From e91553d164c6adc89a9db625d37e2550d36d8261 Mon Sep 17 00:00:00 2001 From: Thorsten Eckel Date: Wed, 24 Jun 2015 10:48:48 +0200 Subject: [PATCH] - Refactored authentication_check_only. - Replaced session[:request_type] with session[:persistent]. --- app/controllers/application_controller.rb | 121 ++++++++----------- app/controllers/sessions_controller.rb | 4 + app/models/observer/session.rb | 12 +- db/migrate/20150623145511_session_changes.rb | 24 ++++ lib/session_helper.rb | 2 +- 5 files changed, 86 insertions(+), 77 deletions(-) create mode 100644 db/migrate/20150623145511_session_changes.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 86a7e35a6..9ac15fd70 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -98,122 +98,98 @@ class ApplicationController < ActionController::Base def authentication_check_only(auth_param) logger.debug 'authentication_check' - session[:request_type] = 1 #logger.debug params.inspect #logger.debug session.inspect #logger.debug cookies.inspect - # check http basic auth - authenticate_with_http_basic do |username, password| - logger.debug 'http basic auth check' - session[:request_type] = 2 + # already logged in, early exit + if session.id && session[:user_id] + userdata = User.find( session[:user_id] ) + current_user_set(userdata) - userdata = User.authenticate( username, password ) - message = '' - if !userdata - message = 'authentication failed' - end + return { + auth: true + } + end - # return auth ok - if message == '' + error_message = 'authentication failed' - # remember user - session[:user_id] = userdata.id + # check logon session + if params['logon_session'] + logon_session = ActiveRecord::SessionStore::Session.where( session_id: params['logon_session'] ).first - # set basic auth user to current user + # set logon session user to current user + if logon_session + userdata = User.find( logon_session.data[:user_id] ) current_user_set(userdata) + + session[:persistent] = true + return { auth: true } end - # return auth not ok + error_message = 'no valid session, user_id' + end + + # check sso + sso_userdata = User.sso(params) + if sso_userdata + + current_user_set(sso_userdata) + + session[:persistent] = true + return { - auth: false, - message: message, + auth: true } end - # check logon session - if params['logon_session'] - logon_session = ActiveRecord::SessionStore::Session.where( session_id: params['logon_session'] ).first - if logon_session - userdata = User.find( logon_session.data[:user_id] ) - end + # check http basic auth + authenticate_with_http_basic do |username, password| + logger.debug "http basic auth check '#{username}'" - session[:request_type] = 3 + userdata = User.authenticate( username, password ) - # set logon session user to current user + next if !userdata + + # set basic auth user to current user current_user_set(userdata) return { auth: true } end - # check sso - if !session[:user_id] - - user = User.sso(params) - - # Log the authorizing user in. - if user - session[:user_id] = user.id - end - end - # check token if auth_param[:token_action] - authenticate_with_http_token do |token, options| - logger.debug 'token auth check' - session[:request_type] = 4 + authenticate_with_http_token do |token, _options| + logger.debug "token auth check #{token}" userdata = Token.check( action: auth_param[:token_action], name: token, ) - message = '' - if !userdata - message = 'authentication failed' - end + next if !userdata - # return auth ok - if message == '' + # set token user to current user + current_user_set(userdata) - # remember user - session[:user_id] = userdata.id - - # set token user to current user - current_user_set(userdata) - return { - auth: true - } - end - - # return auth not ok return { - auth: false, - message: message, + auth: true } end end - # return auth not ok (no session exists) - if !session[:user_id] - logger.debug 'no valid session, user_id' - message = 'no valid session, user_id' - return { - auth: false, - message: message, - } - end - + logger.debug error_message { - auth: true + auth: false, + message: error_message, } end - def authentication_check( auth_param = { basic_auth_promt: false } ) + def authentication_check( auth_param = {} ) result = authentication_check_only(auth_param) # check if basic_auth fallback is possible @@ -233,6 +209,9 @@ class ApplicationController < ActionController::Base return false end + # store current user id into the session + session[:user_id] = current_user.id + # return auth ok true end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index f0d530207..079ad10d8 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -54,6 +54,10 @@ class SessionsController < ApplicationController # ) end + # sessions created via this + # controller are persistent + session[:persistent] = true + # return new session data render status: :created, json: { diff --git a/app/models/observer/session.rb b/app/models/observer/session.rb index cd051fb21..5a2f490ee 100644 --- a/app/models/observer/session.rb +++ b/app/models/observer/session.rb @@ -13,15 +13,17 @@ class Observer::Session < ActiveRecord::Observer check(record) end + # move the persistent attribute from the sub structure + # to the first level so it gets stored in the database + # column to make the cleanup lookup more performant def check(record) return if !record.data - return if record[:request_type] + return if record[:persistent] - # remember request type - return if !record.data['request_type'] + return if !record.data['persistent'] - record[:request_type] = record.data['request_type'] - record.data.delete('request_type') + record[:persistent] = record.data['persistent'] + record.data.delete('persistent') end end diff --git a/db/migrate/20150623145511_session_changes.rb b/db/migrate/20150623145511_session_changes.rb new file mode 100644 index 000000000..4fd08afd3 --- /dev/null +++ b/db/migrate/20150623145511_session_changes.rb @@ -0,0 +1,24 @@ +class SessionChanges < ActiveRecord::Migration + def up + + ActiveRecord::SessionStore::Session.delete_all + + remove_index :sessions, :request_type + remove_column :sessions, :request_type + + add_column :sessions, :persistent, :boolean, null: true + add_index :sessions, :persistent + end + + def down + + ActiveRecord::SessionStore::Session.delete_all + + remove_index :sessions, :persistent + remove_column :sessions, :persistent + + add_column :sessions, :request_type, :integer, null: true + add_index :sessions, :request_type + end + +end diff --git a/lib/session_helper.rb b/lib/session_helper.rb index f1081602e..7c74addf2 100644 --- a/lib/session_helper.rb +++ b/lib/session_helper.rb @@ -29,7 +29,7 @@ module SessionHelper def self.cleanup_expired # delete temp. sessions - ActiveRecord::SessionStore::Session.where('request_type IS NULL AND updated_at < ?', Time.zone.now - 1.days ).delete_all + ActiveRecord::SessionStore::Session.where('persistent IS NULL AND updated_at < ?', Time.zone.now - 1.days ).delete_all # web sessions older the x days ActiveRecord::SessionStore::Session.where('updated_at < ?', Time.zone.now - 90.days ).delete_all