feat: ability to skip session touching within a request

adamcooke · May 2, 2022 · 593eacf · 593eacf
1 parent e688762
commit 593eacf
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 2 deletions.
diff --git a/lib/authie/controller_delegate.rb b/lib/authie/controller_delegate.rb
@@ -9,10 +9,13 @@ module Authie
   # The controller delegate implements methods that can be used by a controller. These are then
   # extended into controllers as needed (see ControllerExtension).
   class ControllerDelegate
+    attr_accessor :touch_auth_session_enabled
+
     # @param controller [ActionController::Base]
     # @return [Authie::ControllerDelegate]
     def initialize(controller)
       @controller = controller
+      @touch_auth_session_enabled = true
     end
 
     # Sets a browser ID. This must be performed on any page request where AUthie will be used.
@@ -52,7 +55,7 @@ def validate_auth_session
     def touch_auth_session
       yield if block_given?
     ensure
-      auth_session.touch if logged_in?
+      auth_session.touch if @touch_auth_session_enabled && logged_in?
     end
 
     # Return the user for the currently logged in user or nil if no user is logged in

diff --git a/lib/authie/controller_extension.rb b/lib/authie/controller_extension.rb
@@ -26,5 +26,9 @@ def included(base)
     def auth_session_delegate
       @auth_session_delegate ||= Authie::ControllerDelegate.new(self)
     end
+
+    def skip_touch_auth_session!
+      auth_session_delegate.touch_auth_session_enabled = false
+    end
   end
 end
diff --git a/spec/dummy/app/controllers/pages_controller.rb b/spec/dummy/app/controllers/pages_controller.rb
@@ -24,4 +24,9 @@ def logged_in
   def error
     1 / 0
   end
+
+  def no_touching
+    skip_touch_auth_session!
+    render plain: 'Blah'
+  end
 end
diff --git a/spec/dummy/config/routes.rb b/spec/dummy/config/routes.rb
@@ -6,4 +6,5 @@
   get '/logged_in', to: 'pages#logged_in'
   get '/request_count', to: 'pages#request_count'
   get '/error', to: 'pages#error'
+  get '/no_touching', to: 'pages#no_touching'
 end
diff --git a/spec/integration/controller_extension_spec.rb b/spec/integration/controller_extension_spec.rb
@@ -34,6 +34,16 @@
     end
   end
 
+  it 'does not touch sessions were touching has been disabled' do
+    session = setup_session
+    time = session.login_at + 5.minutes
+    Timecop.freeze(time) { get :index }
+    Timecop.freeze(time + 10.minutes) { get :no_touching }
+    session.reload
+    expect(session.last_activity_path).to eq '/'
+    expect(session.last_activity_at).to eq time
+  end
+
   it 'touches the session even if there is an error' do
     session = setup_session
     time = Time.new(2022, 2, 4, 2, 11)
@@ -68,7 +78,11 @@
   def setup_session
     browser_id = SecureRandom.uuid
     user = User.create!(username: 'adam')
-    session = Authie::SessionModel.create!(user: user, browser_id: browser_id, active: true)
+    session = Authie::SessionModel.create!(user: user,
+                                           login_at: Time.current,
+                                           login_ip: '1.2.3.4',
+                                           browser_id: browser_id,
+                                           active: true)
     if block_given?
       yield(session)
       session.save!

diff --git a/spec/lib/controller_delegate_spec.rb b/spec/lib/controller_delegate_spec.rb
@@ -57,6 +57,12 @@
       it 'will return the return value of the executed block' do
         expect(delegate.touch_auth_session { 1234 }).to eq 1234
       end
+
+      it 'will not touch the session if disabled' do
+        delegate.touch_auth_session_enabled = false
+        expect(delegate.auth_session).to_not receive(:touch)
+        delegate.touch_auth_session
+      end
     end
   end