Add UserSession model to store user_id in sessions

pull/4816/head
Oliver Günther 8 years ago
parent cc3682f314
commit 98fdadd02c
No known key found for this signature in database
GPG Key ID: 88872239EB414F99
  1. 54
      app/models/user_session.rb
  2. 5
      config/initializers/session_store.rb
  3. 5
      db/migrate/20160824121151_add_user_id_to_sessions.rb
  4. 39
      spec/factories/user_session_factory.rb
  5. 78
      spec/models/user_session_spec.rb

@ -0,0 +1,54 @@
#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
require "active_support/core_ext/module/attribute_accessors"
class UserSession < ActiveRecord::SessionStore::Session
belongs_to :user
##
# Keep an index on the current user for the given session hash
before_save :set_user_id
##
# Delete related sessions when an active session is destroyed
after_destroy :delete_user_sessions
private
def set_user_id
write_attribute(:user_id, data['user_id'])
end
def delete_user_sessions
user_id = data['user_id']
return unless user_id && OpenProject::Configuration.drop_old_sessions_on_logout?
UserSession.where(user_id: user_id).delete_all
end
end

@ -40,3 +40,8 @@ session_options = {
}
OpenProject::Application.config.session_store session_store, session_options
##
# We use our own decorated session model to note the user_id
# for each session.
ActionDispatch::Session::ActiveRecordStore.session_class = ::UserSession

@ -0,0 +1,5 @@
class AddUserIdToSessions < ActiveRecord::Migration
def change
add_column :sessions, :user_id, :integer, index: true
end
end

@ -0,0 +1,39 @@
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
FactoryGirl.define do
factory :user_session do
sequence(:session_id) do |n| "session_#{n}" end
association :user
callback(:after_build) do |session|
session.data = {}
session.data['user_id'] = session.user.id if session.user.present?
end
end
end

@ -0,0 +1,78 @@
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
require 'spec_helper'
describe UserSession do
subject { FactoryGirl.build(:user_session, user: user) }
shared_examples 'augments the user_id attribute' do
it do
subject.save
expect(subject.user_id).to eq(user_id)
end
end
describe 'when user_id is present' do
let(:user) { FactoryGirl.build_stubbed(:user) }
let(:user_id) { user.id }
it_behaves_like 'augments the user_id attribute'
end
describe 'when user_id is nil' do
let(:user) { nil }
let(:user_id) { nil }
it_behaves_like 'augments the user_id attribute'
end
describe 'delete other sessions on destroy' do
let(:user) { FactoryGirl.build_stubbed(:user) }
let!(:sessions) { FactoryGirl.create_list(:user_session, 2, user: user) }
context 'when config is enabled',
with_config: { drop_old_sessions_on_logout: true } do
it 'destroys both sessions' do
expect(UserSession.where(user_id: user.id).count).to eq(2)
sessions.first.destroy
expect(UserSession.count).to eq(0)
end
end
context 'when config is disabled',
with_config: { drop_old_sessions_on_logout: false } do
it 'destroys only the one session' do
expect(UserSession.where(user_id: user.id).count).to eq(2)
sessions.first.destroy
expect(UserSession.count).to eq(1)
expect(UserSession.first.session_id).to eq(sessions[1].session_id)
end
end
end
end
Loading…
Cancel
Save