch + return user + end + end + + def touch + self.last_seen_at = Time.now + save + end + + def expired? + expires_after and + last_seen_at + expires_after.minutes < Time.now + end + + def expires_after + APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after] + end + def initialize(*args) super self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') + self.last_seen_at = Time.now end design do |