Class: StandardId::Web::SessionManager

Inherits:
Object
  • Object
show all
Defined in:
lib/standard_id/web/session_manager.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(token_manager, request:, session:, cookies:, reset_session: nil) ⇒ SessionManager

Returns a new instance of SessionManager.



6
7
8
9
10
11
12
 
# File 'lib/standard_id/web/session_manager.rb', line 6

def initialize(token_manager, request:, session:, cookies:, reset_session: nil)
  @token_manager = token_manager
  @request = request
  @session = session
  @cookies = cookies
  @reset_session = reset_session
end

Instance Attribute Details

#cookiesObject (readonly)

Returns the value of attribute cookies.



4
5
6
 
# File 'lib/standard_id/web/session_manager.rb', line 4

def cookies
  @cookies
end

#requestObject (readonly)

Returns the value of attribute request.



4
5
6
 
# File 'lib/standard_id/web/session_manager.rb', line 4

def request
  @request
end

#sessionObject (readonly)

Returns the value of attribute session.



4
5
6
 
# File 'lib/standard_id/web/session_manager.rb', line 4

def session
  @session
end

#token_managerObject (readonly)

Returns the value of attribute token_manager.



4
5
6
 
# File 'lib/standard_id/web/session_manager.rb', line 4

def token_manager
  @token_manager
end

Instance Method Details

#clear_session!Object 



62
63
64
65
66
67
68
69
70
 
# File 'lib/standard_id/web/session_manager.rb', line 62

def clear_session!
  # TODO: make token key names configurable
  session.delete(:session_token)
  session.delete(:standard_id_scopes)
  cookies.encrypted[:session_token] = nil
  cookies.delete(:remember_token)

  Current.session = nil
end

#current_accountObject 



18
19
20
 
# File 'lib/standard_id/web/session_manager.rb', line 18

def 
  Current. ||= 
end

#current_scope_namesObject 



49
50
51
 
# File 'lib/standard_id/web/session_manager.rb', line 49

def current_scope_names
  Array(session[:standard_id_scopes])
end

#current_sessionObject 



14
15
16
 
# File 'lib/standard_id/web/session_manager.rb', line 14

def current_session
  Current.session ||= load_current_session
end

#revoke_current_session!Object 



53
54
55
56
 
# File 'lib/standard_id/web/session_manager.rb', line 53

def revoke_current_session!
  current_session&.revoke!
  clear_session!
end

#set_remember_cookie(password_credential) ⇒ Object 



58
59
60
 
# File 'lib/standard_id/web/session_manager.rb', line 58

def set_remember_cookie(password_credential)
  cookies[:remember_token] = token_manager.create_remember_token(password_credential)
end

#sign_in_account(account, scope_name: nil) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/standard_id/web/session_manager.rb', line 22

def (, scope_name: nil)
  emit_session_creating(, "browser")

  # Prevent session fixation by resetting the Rails session before
  # creating an authenticated session (Rails Security Guide ยง2.5).
  # Preserve return_to URL across the reset so post-login redirect works.
  return_to = session[:return_to_after_authenticating]
  existing_scopes = session[:standard_id_scopes]
  @reset_session&.call
  session[:return_to_after_authenticating] = return_to if return_to
  session[:standard_id_scopes] = existing_scopes if existing_scopes

  token_manager.create_browser_session().tap do |browser_session|
    # Store in both session and encrypted cookie for backward compatibility
    # Action Cable will use the encrypted cookie
    session[:session_token] = browser_session.token
    cookies.encrypted[:session_token] = browser_session.token
    if scope_name
      scopes = Array(session[:standard_id_scopes])
      scopes << scope_name.to_s unless scopes.include?(scope_name.to_s)
      session[:standard_id_scopes] = scopes
    end
    Current.session = browser_session
    emit_session_created(browser_session, , "browser")
  end
end