Brevio Session

This gem is a thin wrapper around the Brevio HTTP session, which is created by the Brevio ID service, and stored in Redis. The HTTP session is shared by all customer-facing Brevio services, enabling single sign-on.

The session is shared by storing the encrypted Redis key in an agreed-upon cookie (BREVIO_ID_COOKIE). The passphrase used for the encryption is also agreed-upon between services (BREVIO_ID_SECRET_KEY).

The gem provides three utility functions, used in the application controllers:

• fetch_brevio_session: Loads the Brevio session from Redis and returns a HashWithIndifferentAccess wrapper around it.
• fetch_brevio_session!: Same as above, but raises an error if the session isn't present.
• brevio_logged_in?: Returns a boolean flag indicating whether there exists a current Brevio session.

Installation

# Gemfile
gem 'brevio-session'

# config/initializers/brevio_session.rb
Brevio::Session::Config.configure do |config|
  config.debug          = ENV.fetch('BREVIO_SESSION_DEBUG', false) # Logs additional information for session retrieval
  config.production     = Rails.env.production?
  config.redis          = Brevio::Redis::Client.new(ENV.fetch('BREVIO_ID_REDIS_URL'))
  config.secret_key     = ENV.fetch('BREVIO_ID_SECRET_KEY')
  config.session_cookie = ENV.fetch('BREVIO_ID_COOKIE')
  config.session_expire = Integer(ENV.fetch('BREVIO_ID_EXPIRE')).minutes
end

Usage

To gain access to the utility functions mentioned above, you need to include the Brevio::Session module in any Rails controller. The module is a Rails Concern which ensures it is being included in the correct context.

class ApiController
  include Brevio::Session

  def action
    brevio_session = fetch_brevio_session
    puts brevio_session
    # => { user_id: 1, audit_company_id: 1, user_stamp: '2022-01-0107:39:58.281894000' }
  end
end

The session itself contains the following information (subject to change in Brevio ID):

• user_id: The primary key for the user in the Brevio ID database.
• audit_company_id: The primary key for the audit company in the Brevio ID database.
• user_stamp: Timestamp indicating when the user was last updated in Brevio ID.

Testing

Since we want to test features with logged-in users, we need to be able to emulate a shared Brevio session.

First off, we need to mock the Redis session, which is done by calling the Brevio::Session::Testing.setup! function.

Brevio::Session::Testing.setup!(logger: Rails.logger)
# => '--- 👨‍🔬 Setting up Brevio Session gem for testing 👨‍🔬 ---'

We can then simulate a logged-in user by calling the Brevio::Session::Testing.brevio_login function.

class TestCase < ActionDispatch::IntegrationTest
  include Brevio::Session::Testing

  let(:user) { create(:user) }

  test 'is logged in' do
    brevio_login(user)
    get(dashboard_path(user))
    assert_response(:ok)
  end
end

License

The gem is available as open source under the terms of the MIT License.