suspicious_sign_in_detector.rb 837 B

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. # frozen_string_literal: true
  2. class SuspiciousSignInDetector
  3. IPV6_TOLERANCE_MASK = 64
  4. IPV4_TOLERANCE_MASK = 16
  5. def initialize(user)
  6. @user = user
  7. end
  8. def suspicious?(request)
  9. !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request)
  10. end
  11. private
  12. def sufficient_security_measures?
  13. @user.otp_required_for_login?
  14. end
  15. def previously_seen_ip?(request)
  16. @user.ips.contained_by(masked_ip(request)).exists?
  17. end
  18. def freshly_signed_up?
  19. @user.current_sign_in_at.blank?
  20. end
  21. def masked_ip(request)
  22. masked_ip_addr = begin
  23. ip_addr = IPAddr.new(request.remote_ip)
  24. if ip_addr.ipv6?
  25. ip_addr.mask(IPV6_TOLERANCE_MASK)
  26. else
  27. ip_addr.mask(IPV4_TOLERANCE_MASK)
  28. end
  29. end
  30. "#{masked_ip_addr}/#{masked_ip_addr.prefix}"
  31. end
  32. end