move check/redirection to refresh_credentials! helper; update CHANGEL…

…OG for changes;
wmlele · May 22, 2024 · abf2cb3 · abf2cb3
1 parent b70e0d0
commit abf2cb3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 16 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,12 +2,15 @@
 
 ## UNRELEASED
 
-Summary: Update the needs_credentials_refresh? method to take utilize current_sign_in_at when available
+Use dedicated devise hook for refreshing credentials.
 
 Details:
-- Update needs_credentials_refresh? method to reference current_sign_in_at when present;
-- Break apart needs_credential_refresh? method, and set return URL within otp_tokens controller for simplicity;
-- Remove 'refresh_otp_credentials_for(resource)' from create_otp_session method (no longer needed);
+- Add credentials_refreshed_at field, and uses this for checking whether credential refresh is needed;
+- Remove "refresh_otp_credentials" method from session hook, and set return location via otp_tokens controller;
+- Simplify needs_credential_refresh? helper;
+
+Breaking Changes:
+- Requires adding the credentials_refreshed_at field to the database;
 
 ## UNRELEASED
 

diff --git a/app/controllers/devise_otp/devise/otp_tokens_controller.rb b/app/controllers/devise_otp/devise/otp_tokens_controller.rb
@@ -3,7 +3,7 @@ module Devise
     class OtpTokensController < DeviseController
       include ::Devise::Controllers::Helpers
 
-      prepend_before_action :ensure_credentials_refresh
+      prepend_before_action :refresh_credentials!
       prepend_before_action :authenticate_scope!
 
       protect_from_forgery except: [:clear_persistence, :delete_persistence]
@@ -97,16 +97,6 @@ def recovery
 
       private
 
-      def ensure_credentials_refresh
-        ensure_resource!
-
-        if needs_credentials_refresh?(resource)
-          otp_set_refresh_return_url
-          otp_set_flash_message :notice, :need_to_refresh_credentials
-          redirect_to refresh_otp_credential_path_for(resource)
-        end
-      end
-
       def scope
         resource_name.to_sym
       end

diff --git a/lib/devise_otp_authenticatable/controllers/helpers.rb b/lib/devise_otp_authenticatable/controllers/helpers.rb
@@ -39,8 +39,19 @@ def ensure_resource!
         end
       end
 
-      # fixme do cookies and persistence need to be scoped? probably
+      # check if the resource needs a credentials refresh, and redirect if needed
+      # this resource.
       #
+      def refresh_credentials!
+        ensure_resource!
+
+        if needs_credentials_refresh?(resource)
+          otp_set_refresh_return_url
+          otp_set_flash_message :notice, :need_to_refresh_credentials
+          redirect_to refresh_otp_credential_path_for(resource)
+        end
+      end
+
       # check if the resource needs a credentials refresh. IE, they need to be asked a password again to access
       # this resource.
       #