parent
bd80ddaddc
commit
2712de5857
@ -0,0 +1,29 @@
|
||||
module Carto
|
||||
class AuthenticationManager
|
||||
|
||||
def self.validate_session(warden_context, request, user, reset_session_on_error = true)
|
||||
if session_security_token_valid?(warden_context, user)
|
||||
true
|
||||
else
|
||||
request.reset_session if reset_session_on_error
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
def self.session_security_token_valid?(warden_context, user)
|
||||
session = warden_context.session(user.username)
|
||||
|
||||
return false unless session.key?(:sec_token)
|
||||
|
||||
if session[:sec_token] != user.security_token
|
||||
user.user_multifactor_auths.any? ? (return false) : (raise Carto::ExpiredSessionError)
|
||||
end
|
||||
|
||||
true
|
||||
rescue Warden::NotAuthenticated
|
||||
false
|
||||
end
|
||||
private_class_method :session_security_token_valid?
|
||||
|
||||
end
|
||||
end
|
@ -0,0 +1,63 @@
|
||||
require_relative '../../spec_helper_min.rb'
|
||||
require_relative '../../../lib/carto/authentication_manager.rb'
|
||||
|
||||
module Carto
|
||||
describe AuthenticationManager do
|
||||
|
||||
describe '::validate_session' do
|
||||
subject { described_class.validate_session(warden_context, request, user) }
|
||||
|
||||
let!(:user) { FactoryGirl.create(:user) }
|
||||
let(:valid_session) { { sec_token: user.security_token } }
|
||||
let(:warden_context) { mock }
|
||||
let(:request) { mock }
|
||||
|
||||
context 'when session is valid' do
|
||||
before { warden_context.expects(:session).returns(valid_session) }
|
||||
|
||||
it { should be_true }
|
||||
end
|
||||
|
||||
context 'when no session' do
|
||||
before do
|
||||
request.expects(:reset_session)
|
||||
warden_context.expects(:session).returns({})
|
||||
end
|
||||
|
||||
it { should be_false }
|
||||
end
|
||||
|
||||
context 'when session was invalidated' do
|
||||
let(:session) { { sec_token: 'old-security-token' } }
|
||||
|
||||
before { warden_context.expects(:session).returns(session) }
|
||||
|
||||
it 'raises an error' do
|
||||
expect { subject }.to raise_error(Carto::ExpiredSessionError)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when authenticating with a valid method and no session' do
|
||||
before do
|
||||
request.expects(:reset_session)
|
||||
warden_context.expects(:session).raises(Warden::NotAuthenticated)
|
||||
end
|
||||
|
||||
it { should be_false }
|
||||
end
|
||||
|
||||
context "when security token does not match but using multifactor authentication" do
|
||||
let(:session) { { sec_token: 'old-security-token' } }
|
||||
|
||||
before do
|
||||
FactoryGirl.create(:totp, :active, user_id: user.id)
|
||||
request.expects(:reset_session)
|
||||
warden_context.expects(:session).returns(session)
|
||||
end
|
||||
|
||||
it { should be_false }
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
Loading…
Reference in new issue