Module: PandaPal::Helpers::SessionReplacement
- Extended by:
- ActiveSupport::Concern
- Included in:
- ControllerHelper
- Defined in:
- lib/panda_pal/helpers/session_replacement.rb
Instance Method Summary collapse
- #current_session(create_missing: true) ⇒ Object
- #current_session_data ⇒ Object deprecated Deprecated.
- #forbid_access_if_lacking_session ⇒ Object
- #link_nonce(type: link_nonce_type) ⇒ Object
- #link_nonce_type ⇒ Object
- #link_with_session_to(*args, **kwargs) ⇒ Object
-
#redirect_with_session_to(*args, **kwargs) ⇒ Object
Redirect with the session key intact.
- #save_session ⇒ Object
- #session_changed? ⇒ Boolean
- #session_expiration_period_minutes ⇒ Object
- #session_url_for(*args, **kwargs) ⇒ Object
- #url_with_session(location, *args, route_context: self, **kwargs) ⇒ Object
- #verify_authenticity_token ⇒ Object
Instance Method Details
#current_session(create_missing: true) ⇒ Object
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 36 def current_session(create_missing: true) return @current_session if @current_session.present? if params[:session_token] payload = JSON.parse(session_cryptor.decrypt_and_verify(params[:session_token])).with_indifferent_access matched_session = find_or_create_session(key: payload[:session_key]) if matched_session.present? if payload[:token_type] == 'nonce' && matched_session.data[:link_nonce] == payload[:nonce] @current_session = matched_session @current_session.data[:link_nonce] = nil elsif payload[:token_type] == 'fixed_ip' && matched_session.data[:remote_ip] == request.remote_ip && DateTime.parse(matched_session.data[:last_ip_token_requested]) > session_expiration_period_minutes.minutes.ago @current_session = matched_session elsif payload[:token_type] == 'expiring' && DateTime.parse(matched_session.data[:last_token_requested]) > session_expiration_period_minutes.minutes.ago @current_session = matched_session end end raise SessionNonceMismatch, "Session Not Found" unless @current_session.present? elsif (session_key = params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]).present? @current_session = find_or_create_session(key: session_key) end @current_session ||= find_or_create_session(key: :create) if create_missing @current_session end |
#current_session_data ⇒ Object
Deprecated.
64 65 66 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 64 def current_session_data current_session.data end |
#forbid_access_if_lacking_session ⇒ Object
72 73 74 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 72 def forbid_access_if_lacking_session render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session? end |
#link_nonce(type: link_nonce_type) ⇒ Object
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 105 def link_nonce(type: link_nonce_type) type = instance_exec(&type) if type.is_a?(Proc) type = type.to_s @cached_link_nonces ||= {} @cached_link_nonces[type] ||= begin payload = { token_type: type, session_key: current_session.session_key, organization_id: current_organization.id, } if type == 'nonce' current_session_data[:link_nonce] = SecureRandom.hex payload.merge!(nonce: current_session_data[:link_nonce]) elsif type == 'fixed_ip' current_session_data[:remote_ip] ||= request.remote_ip current_session_data[:last_ip_token_requested] = DateTime.now.iso8601 elsif type == 'expiring' current_session_data[:last_token_requested] = DateTime.now.iso8601 else raise StandardError, "Unsupported link_nonce_type: '#{type}'" end session_cryptor.encrypt_and_sign(payload.to_json) end end |
#link_nonce_type ⇒ Object
133 134 135 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 133 def link_nonce_type self.class.link_nonce_type end |
#link_with_session_to(*args, **kwargs) ⇒ Object
93 94 95 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 93 def link_with_session_to(*args, **kwargs) helpers.link_to url_with_session(*args, **kwargs) end |
#redirect_with_session_to(*args, **kwargs) ⇒ Object
Redirect with the session key intact. In production, handle this by adding a one-time use encrypted token to the URL. Keeping it in the URL in development means that it plays nicely with webpack-dev-server live reloading (otherwise you get an access error everytime it tries to live reload).
89 90 91 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 89 def redirect_with_session_to(*args, **kwargs) redirect_to url_with_session(*args, **kwargs) end |
#save_session ⇒ Object
32 33 34 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 32 def save_session current_session.try(:save) end |
#session_changed? ⇒ Boolean
68 69 70 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 68 def session_changed? current_session.changed? && current_session.changes[:data].present? end |
#session_expiration_period_minutes ⇒ Object
137 138 139 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 137 def session_expiration_period_minutes 15 end |
#session_url_for(*args, **kwargs) ⇒ Object
97 98 99 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 97 def session_url_for(*args, **kwargs) url_for(build_session_url_params(*args, **kwargs)) end |
#url_with_session(location, *args, route_context: self, **kwargs) ⇒ Object
101 102 103 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 101 def url_with_session(location, *args, route_context: self, **kwargs) route_context.send(location, *build_session_url_params(*args, **kwargs)) end |
#verify_authenticity_token ⇒ Object
76 77 78 79 80 81 |
# File 'lib/panda_pal/helpers/session_replacement.rb', line 76 def verify_authenticity_token # No need to check CSRF when no cookies were sent. This fixes CSRF failures in Browsers # that restrict Cookie setting within an IFrame. return unless request..keys.length > 0 super end |