Sha256: 46e494f67b8af7c5073098d740bbe7a4259b033cc9cd120985e71b9a49862f59

Contents?: true

Size: 1.38 KB

Versions: 8

Compression:

Stored size: 1.38 KB

Contents

module MinimalistAuthentication
  module VerifiableToken
    extend ActiveSupport::Concern

    TOKEN_EXPIRATION_HOURS = 6

    # generate secure verification_token and record generation time
    def regenerate_verification_token
      update_token
    end

    def secure_update(token, attributes)
      if matches_verification_token?(token)
        update(attributes) && clear_token
      else
        errors.add(:base, 'Verfication token check failed')
        return false
      end
    end

    def matches_verification_token?(token)
      token.present? && verification_token_valid? && secure_match?(token)
    end

    def verification_token_valid?
      return false if verification_token.blank? || verification_token_generated_at.blank?
      verification_token_generated_at > TOKEN_EXPIRATION_HOURS.hours.ago
    end

    private

    def clear_token
      update_token(token: nil, time: nil)
    end

    def update_token(token: self.class.generate_unique_secure_token, time: Time.now.utc)
      update!(
        verification_token:               token,
        verification_token_generated_at:  time
      )
    end

    # Compare the tokens in a time-constant manner, to mitigate timing attacks.
    def secure_match?(token)
      ActiveSupport::SecurityUtils.secure_compare(
        ::Digest::SHA256.hexdigest(token),
        ::Digest::SHA256.hexdigest(verification_token)
      )
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version Path
minimalist_authentication-2.4.0 lib/minimalist_authentication/verifiable_token.rb
minimalist_authentication-2.3.0 lib/minimalist_authentication/verifiable_token.rb
minimalist_authentication-2.2.4 lib/minimalist_authentication/verifiable_token.rb
minimalist_authentication-2.2.3 lib/minimalist_authentication/verifiable_token.rb
minimalist_authentication-2.2.2 lib/minimalist_authentication/verifiable_token.rb
minimalist_authentication-2.2.1 lib/minimalist_authentication/verifiable_token.rb
minimalist_authentication-2.2.0 lib/minimalist_authentication/verifiable_token.rb
minimalist_authentication-2.1.5 lib/minimalist_authentication/verifiable_token.rb