Commit f08a806

mokha <mokha@cisco.com>
2018-09-22 17:21:03
create user session during login.
main
1 parent d4014e2
Changed files (5)
app
controllers
responses_controller.rb
sessions_controller.rb
models
current.rb
user_session.rb
spec
models
user_session_spec.rb
app/controllers/responses_controller.rb
@@ -20,10 +20,9 @@ class ResponsesController < ApplicationController
       ) do |builder|
         @saml_response_builder = builder
       end
-      user_id = current_user.to_param
       mfa_issued_at = session[:mfa].present? ? session[:mfa][:issued_at] : nil
       reset_session
-      session[:user_id] = user_id
+      session[:user_session_key] = Current.user_session.key
       session[:mfa] = { issued_at: mfa_issued_at } if mfa_issued_at.present?
     else
       @url, @saml_params = saml.response_for(
app/controllers/sessions_controller.rb
@@ -59,7 +59,7 @@ class SessionsController < ApplicationController
   def login(user)
     saml_data = session[:saml]
     reset_session
-    session[:user_id] = user.to_param
+    session[:user_session_key] = user.sessions.build.access(request)
     session[:saml] = saml_data
   end
app/models/current.rb
@@ -3,7 +3,7 @@
 class Current < ActiveSupport::CurrentAttributes
   attribute :user, :token
   attribute :request
-  attribute :session
+  attribute :user_session
   attribute :request_id, :user_agent, :ip_address
 
   def user?
@@ -17,8 +17,8 @@ class Current < ActiveSupport::CurrentAttributes
 
   def access(request, session)
     self.request = request
-    self.session = session
-    uuid = session[:user_id]
-    self.user = User.find_by(uuid: uuid) if uuid.present?
+    self.user_session = UserSession.authenticate(session[:user_session_key])
+    self.user = user_session&.user
+    session[:user_session_key] = user_session&.access(request)
   end
 end
app/models/user_session.rb
@@ -13,6 +13,7 @@ class UserSession < ApplicationRecord
   scope :absolute_timeout, -> { where('created_at < ?', 24.hours.ago) }
 
   def self.authenticate(key)
+    return if key.blank?
     active.find_by(key: key)
   end
 
@@ -34,5 +35,6 @@ class UserSession < ApplicationRecord
       ip: request.ip,
       user_agent: request.user_agent,
     )
+    key
   end
 end
spec/models/user_session_spec.rb
@@ -15,13 +15,14 @@ RSpec.describe UserSession do
     let(:request) { double(ip: "192.168.1.1", user_agent: "blah") }
 
     before { freeze_time }
-    before { subject.access(request) }
+    before { @result = subject.access(request) }
 
     specify { expect(subject.accessed_at).to eql(Time.now) }
     specify { expect(subject.ip).to eql(request.ip) }
     specify { expect(subject.user_agent).to eql(request.user_agent) }
     specify { expect(subject).to be_persisted }
     specify { expect(subject.key).not_to eql(original_key) }
+    specify { expect(@result).to eql(subject.key) }
   end
 
   describe ".active" do
@@ -48,6 +49,8 @@ RSpec.describe UserSession do
     specify { expect(UserSession.authenticate(inactive_session.key)).to be_nil }
     specify { expect(UserSession.authenticate(expired_session.key)).to be_nil }
     specify { expect(UserSession.authenticate(revoked_session.key)).to be_nil }
+    specify { expect(UserSession.authenticate(nil)).to be_nil }
+    specify { expect(UserSession.authenticate("")).to be_nil }
   end
 
   describe ".sudo?" do