Revocable sessions (#3616)

* feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations
author: Sorin Davidoi <sorin.davidoi@gmail.com> 2017-06-23 18:50:53 +0200
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-06-23 18:50:53 +0200
commit: 2211e8d1cd6eb97a8a04e24c1fea7031a201edb5 (patch)
tree: b235a97b1c0f73475449c2313823dc6d599f31bb /app/models/session_activation.rb
parent: 3783cadf2d7a2b7ace078d1d337645f53c190c69 (diff)
1 files changed, 38 insertions, 0 deletions
diff --git a/app/models/session_activation.rb b/app/models/session_activation.rb
new file mode 100644
index 000000000..71e9f023c
--- /dev/null
+++ b/app/models/session_activation.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+# == Schema Information
+#
+# Table name: session_activations
+#
+#  id         :integer          not null, primary key
+#  user_id    :integer          not null
+#  session_id :string           not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#
+
+class SessionActivation < ApplicationRecord
+  LIMIT = Rails.configuration.x.max_session_activations
+
+  def self.active?(id)
+    id && where(session_id: id).exists?
+  end
+
+  def self.activate(id)
+    activation = create!(session_id: id)
+    purge_old
+    activation
+  end
+
+  def self.deactivate(id)
+    return unless id
+    where(session_id: id).destroy_all
+  end
+
+  def self.purge_old
+    order('created_at desc').offset(LIMIT).destroy_all
+  end
+
+  def self.exclusive(id)
+    where('session_id != ?', id).destroy_all
+  end
+end
author	Sorin Davidoi <sorin.davidoi@gmail.com>	2017-06-23 18:50:53 +0200
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-06-23 18:50:53 +0200
commit	2211e8d1cd6eb97a8a04e24c1fea7031a201edb5 (patch)
tree	b235a97b1c0f73475449c2313823dc6d599f31bb /app/models/session_activation.rb
parent	3783cadf2d7a2b7ace078d1d337645f53c190c69 (diff)