-
-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expire sessions #10
Expire sessions #10
Conversation
Codecov Report
@@ Coverage Diff @@
## master #10 +/- ##
==========================================
+ Coverage 95.8% 95.88% +0.07%
==========================================
Files 32 32
Lines 262 267 +5
==========================================
+ Hits 251 256 +5
Misses 11 11
Continue to review full report at Codecov.
|
So all this would do is block |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good start! I left some notes – please ask questions if something doesn't make sense 😄
@@ -96,5 +96,9 @@ def find_session | |||
token: params[:token] | |||
) | |||
end | |||
|
|||
def session_expired(session) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should move the responsibility of knowing whether the session is expired to the session itself? Let's move this to a method Session#expired?
@@ -42,7 +42,7 @@ def show | |||
BCrypt::Password.create(params[:token]) | |||
|
|||
session = find_session | |||
sign_in session.authenticatable | |||
sign_in session.authenticatable unless session_expired session |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we want to continue this method if the session is expired. We could either a) do a regular old (boring) if
statement and return early or b) create an Error
class, raise
that and rescue
it at the bottom.
@@ -42,7 +42,7 @@ def show | |||
BCrypt::Password.create(params[:token]) | |||
|
|||
session = find_session | |||
sign_in session.authenticatable | |||
sign_in session.authenticatable unless session_expired session | |||
|
|||
redirect_enabled = Passwordless.redirect_back_after_sign_in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't want to redirect back if the authentication wasn't successful. In that case the user is going to be turned away again and again in an infinite loop.
Instead we would probably want to always redirect to root_path
and set a flash[:error]
message about the session being expired.
Thanks for the feedback! How does it look now? (I am more than happy to make infinite changes 😄) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Getting there!
else | ||
redirect_to main_app.root_path | ||
end | ||
redirect_to(redirect_enabled && target ? target : main_app.root_path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the old way better :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did too, I did that to try and satisfy rubocop saying the show method was too long... Should I ignore rubocop? or is there a better solution that I missed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feel free to add ignores to rubocop checks – they're only there for guidance 👍
The method length one is called Metrics/MethodLength
# rubocop:disable Metrics/MethodLength
and then # rubocop:enable ...
after the method
end | ||
redirect_to(redirect_enabled && target ? target : main_app.root_path) | ||
rescue ExpiredSessionError | ||
session_expired |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer to have the handling logic here instead of its own method.
lib/passwordless/exceptions.rb
Outdated
# Abstract passwordless errors from StandardError. | ||
class PasswordlessError < StandardError; end | ||
# Exception raised when a session is expired. | ||
class ExpiredSessionError < PasswordlessError; end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this is not a bad idea, I think I'd prefer to just have the error be a subclass to the controller. Like:
module Passwordless
class SessionsController < ApplicationController
class ExpiredSessionError < StandardError; end
# ...
As this is our only error so far and the controller is the only place it'll be raised, I don't think we need to centralize the errors just yet :)
@@ -96,5 +96,10 @@ def find_session | |||
token: params[:token] | |||
) | |||
end | |||
|
|||
def session_expired | |||
flash[:error] = 'Your session has expired, please sign in again.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we found our next issue: Adding I18n
locale support 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤣
@@ -16,7 +16,7 @@ def create_session(attrs = {}) | |||
|
|||
test 'scope: valid' do | |||
valid = create_session | |||
_expired = create_session expires_at: 1.hour.ago | |||
# _expired = create_session expires_at: 1.hour.ago |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can delete this 👍
@@ -5,6 +5,8 @@ | |||
module Passwordless | |||
# Controller for managing Passwordless sessions | |||
class SessionsController < ApplicationController | |||
# Raise this exception when a session is expired. | |||
class ExpiredSessionError < StandardError; end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a new line under this and then we’re good to go!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -37,11 +39,13 @@ def create | |||
# or _root_path_ | |||
# @see ControllerHelpers#sign_in | |||
# @see ControllerHelpers#save_passwordless_redirect_location! | |||
def show | |||
def show # rubocop:disable Metrics/MethodLength, Metrics/AbcSize |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, and move the comment above the method (or above the docs if necessary)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and done
abdaf5d
to
505e306
Compare
This is good thank you! |
Oh, I forgot: Can you squash these commits into a single one? Then I'll happily merge it 😄 |
505e306
to
43c6d89
Compare
Uh oh, it looks like I just did something wrong... Something to do with rebasing? Do you know how to fix this? |
😀 Not sure but you are right that it looks weird. Be sure that a) your Sorry, can't do much when I don't have it in front of me. |
43c6d89
to
f364d45
Compare
Wow thanks I followed those commands exactly and it did the trick |
You can even do it on those two |
Here are the results of running
When I try running (sorry for the technical troubles ;-) hope it isn't too much of a bother) |
No trouble. Git can be trouble but it's usually because I mess it up myself 😁 Do you have my fork as a git rebase -i mikker/master # or origin/master, but that could be your own fork If not you can add it with git remote add mikker https://github.com/mikker/passwordless Then the first command should give you the entire history divergence from mine. IF we end up not getting it to work then it's totally fine. I can remove the two commits with a little force on my end – but it's more fun to see if we can do it the right way™. |
f364d45
to
bb2c53d
Compare
Yes! it is one commit now 🎆 |
Nice! Ok, LAST thing. I like to keep commit messages in the style of "Add thing" or "Change things". Basically "VERB description of what the app now does differently". In this case maybe something like "Redirect user with error when session has expired". Makes sense? I read a pretty good blog post on this a while back. Trying if I can find it 😄 |
Still good! https://chris.beams.io/posts/git-commit/ |
"Imperative mood" is the stuff – https://chris.beams.io/posts/git-commit/#imperative |
bb2c53d
to
dda3549
Compare
👍 I will give it a read |
dda3549
to
5873005
Compare
Nice work! Thank you. |
😺 |
I hope you have! You are very welcome to look into the |
Relevant to issue #8