Browse code
Setup token sessions
Cinan Rakosnik authored on 05/02/2013 at 23:11:12Showing 18 changed files
- .generators
- .rakeTasks
- Gemfile
- Gemfile.lock
- app/assets/javascripts/sessions.js.coffee
- app/controllers/application_controller.rb
- app/controllers/sessions_controller.rb
- app/helpers/sessions_helper.rb
- app/models/token.rb
- app/views/layouts/application.html.haml
- app/views/sessions/new.html.haml
- config/initializers/session_settings.rb
- config/routes.rb
- test/fixtures/tokens.yml
- test/functional/sessions_controller_test.rb
- test/test_helper.rb
- test/unit/helpers/sessions_helper_test.rb
- test/unit/token_test.rb
| 1 | 1 |
old mode 100755 |
| 2 | 2 |
new mode 100644 |
| ... | ... |
@@ -5,4 +5,4 @@ You are allowed to: |
| 5 | 5 |
2. Remove generators |
| 6 | 6 |
3. Add installed generators |
| 7 | 7 |
To add new installed generators automatically delete this file and reload the project. |
| 8 |
+--><GeneratorsGroup><Generator name="active_record:migration" /><Generator name="active_record:model" /><Generator name="active_record:observer" /><Generator name="active_record:session_migration" /><Generator name="assets" /><Generator name="coffee:assets" /><Generator name="controller" /><Generator name="erb:controller" /><Generator name="erb:mailer" /><Generator name="erb:scaffold" /><Generator name="generator" /><Generator name="helper" /><Generator name="integration_test" /><Generator name="jquery:install" /><Generator name="js:assets" /><Generator name="mailer" /><Generator name="migration" /><Generator name="model" /><Generator name="mongoid:config" /><Generator name="observer" /><Generator name="performance_test" /><Generator name="resource" /><Generator name="scaffold" /><Generator name="scaffold_controller" /><Generator name="session_migration" /><Generator name="task" /></GeneratorsGroup></Settings> |
| ... | ... |
@@ -22,13 +22,18 @@ group :assets do |
| 22 | 22 |
end |
| 23 | 23 |
|
| 24 | 24 |
group :development, :test do |
| 25 |
- gem 'rspec-rails' |
|
| 26 |
- gem 'spork' |
|
| 27 | 25 |
end |
| 28 | 26 |
|
| 29 | 27 |
group :development do |
| 30 | 28 |
end |
| 31 | 29 |
|
| 30 |
+group :test do |
|
| 31 |
+ gem "minitest" |
|
| 32 |
+ gem 'minitest-reporters', '>= 0.5.0' |
|
| 33 |
+ gem 'test-unit' |
|
| 34 |
+ gem 'timecop' |
|
| 35 |
+end |
|
| 36 |
+ |
|
| 32 | 37 |
gem 'jquery-rails' |
| 33 | 38 |
gem "haml", "~> 3.1.7" |
| 34 | 39 |
gem "haml-rails", "~> 0.3.5" |
| ... | ... |
@@ -28,6 +28,7 @@ GEM |
| 28 | 28 |
activesupport (3.2.11) |
| 29 | 29 |
i18n (~> 0.6) |
| 30 | 30 |
multi_json (~> 1.0) |
| 31 |
+ ansi (1.4.3) |
|
| 31 | 32 |
arel (3.0.2) |
| 32 | 33 |
builder (3.0.4) |
| 33 | 34 |
capistrano (2.14.1) |
| ... | ... |
@@ -48,7 +49,6 @@ GEM |
