Class: QuoVadis::Controller::QuoVadisWrapper

Inherits:
Object
  • Object
show all
Defined in:
lib/quo_vadis/controller.rb

Instance Method Summary collapse

Constructor Details

#initialize(controller) ⇒ QuoVadisWrapper

Returns a new instance of QuoVadisWrapper.



118
119
120
 
# File 'lib/quo_vadis/controller.rb', line 118

def initialize(controller)
  @controller = controller
end

Instance Method Details

#clear_session_idObject 



148
149
150
 
# File 'lib/quo_vadis/controller.rb', line 148

def clear_session_id
  cookies.delete QuoVadis.cookie_name
end

#lifetime_expires_at(browser_session) ⇒ Object 



197
198
199
200
201
202
203
 
# File 'lib/quo_vadis/controller.rb', line 197

def lifetime_expires_at(browser_session)
  return nil if browser_session
  return nil if QuoVadis.session_lifetime == :session

  t = ActiveSupport::Duration.build(QuoVadis.session_lifetime).from_now
  QuoVadis.session_lifetime_extend_to_end_of_day ? t.end_of_day : t
end

#log(account, action, metadata = {}) ⇒ Object 



216
217
218
 
# File 'lib/quo_vadis/controller.rb', line 216

def log(, action, metadata = {})
  Log.create account: , action: action, ip: request.remote_ip, metadata: metadata
end

#logoutObject 



205
206
207
208
209
210
 
# File 'lib/quo_vadis/controller.rb', line 205

def logout
  session&.destroy
  clear_session_id
  prevent_rails_session_fixation
  controller.instance_variable_set :@authenticated_model, nil
end

#logout_other_sessionsObject 



212
213
214
 
# File 'lib/quo_vadis/controller.rb', line 212

def logout_other_sessions
  session.logout_other_sessions
end

#path_after_authenticationObject

Raises:

  • (RuntimeError) 


227
228
229
230
231
232
233
234
235
 
# File 'lib/quo_vadis/controller.rb', line 227

def path_after_authentication
  if (bookmark = rails_session[:qv_bookmark])
    rails_session.delete :qv_bookmark
    return bookmark
  end
  return main_app. if main_app.respond_to?(:after_login_path)
  return main_app.root_path        if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_login_path, root_path; define at least one of them.'
end

#path_after_password_changeObject

Raises:

  • (RuntimeError) 


237
238
239
240
241
 
# File 'lib/quo_vadis/controller.rb', line 237

def path_after_password_change
  return main_app.after_password_change_path if main_app.respond_to?(:after_password_change_path)
  return main_app.root_path                  if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_password_change_path, root_path; define at least one of them.'
end

#path_after_signupObject

Raises:

  • (RuntimeError) 


220
221
222
223
224
225
 
# File 'lib/quo_vadis/controller.rb', line 220

def 
  return main_app. if main_app.respond_to?(:after_signup_path)
  return main_app.  if main_app.respond_to?(:after_login_path)
  return main_app.root_path         if main_app.respond_to?(:root_path)
  raise RuntimeError, 'Missing routes: after_signup_path, after_login_path, root_path; define at least one of them.'
end

#prevent_rails_session_fixationObject 



152
153
154
155
156
 
# File 'lib/quo_vadis/controller.rb', line 152

def prevent_rails_session_fixation
  old_session = rails_session.to_hash
  reset_session
  old_session.each { |k,v| rails_session[k] = v }
end

#replace_sessionObject 



188
189
190
191
192
193
194
195
 
# File 'lib/quo_vadis/controller.rb', line 188

def replace_session
  prevent_rails_session_fixation

  sess = session.replace
  store_session_id sess.id, sess.lifetime_expires_at

  controller.instance_variable_set :@authenticated_model, sess..model
end

#request_confirmation(model) ⇒ Object 



158
159
160
161
162
163
164
165
166
167
168
169
 
# File 'lib/quo_vadis/controller.rb', line 158

def request_confirmation(model)
  rails_session[:account_pending_confirmation] = model..id

  expiration = QuoVadis..from_now.to_i
  rails_session[:account_confirmation_expires_at] = expiration

  otp = model..otp_for_confirmation(expiration)

  QuoVadis.deliver :account_confirmation, {email: model.email, otp: otp}

  controller.flash[:notice] = QuoVadis.translate 'flash.confirmation.sent'
end

#second_factor_authenticated?Boolean

Returns:

  • (Boolean) 


176
177
178
 
# File 'lib/quo_vadis/controller.rb', line 176

def second_factor_authenticated?
  session.second_factor_authenticated?
end

#second_factor_required?Boolean

Assumes user is logged in.

Returns:

  • (Boolean) 


172
173
174
 
# File 'lib/quo_vadis/controller.rb', line 172

def second_factor_required?
  QuoVadis.two_factor_authentication_mandatory || authenticated_model..has_two_factors?
end

#sessionObject

Returns the current QuoVadis session or nil.



123
124
125
126
 
# File 'lib/quo_vadis/controller.rb', line 123

def session
  return nil unless session_id
  QuoVadis::Session.find_by id: session_id
end

#session_authenticated_with_second_factorObject 



184
185
186
 
# File 'lib/quo_vadis/controller.rb', line 184

def session_authenticated_with_second_factor
  session.authenticated_with_second_factor
end

#session_idObject 



128
129
130
 
# File 'lib/quo_vadis/controller.rb', line 128

def session_id
  cookies.encrypted[QuoVadis.cookie_name]
end

#store_session_id(id, expires_at) ⇒ Object

Store the session id in an encrypted cookie.

Given that the cookie is encrypted, it is safe to store the database primary key of the session rather than a random-value candidate key.

expires_at - the end of the QuoVadis session’s lifetime (regardless of the idle timeout)



138
139
140
141
142
143
144
145
146
 
# File 'lib/quo_vadis/controller.rb', line 138

def store_session_id(id, expires_at)
  cookies.encrypted[QuoVadis.cookie_name] = {
    value:     id,
    httponly:  true,
    secure:    Rails.env.production?,
    same_site: :lax,
    expires:   expires_at  # setting expires_at to nil has the same effect as not setting it
  }
end

#touch_session_last_seen_atObject 



180
181
182
 
# File 'lib/quo_vadis/controller.rb', line 180

def touch_session_last_seen_at
  session&.touch :last_seen_at
end