| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- module AuthenticationHelper
- def log_in(user, remember, new=true)
- reset_session
- expiry = 6.hours.since
- session[:user_id] = user.id
- session[:expires] = expiry
- if new
- if remember == 1
- token = Session.new_token
- cookies.signed.permanent[:remember_token] = token
- cookies.signed.permanent[:user_id] = user.id
- else
- token = nil
- end
- s = Session.create!(
- user: user,
- ip: request.remote_ip,
- expires: expiry,
- remember_digest: token ? Session.digest(token) : nil
- )
- if remember
- cookies.signed.permanent[:session_id] = s.id
- end
- end
- end
- def is_logged_in?
- # Case 1: User has an active session inside the cookie.
- # We verify that the session hasn't expired yet.
- if session[:user_id] && session[:expires].to_time > DateTime.now
- return true
- else
- # Case 2: User is returning and has a remember token saved.
- # We get the Session, check the token and expiry, and log the user in.
- if cookies.signed.permanent[:remember_token] && cookies.signed.permanent[:user_id] &&
- cookies.signed.permanent[:session_id]
- s = Session.find_by(
- id: cookies.signed.permanent[:session_id]
- )
- if s.nil? || s.remember_digest.nil?
- return false
- end
- session_password = BCrypt::Password.new s.remember_digest
- if s.expires > DateTime.now && session_password == cookies.signed.permanent[:remember_token]
- log_in s.user, false, false
- return true
- end
- return false
- end
- return false
- end
- end
- end
|