| 48 | 48 |
chunky_png (~> 1.2) |
| 49 | 49 |
fssm (>= 0.2.7) |
| 50 | 50 |
sass (~> 3.1) |
| 51 |
- diff-lcs (1.1.3) |
|
| 52 | 51 |
erubis (2.7.0) |
| 53 | 52 |
execjs (1.4.0) |
| 54 | 53 |
multi_json (~> 1.0) |
| ... | ... |
@@ -59,6 +59,7 @@ GEM |
| 59 | 59 |
activesupport (>= 3.1, < 4.1) |
| 60 | 60 |
haml (~> 3.1) |
| 61 | 61 |
railties (>= 3.1, < 4.1) |
| 62 |
+ hashie (1.2.0) |
|
| 62 | 63 |
highline (1.6.15) |
| 63 | 64 |
hike (1.2.1) |
| 64 | 65 |
i18n (0.6.1) |
| ... | ... |
@@ -72,6 +73,12 @@ GEM |
| 72 | 72 |
mime-types (~> 1.16) |
| 73 | 73 |
treetop (~> 1.4.8) |
| 74 | 74 |
mime-types (1.20.1) |
| 75 |
+ minitest (4.5.0) |
|
| 76 |
+ minitest-reporters (0.14.7) |
|
| 77 |
+ ansi |
|
| 78 |
+ builder |
|
| 79 |
+ minitest (>= 2.12, < 5.0) |
|
| 80 |
+ powerbar |
|
| 75 | 81 |
mongoid (3.0.21) |
| 76 | 82 |
activemodel (~> 3.1) |
| 77 | 83 |
moped (~> 1.2) |
| ... | ... |
@@ -88,6 +95,9 @@ GEM |
| 88 | 88 |
net-ssh (>= 1.99.1) |
| 89 | 89 |
origin (1.0.11) |
| 90 | 90 |
polyglot (0.3.3) |
| 91 |
+ powerbar (1.0.11) |
|
| 92 |
+ ansi (~> 1.4.0) |
|
| 93 |
+ hashie (>= 1.1.0) |
|
| 91 | 94 |
rack (1.4.4) |
| 92 | 95 |
rack-cache (1.2) |
| 93 | 96 |
rack (>= 0.4) |
| ... | ... |
@@ -113,30 +123,20 @@ GEM |
| 113 | 113 |
rake (10.0.3) |
| 114 | 114 |
rdoc (3.12) |
| 115 | 115 |
json (~> 1.4) |
| 116 |
- rspec-core (2.12.2) |
|
| 117 |
- rspec-expectations (2.12.1) |
|
| 118 |
- diff-lcs (~> 1.1.3) |
|
| 119 |
- rspec-mocks (2.12.2) |
|
| 120 |
- rspec-rails (2.12.2) |
|
| 121 |
- actionpack (>= 3.0) |
|
| 122 |
- activesupport (>= 3.0) |
|
| 123 |
- railties (>= 3.0) |
|
| 124 |
- rspec-core (~> 2.12.0) |
|
| 125 |
- rspec-expectations (~> 2.12.0) |
|
| 126 |
- rspec-mocks (~> 2.12.0) |
|
| 127 | 116 |
sass (3.2.5) |
| 128 | 117 |
sass-rails (3.2.6) |
| 129 | 118 |
railties (~> 3.2.0) |
| 130 | 119 |
sass (>= 3.1.10) |
| 131 | 120 |
tilt (~> 1.3) |
| 132 |
- spork (0.9.2) |
|
| 133 | 121 |
sprockets (2.2.2) |
| 134 | 122 |
hike (~> 1.2) |
| 135 | 123 |
multi_json (~> 1.0) |
| 136 | 124 |
rack (~> 1.0) |
| 137 | 125 |
tilt (~> 1.1, != 1.3.0) |
| 126 |
+ test-unit (2.5.4) |
|
| 138 | 127 |
thor (0.17.0) |
| 139 | 128 |
tilt (1.3.3) |
| 129 |
+ timecop (0.5.9.1) |
|
| 140 | 130 |
treetop (1.4.12) |
| 141 | 131 |
polyglot |
| 142 | 132 |
polyglot (>= 0.3.1) |
| ... | ... |
@@ -156,10 +156,12 @@ DEPENDENCIES |
| 156 | 156 |
haml (~> 3.1.7) |
| 157 | 157 |
haml-rails (~> 0.3.5) |
| 158 | 158 |
jquery-rails |
| 159 |
+ minitest |
|
| 160 |
+ minitest-reporters (>= 0.5.0) |
|
| 159 | 161 |
mongoid (~> 3.0.20) |
| 160 | 162 |
rails (= 3.2.11) |
| 161 |
- rspec-rails |
|
| 162 | 163 |
sass-rails (~> 3.2.3) |
| 163 |
- spork |
|
| 164 |
+ test-unit |
|
| 165 |
+ timecop |
|
| 164 | 166 |
uglifier (>= 1.0.3) |
