lib/maestrano/sso/session.rb in maestrano-0.7.0 vs lib/maestrano/sso/session.rb in maestrano-0.8.0
- old
+ new
@@ -20,19 +20,21 @@
return instance
end
def initialize(session)
self.session = session
- begin
- if mno_session = (self.session[:maestrano] || self.session['maestrano'])
- decrypted_session = JSON.parse(Base64.decode64(mno_session))
- self.uid = decrypted_session['uid']
- self.session_token = decrypted_session['session']
- self.recheck = Time.iso8601(decrypted_session['session_recheck'])
- self.group_uid = decrypted_session['group_uid']
+ if (self.session = session)
+ begin
+ if mno_session = (self.session[:maestrano] || self.session['maestrano'])
+ decrypted_session = JSON.parse(Base64.decode64(mno_session))
+ self.uid = decrypted_session['uid']
+ self.session_token = decrypted_session['session']
+ self.recheck = Time.iso8601(decrypted_session['session_recheck'])
+ self.group_uid = decrypted_session['group_uid']
+ end
+ rescue
end
- rescue
end
end
def remote_check_required?
if self.uid && self.session_token && self.recheck
@@ -62,10 +64,25 @@
end
return false
end
- def valid?
+ # Check whether this mno session is valid or not
+ # Return true if SLO is disabled (via sso.slo_enabled config
+ # param)
+ # Return false if no session defined
+ # ---
+ # opts:
+ # if_session: if true then the session will be
+ # considered valid if the http session is nil or does
+ # not have a maestrano key. Useful when the validity of
+ # a session should be restricted to maestrano users only
+ # within an application
+ def valid?(opts = {})
+ return true unless Maestrano.param('sso.slo_enabled')
+ return true if opts[:if_session] && (!self.session || (!self.session[:maestrano] && !self.session['maestrano']))
+ return false unless self.session
+
if self.remote_check_required?
if perform_remote_check
self.save
return true
else
\ No newline at end of file