feat: add notification on session invalidation

README.md

@@ -304,17 +304,18 @@ end
 Authie will publish events to the ActiveSupport::Notification instrumentation system. The following events are published
 with the given attributes.
 
-* `set_browser_id.authie` - when a new browser ID is set for a user. Provides `:browser_id` and `:controller` arguments.
-* `cleanup.authie` - when session cleanup is run. Provides no arguments.
-* `touch.authie` - when a session is touched. Provides `:session` argument.
-* `see_password.authie` - when a session sees a password. Provides `:session` argument.
-* `mark_as_two_factor.authie` - when a session has two factor credentials provided. Provides `:session` argument.
-* `session_start.authie` - when a session is started. Provides `:session` argument.
-* `browser_id_mismatch_error.authie` - when a session is validated when the browser ID does not match. Provides `:session` argument.
-* `invalid_session_error.authie` - when a session is validated when invalid. Provides `:session` argument.
-* `expired_session_error.authie` - when a session is validated when expired. Provides `:session` argument.
-* `inactive_session_error.authie` - when a session is validated when inactive. Provides `:session` argument.
-* `host_mismatch_error.authie` - when a session is validated and the host does not match. Provides `:session` argument.
+- `set_browser_id.authie` - when a new browser ID is set for a user. Provides `:browser_id` and `:controller` arguments.
+- `cleanup.authie` - when session cleanup is run. Provides no arguments.
+- `touch.authie` - when a session is touched. Provides `:session` argument.
+- `see_password.authie` - when a session sees a password. Provides `:session` argument.
+- `mark_as_two_factor.authie` - when a session has two factor credentials provided. Provides `:session` argument.
+- `session_start.authie` - when a session is started. Provides `:session` argument.
+- `session_invalidate.authie` - when a session is intentionally invalidated. Provides `:session` argument with session model instance.
+- `browser_id_mismatch_error.authie` - when a session is validated when the browser ID does not match. Provides `:session` argument.
+- `invalid_session_error.authie` - when a session is validated when invalid. Provides `:session` argument.
+- `expired_session_error.authie` - when a session is validated when expired. Provides `:session` argument.
+- `inactive_session_error.authie` - when a session is validated when inactive. Provides `:session` argument.
+- `host_mismatch_error.authie` - when a session is validated and the host does not match. Provides `:session` argument.
 
 ## Differences for Authie 4.0
 

lib/authie/session.rb

@@ -162,8 +162,8 @@ def cookies
 
     def validate_browser_id
       if cookies[:browser_id] != @session.browser_id
-        invalidate
         Authie.notify(:browser_id_mismatch_error, session: self)
+        invalidate
         raise BrowserMismatch, 'Browser ID mismatch'
       end
 

lib/authie/session_model.rb

@@ -63,8 +63,10 @@ def activate!
     end
 
     def invalidate!
+      active_now = active?
       self.active = false
       save!
+      Authie.notify(:session_invalidate, session: self) if active_now
       true
     end
 

spec/lib/session_model_spec.rb

@@ -139,6 +139,17 @@
       session_model.invalidate!
       expect(session_model.active).to be false
     end
+
+    it 'sends a notification' do
+      expect(Authie).to receive(:notify).with(:session_invalidate, session: session_model)
+      session_model.invalidate!
+    end
+
+    it 'does not send a notification if called on a session that is already not active' do
+      session_model.active = false
+      expect(Authie).to_not receive(:notify)
+      session_model.invalidate!
+    end
   end
 
   context '#set' do

spec/lib/session_spec.rb

@@ -19,12 +19,13 @@
 
     it 'dispatches an event if the browser ID does not match' do
       controller.send(:cookies)[:browser_id] = 'invalid'
-      expect(Authie).to receive(:notify).with(:browser_id_mismatch_error, session: session)
+      allow(Authie).to receive(:notify)
       begin
         session.validate
       rescue StandardError
         nil
       end
+      expect(Authie).to have_received(:notify).with(:browser_id_mismatch_error, session: session)
     end
 
     it 'raises an error if the session is not valid' do
@@ -34,12 +35,13 @@
 
     it 'dispatches an event if the session is not valid' do
       session_model.update!(active: false)
-      expect(Authie).to receive(:notify).with(:invalid_session_error, session: session)
+      allow(Authie).to receive(:notify)
       begin
         session.validate
       rescue StandardError
         nil
       end
+      expect(Authie).to have_received(:notify).with(:invalid_session_error, session: session)
     end
 
     it 'raises an error if the session has expired' do
@@ -49,12 +51,13 @@
 
     it 'dispatches an event if the session has expired' do
       session_model.update!(expires_at: 5.minutes.ago)
-      expect(Authie).to receive(:notify).with(:expired_session_error, session: session)
+      allow(Authie).to receive(:notify)
       begin
         session.validate
       rescue StandardError
         nil
       end
+      expect(Authie).to have_received(:notify).with(:expired_session_error, session: session)
     end
 
     it 'raises an error if the session is inactive' do
@@ -64,12 +67,13 @@
 
     it 'dispatches an event if the session is inactive' do
       session_model.update!(last_activity_at: 13.hours.ago, active: true)
-      expect(Authie).to receive(:notify).with(:inactive_session_error, session: session)
+      allow(Authie).to receive(:notify)
       begin
         session.validate
       rescue StandardError
         nil
       end
+      expect(Authie).to have_received(:notify).with(:inactive_session_error, session: session)
     end
 
     it 'raises an error if the hostname does not match the session' do