mastodon/app/models/session_activation.rb

# frozen_string_literal: true
# == Schema Information
#
# Table name: session_activations
#
#  id                       :bigint(8)        not null, primary key
#  session_id               :string           not null
#  created_at               :datetime         not null
#  updated_at               :datetime         not null
#  user_agent               :string           default(""), not null
#  ip                       :inet
#  access_token_id          :bigint(8)
#  user_id                  :bigint(8)        not null
#  web_push_subscription_id :bigint(8)
#

class SessionActivation < ApplicationRecord
  belongs_to :user, inverse_of: :session_activations
  belongs_to :access_token, class_name: 'Doorkeeper::AccessToken', dependent: :destroy, optional: true
  belongs_to :web_push_subscription, class_name: 'Web::PushSubscription', dependent: :destroy, optional: true

  delegate :token,
           to: :access_token,
           allow_nil: true

  def detection
    @detection ||= Browser.new(user_agent)
  end

  def browser
    detection.id
  end

  def platform
    detection.platform.id
  end

  before_create :assign_access_token
  before_save   :assign_user_agent

  class << self
    def active?(id)
      id && where(session_id: id).exists?
    end

    def activate(**options)
      activation = create!(options)
      purge_old
      activation
    end

    def deactivate(id)
      return unless id
      where(session_id: id).destroy_all
    end

    def purge_old
      order('created_at desc').offset(Rails.configuration.x.max_session_activations).destroy_all
    end

    def exclusive(id)
      where('session_id != ?', id).destroy_all
    end
  end

  private

  def assign_user_agent
    self.user_agent = '' if user_agent.nil?
  end

  def assign_access_token
    self.access_token = Doorkeeper::AccessToken.create!(access_token_attributes)
  end

  def access_token_attributes
    {
      application_id: Doorkeeper::Application.find_by(superapp: true)&.id,
      resource_owner_id: user_id,
      scopes: 'read write follow',
      expires_in: Doorkeeper.configuration.access_token_expires_in,
      use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?,
    }
  end
end
Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00			`# frozen_string_literal: true`
			`# == Schema Information`
			`#`
			`# Table name: session_activations`
			`#`
Update dependencies for Ruby (2018-04-23) (#7237) * Update annotate to version 2.7.3 * Update aws-sdk-s3 to version 1.9.2 * Update browser to version 2.5.3 * Update capistrano to version 3.10.2 * Update domain_name to version 0.5.20180417 * Update http to version 3.2.0 * Update lograge to version 0.10.0 * Update oj to version 3.5.1 * Update parallel_tests to version 2.21.3 * Update puma to version 3.11.4 * Update rubocop to version 0.55.0 * Update scss_lint to version 0.57.0 * Update simplecov to version 0.16.1 * Update tty-command to version 0.8.0 * Update tty-prompt to version 0.16.0 * Update pkg-config to version 1.3.0 * Update fog-local to version 0.5.0 * Update fog-openstack to version 0.1.25 * Update devise-two-factor to version 3.0.3 * bundle update 2018-04-23 11:29:17 +02:00			`# id :bigint(8) not null, primary key`
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator 2017-07-13 22:15:32 +02:00			`# session_id :string not null`
			`# created_at :datetime not null`
			`# updated_at :datetime not null`
			`# user_agent :string default(""), not null`
			`# ip :inet`
Update dependencies for Ruby (2018-04-23) (#7237) * Update annotate to version 2.7.3 * Update aws-sdk-s3 to version 1.9.2 * Update browser to version 2.5.3 * Update capistrano to version 3.10.2 * Update domain_name to version 0.5.20180417 * Update http to version 3.2.0 * Update lograge to version 0.10.0 * Update oj to version 3.5.1 * Update parallel_tests to version 2.21.3 * Update puma to version 3.11.4 * Update rubocop to version 0.55.0 * Update scss_lint to version 0.57.0 * Update simplecov to version 0.16.1 * Update tty-command to version 0.8.0 * Update tty-prompt to version 0.16.0 * Update pkg-config to version 1.3.0 * Update fog-local to version 0.5.0 * Update fog-openstack to version 0.1.25 * Update devise-two-factor to version 3.0.3 * bundle update 2018-04-23 11:29:17 +02:00			`# access_token_id :bigint(8)`
			`# user_id :bigint(8) not null`
			`# web_push_subscription_id :bigint(8)`
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator 2017-07-13 22:15:32 +02:00			`#`

Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00			`class SessionActivation < ApplicationRecord`
Change belongs_to_required_by_default to true (#5888) 2018-01-19 20:56:47 +01:00			`belongs_to :user, inverse_of: :session_activations`
			`belongs_to :access_token, class_name: 'Doorkeeper::AccessToken', dependent: :destroy, optional: true`
			`belongs_to :web_push_subscription, class_name: 'Web::PushSubscription', dependent: :destroy, optional: true`
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 23:51:32 +02:00
			`delegate :token,`
			`to: :access_token,`
			`allow_nil: true`

Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test 2017-06-25 16:54:30 +02:00			`def detection`
			`@detection \|\|= Browser.new(user_agent)`
Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00			`end`

Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test 2017-06-25 16:54:30 +02:00			`def browser`
			`detection.id`
Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00			`end`

Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test 2017-06-25 16:54:30 +02:00			`def platform`
			`detection.platform.id`
Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00			`end`

Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 23:51:32 +02:00			`before_create :assign_access_token`
			`before_save :assign_user_agent`
Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00
Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test 2017-06-25 16:54:30 +02:00			`class << self`
			`def active?(id)`
			`id && where(session_id: id).exists?`
			`end`

Using double splat operator (#5859) 2017-12-06 11:41:57 +01:00			`def activate(**options)`
Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test 2017-06-25 16:54:30 +02:00			`activation = create!(options)`
			`purge_old`
			`activation`
			`end`

			`def deactivate(id)`
			`return unless id`
			`where(session_id: id).destroy_all`
			`end`

			`def purge_old`
			`order('created_at desc').offset(Rails.configuration.x.max_session_activations).destroy_all`
			`end`

			`def exclusive(id)`
			`where('session_id != ?', id).destroy_all`
			`end`
Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00			`end`
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 23:51:32 +02:00
			`private`

			`def assign_user_agent`
			`self.user_agent = '' if user_agent.nil?`
			`end`

			`def assign_access_token`
Fix streaming API allowing connections to persist after access token invalidation (#15111) Fix #14816 2020-11-12 23:05:24 +01:00			`self.access_token = Doorkeeper::AccessToken.create!(access_token_attributes)`
			`end`
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 23:51:32 +02:00
Fix streaming API allowing connections to persist after access token invalidation (#15111) Fix #14816 2020-11-12 23:05:24 +01:00			`def access_token_attributes`
			`{`
			`application_id: Doorkeeper::Application.find_by(superapp: true)&.id,`
			`resource_owner_id: user_id,`
			`scopes: 'read write follow',`
			`expires_in: Doorkeeper.configuration.access_token_expires_in,`
			`use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?,`
			`}`
Bind web UI access tokens to sessions (#3940) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix test 2017-06-25 23:51:32 +02:00			`end`
Revocable sessions (#3616) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations 2017-06-23 18:50:53 +02:00			`end`