Tie access token directly to session
We need to present them differently in the session list and prevent them from being deleted
This commit is contained in:
committed by
Stanko K.R.
parent
b53c0a5385
commit
db29562c4c
@@ -46,7 +46,7 @@ module Authentication
|
|||||||
end
|
end
|
||||||
|
|
||||||
def resume_session
|
def resume_session
|
||||||
if session = find_session_by_cookie || find_or_start_session_by_bearer_token
|
if session = find_session_by_cookie || find_session_by_bearer_token
|
||||||
set_current_session session
|
set_current_session session
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@@ -55,7 +55,7 @@ module Authentication
|
|||||||
Session.find_signed(cookies.signed[:session_token])
|
Session.find_signed(cookies.signed[:session_token])
|
||||||
end
|
end
|
||||||
|
|
||||||
def find_or_start_session_by_bearer_token
|
def find_session_by_bearer_token
|
||||||
if request_authorized_by_bearer_token?
|
if request_authorized_by_bearer_token?
|
||||||
Identity::AccessToken.find_by(token: authorization_bearer_token)&.session
|
Identity::AccessToken.find_by(token: authorization_bearer_token)&.session
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -1,17 +1,14 @@
|
|||||||
class Identity::AccessToken < ApplicationRecord
|
class Identity::AccessToken < ApplicationRecord
|
||||||
belongs_to :identity
|
belongs_to :identity
|
||||||
|
belongs_to :session
|
||||||
|
|
||||||
has_secure_token
|
has_secure_token
|
||||||
enum :permission, %w[ read write ].index_by(&:itself), default: :read
|
enum :permission, %w[ read write ].index_by(&:itself), default: :read
|
||||||
|
|
||||||
def session
|
before_validation :build_session, on: :create
|
||||||
identity.sessions.find_or_create_by! user_agent: session_user_agent
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
private
|
||||||
# Overload the user_agent identification for access token session reuse.
|
def build_session
|
||||||
# This allows us to easily reuse a single session record per access token.
|
self.session = identity.sessions.build(user_agent: "Access Token")
|
||||||
def session_user_agent
|
|
||||||
"access-token-#{id}"
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ class CreateIdentityAccessTokens < ActiveRecord::Migration[8.2]
|
|||||||
def change
|
def change
|
||||||
create_table :identity_access_tokens, id: :uuid do |t|
|
create_table :identity_access_tokens, id: :uuid do |t|
|
||||||
t.uuid :identity_id, null: false
|
t.uuid :identity_id, null: false
|
||||||
|
t.uuid :session_id, null: false
|
||||||
t.string :token
|
t.string :token
|
||||||
t.string :permission
|
t.string :permission
|
||||||
t.text :description
|
t.text :description
|
||||||
|
|||||||
Generated
+1
@@ -326,6 +326,7 @@ ActiveRecord::Schema[8.2].define(version: 2025_12_05_010536) do
|
|||||||
t.text "description"
|
t.text "description"
|
||||||
t.uuid "identity_id", null: false
|
t.uuid "identity_id", null: false
|
||||||
t.string "permission"
|
t.string "permission"
|
||||||
|
t.uuid "session_id", null: false
|
||||||
t.string "token"
|
t.string "token"
|
||||||
t.datetime "updated_at", null: false
|
t.datetime "updated_at", null: false
|
||||||
t.index ["identity_id"], name: "index_access_token_on_identity_id"
|
t.index ["identity_id"], name: "index_access_token_on_identity_id"
|
||||||
|
|||||||
@@ -326,6 +326,7 @@ ActiveRecord::Schema[8.2].define(version: 2025_12_05_010536) do
|
|||||||
t.text "description", limit: 65535
|
t.text "description", limit: 65535
|
||||||
t.uuid "identity_id", null: false
|
t.uuid "identity_id", null: false
|
||||||
t.string "permission", limit: 255
|
t.string "permission", limit: 255
|
||||||
|
t.uuid "session_id", null: false
|
||||||
t.string "token", limit: 255
|
t.string "token", limit: 255
|
||||||
t.datetime "updated_at", null: false
|
t.datetime "updated_at", null: false
|
||||||
t.index ["identity_id"], name: "index_access_token_on_identity_id"
|
t.index ["identity_id"], name: "index_access_token_on_identity_id"
|
||||||
|
|||||||
+2
@@ -1,11 +1,13 @@
|
|||||||
jasons_api_token:
|
jasons_api_token:
|
||||||
identity: jason
|
identity: jason
|
||||||
|
session: jason_api
|
||||||
token: 018cf1425682700098f24f0799e3fe20
|
token: 018cf1425682700098f24f0799e3fe20
|
||||||
description: My Superscript
|
description: My Superscript
|
||||||
permission: read
|
permission: read
|
||||||
|
|
||||||
davids_api_token:
|
davids_api_token:
|
||||||
identity: david
|
identity: david
|
||||||
|
session: david_api
|
||||||
token: x18cf1425682700098f24f0799e3fe20
|
token: x18cf1425682700098f24f0799e3fe20
|
||||||
description: My Superscript
|
description: My Superscript
|
||||||
permission: write
|
permission: write
|
||||||
|
|||||||
Vendored
+6
@@ -1,6 +1,9 @@
|
|||||||
david:
|
david:
|
||||||
identity: david
|
identity: david
|
||||||
|
|
||||||
|
david_api:
|
||||||
|
identity: david
|
||||||
|
|
||||||
kevin:
|
kevin:
|
||||||
identity: kevin
|
identity: kevin
|
||||||
|
|
||||||
@@ -12,3 +15,6 @@ jason:
|
|||||||
|
|
||||||
mike:
|
mike:
|
||||||
identity: mike
|
identity: mike
|
||||||
|
|
||||||
|
jason_api:
|
||||||
|
identity: jason
|
||||||
|
|||||||
@@ -1,13 +1,8 @@
|
|||||||
require "test_helper"
|
require "test_helper"
|
||||||
|
|
||||||
class Identity::AccessTokenTest < ActiveSupport::TestCase
|
class Identity::AccessTokenTest < ActiveSupport::TestCase
|
||||||
test "only one session at the time" do
|
test "new access token comes with a session" do
|
||||||
assert_changes -> { Session.count }, +1 do
|
access_token = identities(:david).access_tokens.create!
|
||||||
identity_access_tokens(:jasons_api_token).session
|
assert_equal "Access Token", identities(:david).sessions.last.user_agent
|
||||||
end
|
|
||||||
|
|
||||||
assert_no_changes -> { Session.count } do
|
|
||||||
identity_access_tokens(:jasons_api_token).session
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user