From e2c0962077cf759b23639276cca42606ea2135ec Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 7 Nov 2013 23:27:27 +0100
Subject: Token.destroy_all_expired to cleanup expired tokens (#4411)

---
 users/app/models/token.rb | 35 ++++++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 11 deletions(-)

(limited to 'users/app')

diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index dd87344..bf9b0d0 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -11,6 +11,24 @@ class Token < CouchRest::Model::Base
 
   validates :user_id, presence: true
 
+  design do
+    view :by_last_seen_at
+  end
+
+  def self.expires_after
+    APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+  end
+
+  def self.expired
+    self.by_last_seen_at.endkey(expires_after.minutes.ago)
+  end
+
+  def self.destroy_all_expired
+    self.expired.each do |token|
+      token.destroy
+    end
+  end
+
   def authenticate
     if expired?
       destroy
@@ -27,21 +45,16 @@ class Token < CouchRest::Model::Base
   end
 
   def expired?
-    expires_after and
-    last_seen_at + expires_after.minutes < Time.now
-  end
-
-  def expires_after
-    APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+    Token.expires_after and
+    last_seen_at < Token.expires_after.minutes.ago
   end
 
   def initialize(*args)
     super
-    self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
-    self.last_seen_at = Time.now
-  end
-
-  design do
+    if new_record?
+      self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+      self.last_seen_at = Time.now
+    end
   end
 end
 
-- 
cgit v1.2.3


From a7cd2ef0877e79302f27fb175384a0cf4ded52d9 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 7 Nov 2013 23:36:37 +0100
Subject: fix cornercase of non expiring tokens

---
 users/app/models/token.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'users/app')

diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index bf9b0d0..001eb40 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -20,7 +20,8 @@ class Token < CouchRest::Model::Base
   end
 
   def self.expired
-    self.by_last_seen_at.endkey(expires_after.minutes.ago)
+    return [] unless expires_after
+    by_last_seen_at.endkey(expires_after.minutes.ago)
   end
 
   def self.destroy_all_expired
-- 
cgit v1.2.3