#105 ✓hold
trevor

acts_as_authentic not taking config

Reported by trevor | May 14th, 2009 @ 04:50 PM

model -

class User < ActiveRecord::Base
  acts_as_authentic do |c|

c.perishable_token_valid_for = 2.hours



end end

this still defaults to ten minutes -

User.find_using_perishable_token(params[:id])

but passing in the option manually works -

User.find_using_perishable_token(params[:id], 2.hours)

Comments and changes to this ticket

  • Ben Johnson

    Ben Johnson May 28th, 2009 @ 03:52 AM

    • State changed from “new” to “open”

    I will look at this, I'm guess passing that config option as a default argument isn't going to fly. I'll try and fix this shortly.

  • Ben Johnson

    Ben Johnson June 3rd, 2009 @ 03:30 AM

    • State changed from “open” to “hold”

    I just wrote a bunch of tests and all of these pass. I can't duplicate the error:

    def test_find_using_perishable_token
          ben = users(:ben)
          assert_equal ben, User.find_using_perishable_token(ben.perishable_token)
        end
        
        def test_find_using_perishable_token_when_perished
          ben = users(:ben)
          ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{1.week.ago.to_s(:db)}' where id = #{ben.id}")
          assert_nil User.find_using_perishable_token(ben.perishable_token)
        end
        
        def test_find_using_perishable_token_when_perished
          User.perishable_token_valid_for = 1.minute
          ben = users(:ben)
          ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{2.minutes.ago.to_s(:db)}' where id = #{ben.id}")
          assert_nil User.find_using_perishable_token(ben.perishable_token)
          User.perishable_token_valid_for = 10.minutes
        end
        
        def test_find_using_perishable_token_when_passing_threshold
          User.perishable_token_valid_for = 1.minute
          ben = users(:ben)
          ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{10.minutes.ago.to_s(:db)}' where id = #{ben.id}")
          assert_nil User.find_using_perishable_token(ben.perishable_token, 5.minutes)
          assert_equal ben, User.find_using_perishable_token(ben.perishable_token, 20.minutes)
          User.perishable_token_valid_for = 10.minutes
        end
    

    Are you still having this issue?

  • Hans de Graaff

    Hans de Graaff July 8th, 2009 @ 03:59 AM

    I thought I had this problem as well, but it turns out that something else is going on.

    The perishable_token is changed whenever something in the user record is saved. This means that if I send someone the perishable token, and then save the user record, then a new perishable token is generated and things don't work anymore.

    I think that the persishable token should only be updated on save when it has expired according to the valid_for time, instead of unconditionally.

  • Hans de Graaff

    Hans de Graaff July 8th, 2009 @ 04:08 AM

    Looking at the code further it seems like this may be hard because the perishable_token code assumes that the updated_at field is a proper indicator of the age of the token, but this is not true when other things have changed in the meantime.

    Solutions I can think of are to include a separate timestamp in the record or to encode the time in the token.

  • sdasfdf

    sdasfdf September 2nd, 2018 @ 03:08 PM

    Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
    3d emulator
    Cartoon HD
    Wps Wpa Tester

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Pages