summaryrefslogtreecommitdiff
path: root/users/app
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-08-28 11:13:38 +0200
committerAzul <azul@leap.se>2013-09-03 08:36:17 +0200
commit42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 (patch)
tree712cb953ec449c48d8589be0c3a74ab54592556d /users/app
parent2875af7cf9fe22c40a3ea7c1cc34eb563a4f3eed (diff)
expire token according to config setting auth:token_expires_after
Diffstat (limited to 'users/app')
-rw-r--r--users/app/models/token.rb30
1 files changed, 30 insertions, 0 deletions
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index 3de0059..dd87344 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base
belongs_to :user
+ # timestamps! does not create setters and only sets updated_at
+ # if the object has changed and been saved. Instead of triggering
+ # that we rather use our own property we have control over:
+ property :last_seen_at, Time, accessible: false
+
validates :user_id, presence: true
+ def authenticate
+ if expired?
+ destroy
+ return nil
+ else
+ touch
+ return user
+ end
+ end
+
+ def touch
+ self.last_seen_at = Time.now
+ save
+ end
+
+ def expired?
+ expires_after and
+ last_seen_at + expires_after.minutes < Time.now
+ end
+
+ def expires_after
+ APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+ end
+
def initialize(*args)
super
self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+ self.last_seen_at = Time.now
end
design do