- Use warden.session for refresh_return_url too

- Remove "scoped" verbiage from session properties (since scope is now applied via warden); - Remove comment regarding cookie scope for otp_refresh_property (now applied via warden);
wmlele · May 30, 2024 · 1b2b175 · 1b2b175
1 parent d46ada7
commit 1b2b175
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/lib/devise_otp_authenticatable/controllers/helpers.rb b/lib/devise_otp_authenticatable/controllers/helpers.rb
@@ -39,24 +39,23 @@ def ensure_resource!
         end
       end
 
-      # fixme do cookies and persistence need to be scoped? probably
       #
       # check if the resource needs a credentials refresh. IE, they need to be asked a password again to access
       # this resource.
       #
       def needs_credentials_refresh?(resource)
         return false unless resource.class.otp_credentials_refresh
 
-        (!warden.session[otp_scoped_refresh_property].present? ||
-           (warden.session[otp_scoped_refresh_property] < DateTime.now)).tap { |need| otp_set_refresh_return_url if need }
+        (!warden.session[otp_refresh_property].present? ||
+           (warden.session[otp_refresh_property] < DateTime.now)).tap { |need| otp_set_refresh_return_url if need }
       end
 
       #
       # credentials are refreshed
       #
       def otp_refresh_credentials_for(resource)
         return false unless resource.class.otp_credentials_refresh
-        warden.session[otp_scoped_refresh_property] = (Time.now + resource.class.otp_credentials_refresh)
+        warden.session[otp_refresh_property] = (Time.now + resource.class.otp_credentials_refresh)
       end
 
       #
@@ -85,18 +84,18 @@ def otp_set_trusted_device_for(resource)
       end
 
       def otp_set_refresh_return_url
-        warden.session[otp_scoped_refresh_return_url_property] = request.fullpath
+        warden.session[otp_refresh_return_url_property] = request.fullpath
       end
 
       def otp_fetch_refresh_return_url
-        warden.session.delete(otp_scoped_refresh_return_url_property) { :root }
+        warden.session.delete(otp_refresh_return_url_property) { :root }
       end
 
-      def otp_scoped_refresh_return_url_property
-        "otp_#{resource_name}refresh_return_url".to_sym
+      def otp_refresh_return_url_property
+        :refresh_return_url
       end
 
-      def otp_scoped_refresh_property
+      def otp_refresh_property
         :credentials_refreshed_at
       end