| 165 | 167 |
xmpp4r (~> 0.5) |
| ... | ... |
@@ -1,3 +1,34 @@ |
| 1 | 1 |
class ApplicationController < ActionController::Base |
| 2 |
- protect_from_forgery |
|
| 2 |
+ #protect_from_forgery |
|
| 3 |
+ |
|
| 4 |
+ before_filter :require_login |
|
| 5 |
+ |
|
| 6 |
+ def require_login |
|
| 7 |
+ #if controller_name == 'sessions' && action_name == 'new' |
|
| 8 |
+ # true |
|
| 9 |
+ #end |
|
| 10 |
+ |
|
| 11 |
+ if authenticated? |
|
| 12 |
+ create_new_authentification() |
|
| 13 |
+ else |
|
| 14 |
+ #create_new_authentification() |
|
| 15 |
+ #Redirect to login page |
|
| 16 |
+ end |
|
| 17 |
+ end |
|
| 18 |
+ |
|
| 19 |
+ protected |
|
| 20 |
+ |
|
| 21 |
+ def authenticated? |
|
| 22 |
+ !! Token.authenticate(session) |
|
| 23 |
+ end |
|
| 24 |
+ |
|
| 25 |
+ def create_new_authentification |
|
| 26 |
+ Token.remove_old_session(session[:token]) |
|
| 27 |
+ |
|
| 28 |
+ session[:token] = Token.generate_token() |
|
| 29 |
+ session[:created_at] = Time.now |
|
| 30 |
+ session[:ip] = request.remote_ip |
|
| 31 |
+ |
|
| 32 |
+ Token.save_session(session) |
|
| 33 |
+ end |
|
| 3 | 34 |
end |
| 0 | 2 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,49 @@ |
| 0 |
+require 'ipaddr' |
|
| 1 |
+ |
|
| 2 |
+class Token |
|
| 3 |
+ include Mongoid::Document |
|
| 4 |
+ include Mongoid::Timestamps::Created |
|
| 5 |
+ |
|
| 6 |
+ index({ token: 1 })
|
|
| 7 |
+ |
|
| 8 |
+ field :token, type: String |
|
| 9 |
+ field :date_expiring, type: DateTime |
|
| 10 |
+ field :ip, type: Integer |
|
| 11 |
+ |
|
| 12 |
+ def self.authenticate(session) |
|
| 13 |
+ if session[:created_at] == nil |
|
| 14 |
+ return false |
|
| 15 |
+ end |
|
| 16 |
+ |
|
| 17 |
+ matched_token = self.where(:token => session[:token], |
|
| 18 |
+ :ip => IPAddr.new(session[:ip]).to_i, |
|
| 19 |
+ :date_expiring.lte => session[:created_at] + Rails.application.config.max_lifetime, |
|
| 20 |
+ :created_at => session[:created_at] |
|
| 21 |
+ ).limit(1).first |
|
| 22 |
+ |
|
| 23 |
+ matched_token |
|
| 24 |
+ end |
|
| 25 |
+ |
|
| 26 |
+ def self.save_session(session) |
|
| 27 |
+ date_expiring = session[:created_at] + Rails.application.config.max_lifetime |
|
| 28 |
+ |
|
| 29 |
+ self.create!(:token => session[:token], |
|
| 30 |
+ :date_expiring => date_expiring, |
|
| 31 |
+ :created_at => session[:created_at], |
|
| 32 |
+ :ip => IPAddr.new(session[:ip]).to_i) |
|
| 33 |
+ end |
|
| 34 |
+ |
|
| 35 |
+ def self.remove_old_session(token) |
|
| 36 |
+ self.delete_all(token: token) |
|
| 37 |
+ end |
|
| 38 |
+ |
|
| 39 |
+ private |
|
| 40 |
+ |
|
| 41 |
+ def self.generate_token |
|
| 42 |
+ begin |
|
| 43 |
+ token = SecureRandom.urlsafe_base64 |
|
| 44 |
+ end while Token.where(token: token).exists? |
|
