Rename session.valid to .available

To avoid confusion with ActiveRecord's own valid? method

app/models/passwordless/session.rb

@@ -18,10 +18,17 @@ class Session < ApplicationRecord
 
  before_validation :set_defaults
 
- scope :valid, lambda {
+ scope :available, lambda {
  where("timeout_at > ?", Time.current)
  }
 
+ def self.valid
+ available
+ end
+ class << self
+ deprecate :valid, deprecator: SessionValidDeprecation
+ end
+
  def expired?
  expires_at <= Time.current
  end
@@ -39,7 +46,7 @@ def claimed?
  !!claimed_at
  end
 
- def valid_session?
+ def available?
  !timed_out? && !expired?
  end
 

lib/passwordless.rb

@@ -16,7 +16,10 @@ module Passwordless
  mattr_accessor(:expires_at) { lambda { 1.year.from_now } }
  mattr_accessor(:timeout_at) { lambda { 1.hour.from_now } }
 
- mattr_accessor(:after_session_save) { lambda { |session, _request| Mailer.magic_link(session).deliver_now } }
+ mattr_accessor(:after_session_save) do
+ lambda { |session, _request| Mailer.magic_link(session).deliver_now }
+ end
 
- CookieDeprecation = ActiveSupport::Deprecation.new("0.8", "passwordless")
+ CookieDeprecation = ActiveSupport::Deprecation.new("0.9", "passwordless")
+ SessionValidDeprecation = ActiveSupport::Deprecation.new("0.9", "passwordless")
 end

lib/passwordless/controller_helpers.rb

@@ -49,7 +49,7 @@ def authenticate_by_cookie(authenticatable_class)
  # in cookies.encrypted or nil if nothing is found.
  # @see ModelHelpers#passwordless_with
  def authenticate_by_session(authenticatable_class)
- return unless current_passwordless_session(authenticatable_class)&.valid_session?
+ return unless current_passwordless_session(authenticatable_class)&.available?
  @current_authenticatable ||= current_passwordless_session(authenticatable_class).authenticatable
  end
 
@@ -107,6 +107,10 @@ def reset_passwordless_redirect_location!(authenticatable_class)
  session.delete redirect_session_key(authenticatable_class)
  end
 
+ def session_key(authenticatable_class)
+ :"passwordless_session_id_for_#{authenticatable_class_parameterized(authenticatable_class)}"
+ end
+
  private
 
  def authenticatable_class_parameterized(authenticatable_class)
@@ -117,10 +121,6 @@ def authenticatable_class_parameterized(authenticatable_class)
  authenticatable_class.base_class.to_s.parameterize
  end
 
- def session_key(authenticatable_class)
- :"passwordless_session_id_for_#{authenticatable_class_parameterized(authenticatable_class)}"
- end
-
  def redirect_session_key(authenticatable_class)
  :"passwordless_prev_location--#{authenticatable_class_parameterized(authenticatable_class)}"
  end

test/controllers/passwordless/sessions_controller_test.rb

@@ -12,8 +12,8 @@ def create_session_for(user)
  )
  end
 
- def session_key(authenticatable_class)
- Passwordless::SessionsController.new.send(:session_key, authenticatable_class)
+ class Helpers
+ extend Passwordless::ControllerHelpers
  end
 
  test "requesting a magic link as an existing user" do
@@ -105,7 +105,7 @@ class << User
 
  assert_equal 200, status
  assert_equal "/", path
- assert_not_nil session[session_key(user.class)]
+ assert_not_nil session[Helpers.session_key(user.class)]
  end
 
  test "signing in via a token as STI model" do
@@ -117,7 +117,7 @@ class << User
 
  assert_equal 200, status
  assert_equal "/", path
- assert_not_nil session[session_key(admin.class)]
+ assert_not_nil session[Helpers.session_key(admin.class)]
  end
 
  test "signing in and redirecting back" do
@@ -169,14 +169,14 @@ class << User
 
  passwordless_session = create_session_for user
  get "/users/sign_in/#{passwordless_session.token}"
- assert_not_nil session[session_key(user.class)]
+ assert_not_nil session[Helpers.session_key(user.class)]
 
  get "/users/sign_out"
  follow_redirect!
 
  assert_equal 200, status
  assert_equal "/", path
- assert session[session_key(user.class)].blank?
+ assert session[Helpers.session_key(user.class)].blank?
  end
 
  test "trying to sign in with an timed out session" do
@@ -188,7 +188,7 @@ class << User
  follow_redirect!
 
  assert_match "Your session has expired", flash[:error]
- assert_nil session[session_key(user.class)]
+ assert_nil session[Helpers.session_key(user.class)]
  assert_equal 200, status
  assert_equal "/", path
  end
@@ -201,7 +201,7 @@ class << User
 
  get "/users/sign_in/#{passwordless_session.token}"
  follow_redirect!
- assert_not_nil session[session_key(user.class)]
+ assert_not_nil session[Helpers.session_key(user.class)]
 
  get "/users/sign_out"
  follow_redirect!
@@ -210,7 +210,7 @@ class << User
  get "/users/sign_in/#{passwordless_session.token}"
 
  assert_match "This link has already been used", flash[:error]
- assert_nil session[session_key(user.class)]
+ assert_nil session[Helpers.session_key(user.class)]
  follow_redirect!
  assert_equal 200, status
  assert_equal "/", path

test/dummy/app/controllers/deprecated_secrets_controller.rb

@@ -3,8 +3,10 @@
 class DeprecatedSecretsController < ApplicationController
  before_action :authenticate_user!, except: [:fake_login]
 
+ # Sign in using deprecated cookie implementation
  def fake_login
- cookies.encrypted.permanent[cookie_name(fake_login_params[:authenticatable_type].constantize)] = params[:authenticatable_id]
+ key = cookie_name(fake_login_params[:authenticatable_type].constantize)
+ cookies.encrypted.permanent[key] = params[:authenticatable_id]
  end
 
  def index

test/models/passwordless/session_test.rb

@@ -14,11 +14,11 @@ def create_session(attrs = {})
  )
  end
 
- test "scope: valid" do
- valid = create_session
+ test "scope: available" do
+ available = create_session
  _timed_out = create_session timeout_at: 1.hour.ago
 
- assert_equal [valid], Session.valid.all
+ assert_equal [available], Session.available.all
  end
 
  test "expired?" do
@@ -107,16 +107,16 @@ def call(_session)
  end
  end
 
- test "valid_session? - valid session" do
- valid_session = create_session
+ test "available? - when available" do
+ available_session = create_session
 
- assert_equal valid_session.valid_session?, true
+ assert available_session.available?
  end
 
- test "valid_session? - invalid session" do
- invalid_session = create_session timeout_at: 2.years.ago, expires_at: 2.years.ago
+ test "available? - when unavailable" do
+ unavailable_session = create_session timeout_at: 2.years.ago, expires_at: 2.years.ago
 
- assert_equal invalid_session.valid_session?, false
+ refute unavailable_session.available?
  end
  end
 end