feat: allow persistent sessions to be created

adamcooke · Apr 29, 2022 · 9ed6b6d · 9ed6b6d
1 parent 38922f4
commit 9ed6b6d
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 6 deletions.
diff --git a/lib/authie/controller_delegate.rb b/lib/authie/controller_delegate.rb
@@ -61,9 +61,9 @@ def current_user
     # will be invalidated.
     #
     # @return [Authie::Session, nil]
-    def create_auth_session(user, params = {})
+    def create_auth_session(user, **kwargs)
       if user
-        @auth_session = Authie::Session.start(@controller, params.merge(user: user))
+        @auth_session = Authie::Session.start(@controller, user: user, **kwargs)
         return @auth_session
       end
 

diff --git a/lib/authie/session.rb b/lib/authie/session.rb
@@ -206,20 +206,22 @@ class << self
       # Create a new session within the given controller for the
       #
       # @param controller [ActionController::Base]
-      # @option params [ActiveRecord::Base] user
+      # @param user [ActiveRecord::Base] user
+      # @param persistent [Boolean] create a persistent session
       # @return [Authie::Session]
-      def start(controller, params = {})
+      def start(controller, user:, persistent: false, see_password: false, **params)
         cookies = controller.send(:cookies)
         SessionModel.active.where(browser_id: cookies[:browser_id]).each(&:invalidate!)
-        user_object = params.delete(:user)
 
         session = SessionModel.new(params)
-        session.user = user_object
+        session.user = user
         session.browser_id = cookies[:browser_id]
         session.login_at = Time.now
         session.login_ip = controller.request.ip
         session.host = controller.request.host
         session.user_agent = controller.request.user_agent
+        session.expires_at = Time.now + Authie.config.persistent_session_length if persistent
+        session.password_seen_at = Time.now if see_password
         session.save!
 
         new(controller, session).start

diff --git a/spec/lib/session_spec.rb b/spec/lib/session_spec.rb
@@ -212,6 +212,23 @@
       described_class.start(controller, user: user)
       expect(existing_session.reload.active?).to be false
     end
+
+    it 'allows persistent sessions to be created' do
+      time = Time.new(2022, 3, 4, 2, 31, 22)
+      Timecop.freeze(time) do
+        session = described_class.start(controller, user: user, persistent: true)
+        expect(session.persistent?).to be true
+        expect(session.expires_at).to eq time + 2.months
+      end
+    end
+
+    it 'allows password to be seen' do
+      time = Time.new(2022, 3, 4, 2, 31, 22)
+      Timecop.freeze(time) do
+        session = described_class.start(controller, user: user, see_password: true)
+        expect(session.password_seen_at).to eq time
+      end
+    end
   end
 
   describe '.get_session' do