| 45 |
+ |
|
| 46 |
+ token |
|
| 47 |
+ end |
|
| 48 |
+end |
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
%head |
| 4 | 4 |
%title= yield(:title) + " | App" |
| 5 | 5 |
%meta{:charset => "utf-8"}/
|
| 6 |
- %link{ :href => "/css/screen.css", :media => "screen", :rel => "stylesheet" }
|
|
| 6 |
+ -#%link{ :href => "/css/screen.css", :media => "screen", :rel => "stylesheet" }
|
|
| 7 | 7 |
= csrf_meta_tags |
| 8 | 8 |
%body |
| 9 | 9 |
= yield |
| 10 | 10 |
\ No newline at end of file |
| ... | ... |
@@ -1,55 +1,8 @@ |
| 1 | 1 |
Xmpp::Application.routes.draw do |
| 2 |
- # Sample of regular route: |
|
| 3 |
- # match 'products/:id' => 'catalog#view' |
|
| 4 |
- # Keep in mind you can assign values other than :controller and :action |
|
| 2 |
+ resources :sessions, only: [:new, :create, :destroy] |
|
| 5 | 3 |
|
| 6 |
- # Sample of named route: |
|
| 7 |
- # match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase |
|
| 8 |
- # This route can be invoked with purchase_url(:id => product.id) |
|
| 4 |
+ root :to => 'sessions#new' |
|
| 9 | 5 |
|
| 10 |
- # Sample resource route (maps HTTP verbs to controller actions automatically): |
|
| 11 |
- # resources :products |
|
| 12 |
- |
|
| 13 |
- # Sample resource route with options: |
|
| 14 |
- # resources :products do |
|
| 15 |
- # member do |
|
| 16 |
- # get 'short' |
|
| 17 |
- # post 'toggle' |
|
| 18 |
- # end |
|
| 19 |
- # |
|
| 20 |
- # collection do |
|
| 21 |
- # get 'sold' |
|
| 22 |
- # end |
|
| 23 |
- # end |
|
| 24 |
- |
|
| 25 |
- # Sample resource route with sub-resources: |
|
| 26 |
- # resources :products do |
|
| 27 |
- # resources :comments, :sales |
|
| 28 |
- # resource :seller |
|
| 29 |
- # end |
|
| 30 |
- |
|
| 31 |
- # Sample resource route with more complex sub-resources |
|
| 32 |
- # resources :products do |
|
| 33 |
- # resources :comments |
|
| 34 |
- # resources :sales do |
|
| 35 |
- # get 'recent', :on => :collection |
|
| 36 |
- # end |
|
| 37 |
- # end |
|
| 38 |
- |
|
| 39 |
- # Sample resource route within a namespace: |
|
| 40 |
- # namespace :admin do |
|
| 41 |
- # # Directs /admin/products/* to Admin::ProductsController |
|
| 42 |
- # # (app/controllers/admin/products_controller.rb) |
|
| 43 |
- # resources :products |
|
| 44 |
- # end |
|
| 45 |
- |
|
| 46 |
- # You can have the root of your site routed with "root" |
|
| 47 |
- # just remember to delete public/index.html. |
|
| 48 |
- root :to => 'login#index' |
|
| 49 |
- |
|
| 50 |
- # See how all your routes lay out with "rake routes" |
|
| 51 |
- |
|
| 52 |
- # This is a legacy wild controller route that's not recommended for RESTful applications. |
|
| 53 |
- # Note: This route will make all actions in every controller accessible via GET requests. |
