Class: Token

Inherits:
ApplicationRecord show all
Defined in:
app/models/token.rb

Overview

Redmine - project management software Copyright © 2006- Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from ApplicationRecord

human_attribute_name

Class Attribute Details

.actionsObject (readonly)

Returns the value of attribute actions.



30
31
32
# File 'app/models/token.rb', line 30

def actions
  @actions
end

Class Method Details

.add_action(name, options) ⇒ Object



32
33
34
35
36
# File 'app/models/token.rb', line 32

def add_action(name, options)
  options.assert_valid_keys(:max_instances, :validity_time)
  @actions ||= {}
  @actions[name.to_s] = options
end

.destroy_expiredObject

Delete all expired tokens



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'app/models/token.rb', line 75

def self.destroy_expired
  t = Token.arel_table

  # Unknown actions have default validity_time
  condition = t[:action].not_in(self.actions.keys).and(t[:created_on].lt(invalid_when_created_before))

  self.actions.each_key do |action|
    validity_time = invalid_when_created_before(action)

    # Do not delete tokens, which don't become invalid
    next if validity_time.nil?

    condition = condition.or(
      t[:action].eq(action).and(t[:created_on].lt(validity_time))
    )
  end

  Token.where(condition).delete_all
end

.find_active_user(action, key, validity_days = nil) ⇒ Object

Returns the active user who owns the key for the given action



96
97
98
99
100
101
# File 'app/models/token.rb', line 96

def self.find_active_user(action, key, validity_days=nil)
  user = find_user(action, key, validity_days)
  if user && user.active?
    user
  end
end

.find_token(action, key, validity_days = nil) ⇒ Object

Returns the token for action and key with an optional validity duration (in number of days)



113
114
115
116
117
118
119
120
121
122
123
124
125
126
# File 'app/models/token.rb', line 113

def self.find_token(action, key, validity_days=nil)
  action = action.to_s
  key = key.to_s
  return nil unless action.present? && /\A[a-z0-9]+\z/i.match?(key)

  token = Token.find_by(:action => action, :value => key)
  return unless token
  return unless token.action == action
  return unless ActiveSupport::SecurityUtils.secure_compare(token.value.to_s, key)
  return unless token.user
  return unless validity_days.nil? || (token.created_on > validity_days.days.ago)

  token
end

.find_user(action, key, validity_days = nil) ⇒ Object

Returns the user who owns the key for the given action



104
105
106
107
108
109
# File 'app/models/token.rb', line 104

def self.find_user(action, key, validity_days=nil)
  token = find_token(action, key, validity_days)
  if token
    token.user
  end
end

.generate_token_valueObject



128
129
130
# File 'app/models/token.rb', line 128

def self.generate_token_value
  Redmine::Utils.random_hex(20)
end

.invalid_when_created_before(action = nil) ⇒ Object



61
62
63
64
65
66
67
68
69
70
71
72
# File 'app/models/token.rb', line 61

def self.invalid_when_created_before(action = nil)
  if Token.actions.has_key?(action)
    validity_time = Token.actions[action][:validity_time]
    validity_time = validity_time.call(action) if validity_time.respond_to? :call
  else
    validity_time = self.validity_time
  end

  if validity_time
    Time.now - validity_time
  end
end

Instance Method Details

#expired?Boolean

Return true if token has expired

Returns:

  • (Boolean)


52
53
54
55
# File 'app/models/token.rb', line 52

def expired?
  validity_time = self.class.invalid_when_created_before(action)
  validity_time.present? && created_on < validity_time
end

#generate_new_tokenObject



47
48
49
# File 'app/models/token.rb', line 47

def generate_new_token
  self.value = Token.generate_token_value
end

#max_instancesObject



57
58
59
# File 'app/models/token.rb', line 57

def max_instances
  Token.actions.has_key?(action) ? Token.actions[action][:max_instances] : 1
end