Class: Token

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Token

Defined in:

app/models/token.rb

Overview

Redmine - project management software Copyright © 2006-2022 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Class Attribute Summary

• .actions ⇒ Object readonly

  Returns the value of attribute actions.

Class Method Summary

• .add_action(name, options) ⇒ Object
• .destroy_expired ⇒ Object

  Delete all expired tokens.

• .find_active_user(action, key, validity_days = nil) ⇒ Object

  Returns the active user who owns the key for the given action.

• .find_token(action, key, validity_days = nil) ⇒ Object

  Returns the token for action and key with an optional validity duration (in number of days).

• .find_user(action, key, validity_days = nil) ⇒ Object

  Returns the user who owns the key for the given action.

• .generate_token_value ⇒ Object
• .invalid_when_created_before(action = nil) ⇒ Object

Instance Method Summary

• #expired? ⇒ Boolean

  Return true if token has expired.

• #generate_new_token ⇒ Object
• #max_instances ⇒ Object

Class Attribute Details

.actions ⇒ Object (readonly)

Returns the value of attribute actions.

# File 'app/models/token.rb', line 30

def actions
  @actions
end

Class Method Details

.add_action(name, options) ⇒ Object

# File 'app/models/token.rb', line 32

def add_action(name, options)
  options.assert_valid_keys(:max_instances, :validity_time)
  @actions ||= {}
  @actions[name.to_s] = options
end

.destroy_expired ⇒ Object

Delete all expired tokens

# File 'app/models/token.rb', line 75

def self.destroy_expired
  t = Token.arel_table

  # Unknown actions have default validity_time
  condition = t[:action].not_in(self.actions.keys).and(t[:created_on].lt(invalid_when_created_before))

  self.actions.each do |action, options|
    validity_time = invalid_when_created_before(action)

    # Do not delete tokens, which don't become invalid
    next if validity_time.nil?

    condition = condition.or(
      t[:action].eq(action).and(t[:created_on].lt(validity_time))
    )
  end

  Token.where(condition).delete_all
end

.find_active_user(action, key, validity_days = nil) ⇒ Object

Returns the active user who owns the key for the given action

# File 'app/models/token.rb', line 96

def self.find_active_user(action, key, validity_days=nil)
  user = find_user(action, key, validity_days)
  if user && user.active?
    user
  end
end

.find_token(action, key, validity_days = nil) ⇒ Object

Returns the token for action and key with an optional validity duration (in number of days)

# File 'app/models/token.rb', line 113

def self.find_token(action, key, validity_days=nil)
  action = action.to_s
  key = key.to_s
  return nil unless action.present? && /\A[a-z0-9]+\z/i.match?(key)

  token = Token.find_by(:action => action, :value => key)
  return unless token
  return unless token.action == action
  return unless ActiveSupport::SecurityUtils.secure_compare(token.value.to_s, key)
  return unless token.user
  return unless validity_days.nil? || (token.created_on > validity_days.days.ago)

  token
end

.find_user(action, key, validity_days = nil) ⇒ Object

Returns the user who owns the key for the given action

# File 'app/models/token.rb', line 104

def self.find_user(action, key, validity_days=nil)
  token = find_token(action, key, validity_days)
  if token
    token.user
  end
end

.generate_token_value ⇒ Object

# File 'app/models/token.rb', line 128

def self.generate_token_value
  Redmine::Utils.random_hex(20)
end

.invalid_when_created_before(action = nil) ⇒ Object

# File 'app/models/token.rb', line 61

def self.invalid_when_created_before(action = nil)
  if Token.actions.has_key?(action)
    validity_time = Token.actions[action][:validity_time]
    validity_time = validity_time.call(action) if validity_time.respond_to? :call
  else
    validity_time = self.validity_time
  end

  if validity_time
    Time.now - validity_time
  end
end

Instance Method Details

#expired? ⇒ Boolean

Return true if token has expired

Returns:

• (Boolean)

# File 'app/models/token.rb', line 52

def expired?
  validity_time = self.class.invalid_when_created_before(action)
  validity_time.present? && created_on < validity_time
end

#generate_new_token ⇒ Object

# File 'app/models/token.rb', line 47

def generate_new_token
  self.value = Token.generate_token_value
end

#max_instances ⇒ Object

# File 'app/models/token.rb', line 57

def max_instances
  Token.actions.has_key?(action) ? Token.actions[action][:max_instances] : 1
end