search

ueberauth / guardian

Elixir Authentication
MIT License
3.43k stars 382 forks source link

add SlidingCookie plug #616

Closed mwri closed 4 years ago

mwri commented 4 years ago

Adds a SlidingCookie plug which implements a sliding window/session behaviour, allowing the remember_me cookie to be replaced before it expires.

Configure (or use plug option) like so:

config :my_app, MyApp.Guardian,
  ttl: {10, :minutes},
  sliding_cookie: {5, :minutes}

Add to Guardian pipeline, for example:

  plug Guardian.Plug.VerifyCookie
  plug Guardian.Plug.SlidingCookie
  plug Guardian.Plug.LoadResource
  plug Holco.Web.Plug.PostAuth

Provide sliding_cookie callback implementation:

defmodule MyAppWeb.Guardian do
  use Guardian, otp_app: :my_app
  def subject_for_token(user_rec, claims), do: ......
  def resource_from_claims(claims), do ......

  def sliding_cookie(claims, resource, opts) do
    {:ok, %{"new_claim" => "whatevs"}}
  end
end
codecov-io commented 4 years ago

Codecov Report

Merging #616 into master will increase coverage by 0.2%. The diff coverage is 91.3%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master     #616     +/-   ##
=========================================
+ Coverage   86.32%   86.52%   +0.2%     
=========================================
  Files          21       22      +1     
  Lines         424      438     +14     
=========================================
+ Hits          366      379     +13     
- Misses         58       59      +1
Impacted Files Coverage Δ
lib/guardian/plug/verify_cookie.ex 90% <ø> (-1.31%) :arrow_down:
lib/guardian/token/jwt.ex 85.71% <100%> (+0.34%) :arrow_up:
lib/guardian/plug.ex 85.18% <100%> (+0.56%) :arrow_up:
lib/guardian.ex 89.28% <83.33%> (-0.72%) :arrow_down:
lib/guardian/plug/sliding_cookie.ex 92.3% <92.3%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 9286581...0236c17. Read the comment docs.

mwri commented 4 years ago

Ah ha. Fixed formatting :)

mwri commented 4 years ago

Rebased on master and added :halt plug option following merge of #617. I'm not sure it really ever makes sense not to halt when the implementation is broken, but I think it's nice to be entirely consistent with the other plugs.

mwri commented 4 years ago

Sorry, I don't know how I accidentally closed it there, must have hit a key when the button was highlighted or something.

mwri commented 4 years ago

Agreed changes completed, I think.

Hanspagh commented 4 years ago

Would love to have a view from one other @ueberauth/core and a rebase from you @mwri

mwri commented 4 years ago

Rebased.

mwri commented 4 years ago

Cheers. Always a pleasure to contribute a well received PR.