From 42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 28 Aug 2013 11:13:38 +0200 Subject: expire token according to config setting auth:token_expires_after --- users/app/models/token.rb | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'users/app/models') diff --git a/users/app/models/token.rb b/users/app/models/token.rb index 3de0059..dd87344 100644 --- a/users/app/models/token.rb +++ b/users/app/models/token.rb @@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base belongs_to :user + # timestamps! does not create setters and only sets updated_at + # if the object has changed and been saved. Instead of triggering + # that we rather use our own property we have control over: + property :last_seen_at, Time, accessible: false + validates :user_id, presence: true + def authenticate + if expired? + destroy + return nil + else + touch + return user + end + end + + def touch + self.last_seen_at = Time.now + save + end + + def expired? + expires_after and + last_seen_at + expires_after.minutes < Time.now + end + + def expires_after + APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after] + end + def initialize(*args) super self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') + self.last_seen_at = Time.now end design do -- cgit v1.2.3