lib/simple_auth/session.rb in simple_auth-1.2.0 vs lib/simple_auth/session.rb in simple_auth-1.3.0

@@ -5,11 +5,11 @@
     attr_accessor :model
     attr_accessor :controller
     attr_accessor :record
     attr_accessor :errors
 
-    class Errors
+    class Errors # :nodoc:all
       attr_accessor :errors
 
       def add_to_base(message)
         @errors << message
       end
@@ -33,14 +33,36 @@
       def [](attr_name)
         []
       end
     end
 
+    def self.session_key
+      "#{SimpleAuth::Config.model.to_s}_id".to_sym
+    end
+
+    def self.record_id
+      controller && controller.session[session_key]
+    end
+
+    def self.backup(&block)
+      backup = controller.session.to_hash.reject do |name, value|
+        rejected = [:session_id, session_key].include?(name.to_sym) || SimpleAuth::Config.wipeout_session && name.to_s =~ /^#{SimpleAuth::Config.model}_/
+        controller.session.delete(name) if rejected
+        rejected
+      end
+
+      yield
+
+      backup.each do |name, value|
+        controller.session[name.to_sym] = value
+      end
+    end
+
     def self.find
+      return unless controller && record_id
       session = new
-      return unless session.controller && session.controller.session[:record_id]
-      session.record = session.model.find_by_id(session.controller.session[:record_id])
+      session.record = session.model.find_by_id(record_id)
 
       if session.record
         session
       else
         nil
@@ -57,15 +79,22 @@
       new(options).tap do |session|
         session.save!
       end
     end
 
+    def self.controller
+      SimpleAuth::Config.controller
+    end
+
     def self.destroy!
-      controller = SimpleAuth::Config.controller
-      controller.session[:record_id] = nil
+      [:session_id, session_key].each {|name| controller.session.delete(name) }
+
       controller.instance_variable_set("@current_user", nil)
       controller.instance_variable_set("@current_session", nil)
+
+      backup { controller.reset_session }
+
       true
     end
 
     def self.model_name
       ActiveModel::Name.new(self)
@@ -96,25 +125,23 @@
     def valid?
       if record && record.authorized?
         true
       else
         errors.add_to_base I18n.translate("simple_auth.sessions.invalid_credentials")
-        controller.session[:record_id] = nil
+        self.class.destroy!
         false
       end
     end
 
     def record
       @record ||= model.authenticate(credential, password)
     end
 
     def save
-      if valid?
-        controller.send(:reset_session) if SimpleAuth::Config.reset_session
-        controller.session[:record_id] = record.id
-      end
+      self.class.destroy!
 
-      controller.session[:record_id] != nil
+      controller.session[self.class.session_key] = record.id if valid?
+      controller.session[self.class.session_key] != nil
     end
 
     def save!
       if valid?
         save