|
| 54 |
- # match ':controller(/:action(/:id))(.:format)' |
|
| 6 |
+ match '/signin', to: 'sessions#new' |
|
| 7 |
+ match '/signout', to: 'sessions#destroy', via: :delete |
|
| 55 | 8 |
end |
| 56 | 9 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,13 @@ |
| 0 |
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html |
|
| 1 |
+ |
|
| 2 |
+one: |
|
| 3 |
+ token: MyString |
|
| 4 |
+ date_created: |
|
| 5 |
+ date_expiring: |
|
| 6 |
+ ip: 1 |
|
| 7 |
+ |
|
| 8 |
+two: |
|
| 9 |
+ token: MyString |
|
| 10 |
+ date_created: |
|
| 11 |
+ date_expiring: |
|
| 12 |
+ ip: 1 |
| ... | ... |
@@ -1,6 +1,8 @@ |
| 1 | 1 |
ENV["RAILS_ENV"] = "test" |
| 2 | 2 |
require File.expand_path('../../config/environment', __FILE__)
|
| 3 | 3 |
require 'rails/test_help' |
| 4 |
+require 'minitest/autorun' |
|
| 5 |
+require 'timecop' |
|
| 4 | 6 |
|
| 5 | 7 |
class ActiveSupport::TestCase |
| 6 | 8 |
# Add more helper methods to be used by all tests here... |
| 0 | 4 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,41 @@ |
| 0 |
+require 'test_helper' |
|
| 1 |
+require 'ipaddr' |
|
| 2 |
+ |
|
| 3 |
+class TokenTest < ActiveSupport::TestCase |
|
| 4 |
+ |
|
| 5 |
+ def setup |
|
| 6 |
+ @frozen_time = Time.now |
|
| 7 |
+ end |
|
| 8 |
+ |
|
| 9 |
+ def teardown |
|
| 10 |
+ Token.delete_all() |
|
| 11 |
+ end |
|
| 12 |
+ |
|
| 13 |
+ test "should authentificate" do |
|
| 14 |
+ Timecop.freeze(@frozen_time) do |
|
| 15 |
+ Token.save_session({token: "123", ip: "8.8.8.8", created_at: Time.now})
|
|
| 16 |
+ assert !! Token.authenticate({token: "123", created_at: Time.now, ip: "8.8.8.8"})
|
|
| 17 |
+ end |
|
| 18 |
+ end |
|
| 19 |
+ |
|
| 20 |
+ test "shouldnt auth with wrong token" do |
|
| 21 |
+ Timecop.freeze(@frozen_time) do |
|
| 22 |
+ Token.save_session({token: "123", ip: "8.8.8.100", created_at: @frozen_time})
|
|
| 23 |
+ assert_false !! Token.authenticate({token: "14423", created_at: @frozen_time, ip: "8.8.8.100"})
|
|
| 24 |
+ end |
|
| 25 |
+ end |
|
| 26 |
+ |
|
| 27 |
+ test "shouldnt auth with wrong time" do |
|
| 28 |
+ Timecop.freeze(@frozen_time) do |
|
| 29 |
+ Token.save_session({token: "123", ip: "8.1.1.1", created_at: @frozen_time})
|
|
| 30 |
+ assert_false !! Token.authenticate({token: "123", created_at: @frozen_time + Rails.application.config.max_lifetime + 10, ip: "8.1.1.1"})
|
|
| 31 |
+ end |
|
| 32 |
+ end |
|
| 33 |
+ |
|
| 34 |
+ test "shouldnt auth with wrong ip" do |
|
| 35 |
+ Timecop.freeze(@frozen_time) do |
|
| 36 |
+ Token.save_session({token: "123", ip: "8.1.1.1", created_at: @frozen_time})
|
|
| 37 |
+ assert_false !! Token.authenticate({token: "123", created_at: @frozen_time, ip: "8.1.1.100"})
|
|
| 38 |
+ end |
|
| 39 |
+ end |
|
| 40 |
+end |