about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
authorSorin Davidoi <sorin.davidoi@gmail.com>2017-06-23 18:50:53 +0200
committerEugen Rochko <eugen@zeonfederated.com>2017-06-23 18:50:53 +0200
commit2211e8d1cd6eb97a8a04e24c1fea7031a201edb5 (patch)
treeb235a97b1c0f73475449c2313823dc6d599f31bb /config
parent3783cadf2d7a2b7ace078d1d337645f53c190c69 (diff)
Revocable sessions (#3616)
* feat: Revocable sessions

* fix: Tests using sign_in

* feat: Configuration entry for the maximum number of session activations
Diffstat (limited to 'config')
-rw-r--r--config/initializers/devise.rb16
-rw-r--r--config/initializers/session_activations.rb5
2 files changed, 21 insertions, 0 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 4754c2c8c..6d3a73ef6 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -1,3 +1,19 @@
+Warden::Manager.after_set_user except: :fetch do |user, warden|
+  SessionActivation.deactivate warden.raw_session['auth_id']
+  warden.raw_session['auth_id'] = user.activate_session
+end
+
+Warden::Manager.after_fetch do |user, warden|
+  unless user.session_active?(warden.raw_session['auth_id'])
+    warden.logout
+    throw :warden, message: :unauthenticated
+  end
+end
+
+Warden::Manager.before_logout do |_, warden|
+  SessionActivation.deactivate warden.raw_session['auth_id']
+end
+
 Devise.setup do |config|
   config.warden do |manager|
     manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
diff --git a/config/initializers/session_activations.rb b/config/initializers/session_activations.rb
new file mode 100644
index 000000000..ff3efc852
--- /dev/null
+++ b/config/initializers/session_activations.rb
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+Rails.application.configure do
+  config.x.max_session_activations = ENV['MAX_SESSION_ACTIVATIONS'] || 10
+end