Commit 6566895

mokha <mokha@cisco.com>
2018-09-22 16:30:43
ensure a new session key is generated for each access
main
1 parent 5d559f6
Changed files (2)
app
models
user_session.rb
spec
models
user_session_spec.rb
app/models/user_session.rb
@@ -2,9 +2,11 @@
 
 class UserSession < ApplicationRecord
   belongs_to :user
-  before_validation :set_unique_key
+  before_validation do |model|
+    model.key = SecureRandom.urlsafe_base64(32)
+  end
 
-  scope :active, -> { where("accessed_at > ?", 30.minutes.ago).where('created_at > ?', 24.hours.ago).where(revoked_at: nil) }
+  scope :active, ->{ where("accessed_at > ?", 30.minutes.ago).where('created_at > ?', 24.hours.ago).where(revoked_at: nil) }
 
   def self.authenticate(key)
     active.find_by(key: key)
@@ -29,10 +31,4 @@ class UserSession < ApplicationRecord
       user_agent: request.user_agent,
     )
   end
-
-  private
-
-  def set_unique_key
-    self.key = SecureRandom.urlsafe_base64(32)
-  end
 end
spec/models/user_session_spec.rb
@@ -10,6 +10,8 @@ RSpec.describe UserSession do
   end
 
   describe "#access" do
+    subject { create(:user_session) }
+    let!(:original_key) { subject.key }
     let(:request) { double(ip: "192.168.1.1", user_agent: "blah") }
 
     before { freeze_time }
@@ -19,6 +21,7 @@ RSpec.describe UserSession do
     specify { expect(subject.ip).to eql(request.ip) }
     specify { expect(subject.user_agent).to eql(request.user_agent) }
     specify { expect(subject).to be_persisted }
+    specify { expect(subject.key).not_to eql(original_key) }
   end
 
   describe ".active" do