From 2875af7cf9fe22c40a3ea7c1cc34eb563a4f3eed Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 28 Aug 2013 09:13:57 +0200
Subject: use Token#authenticate for authentication

This will return the user. But we can add timestamp validations and updates here.
---
 users/app/controllers/controller_extension/token_authentication.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users/app')

diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb
index 3e2816d..530294a 100644
--- a/users/app/controllers/controller_extension/token_authentication.rb
+++ b/users/app/controllers/controller_extension/token_authentication.rb
@@ -5,7 +5,7 @@ module ControllerExtension::TokenAuthentication
     authenticate_with_http_token do |token_id, options|
       @token = Token.find(token_id)
     end
-    @token.user if @token
+    @token.authenticate if @token
   end
 
   def logout
-- 
cgit v1.2.3


From 42cef3117cd97d9c37968a8cf63d33b27b4b8ed2 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 28 Aug 2013 11:13:38 +0200
Subject: expire token according to config setting auth:token_expires_after

---
 users/app/models/token.rb | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'users/app')

diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index 3de0059..dd87344 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -4,11 +4,41 @@ class Token < CouchRest::Model::Base
 
   belongs_to :user
 
+  # timestamps! does not create setters and only sets updated_at
+  # if the object has changed and been saved. Instead of triggering
+  # that we rather use our own property we have control over:
+  property :last_seen_at, Time, accessible: false
+
   validates :user_id, presence: true
 
+  def authenticate
+    if expired?
+      destroy
+      return nil
+    else
+      touch
+      return user
+    end
+  end
+
+  def touch
+    self.last_seen_at = Time.now
+    save
+  end
+
+  def expired?
+    expires_after and
+    last_seen_at + expires_after.minutes < Time.now
+  end
+
+  def expires_after
+    APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+  end
+
   def initialize(*args)
     super
     self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+    self.last_seen_at = Time.now
   end
 
   design do
-- 
cgit v1.2.3