Class: Session

Inherits:

Common::RedisStore

• Object
• Common::RedisStore
• Session

Includes:

SentryLogging

Defined in:

app/models/session.rb

Direct Known Subclasses

IAMSession

Constant Summary

DEFAULT_TOKEN_LENGTH =

40

MAX_SESSION_LIFETIME =

12.hours

Constants inherited from Common::RedisStore

Common::RedisStore::REQ_CLASS_INSTANCE_VARS

Class Method Summary

• .obscure_token(token) ⇒ Object

Instance Method Summary

• #authenticated_by_ssoe ⇒ Object
• #expire(ttl) ⇒ Object
• #secure_random_token(length = DEFAULT_TOKEN_LENGTH) ⇒ Object private
• #setup_defaults ⇒ Object private
• #ttl_in_time ⇒ Object
• #within_maximum_ttl ⇒ Object private

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger, #set_sentry_metadata

Methods inherited from Common::RedisStore

create, delete, #destroy, #destroyed?, exists?, find, find_or_build, #initialize, #initialize_dup, keys, #persisted?, pop, redis_key, redis_store, redis_ttl, #save, #save!, #ttl, #update, #update!

Constructor Details

This class inherits a constructor from Common::RedisStore

Class Method Details

.obscure_token(token) ⇒ Object

# File 'app/models/session.rb', line 32

def self.obscure_token(token)
  Digest::SHA256.hexdigest(token)[0..20]
end

Instance Method Details

#authenticated_by_ssoe ⇒ Object

# File 'app/models/session.rb', line 46

def authenticated_by_ssoe
  @ssoe_transactionid.present?
end

#expire(ttl) ⇒ Object

# File 'app/models/session.rb', line 36

def expire(ttl)
  return false if invalid?

  super(ttl)
end

#secure_random_token(length = DEFAULT_TOKEN_LENGTH) ⇒ Object (private)

# File 'app/models/session.rb', line 52

def secure_random_token(length = DEFAULT_TOKEN_LENGTH)
  loop do
    # copied from: https://github.com/plataformatec/devise/blob/master/lib/devise.rb#L475-L482
    rlength = (length * 3) / 4
    random_token = SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz')
    break random_token unless self.class.exists?(random_token) == 1
  end
end

#setup_defaults ⇒ Object (private)

# File 'app/models/session.rb', line 61

def setup_defaults
  @token ||= secure_random_token
  @created_at ||= Time.now.utc
end

#ttl_in_time ⇒ Object

# File 'app/models/session.rb', line 42

def ttl_in_time
  Time.current.utc + ttl
end

#within_maximum_ttl ⇒ Object (private)

# File 'app/models/session.rb', line 66

def within_maximum_ttl
  time_remaining = (@created_at + MAX_SESSION_LIFETIME - Time.now.utc).round
  if time_remaining.negative?
    log_message_to_sentry(
      'Maximum Session Duration Reached', :info, {}, session_token: self.class.obscure_token(@token)
    )
    errors.add(:created_at, "is more than the max of [#{MAX_SESSION_LIFETIME}] seconds. Session is too old")
  end
end