feat: support for storing ip address countries

Author: adamcooke

README.md

@@ -292,6 +292,16 @@ class LoginController < ApplicationController
 end
 ```
 
+## Storing IP address countries
+
+Authie has support for storing the country that an IP address is located in whenever they are saved to the database. To use this, you need to specify a backend to use in the Authie configuration. The backend should respond to `#call(ip_address)`.
+
+```ruby
+Authie.config.lookup_ip_country_backend = proc do |ip_address|
+  SomeService.lookup_country_from_ip(ip_address)
+end
+```
+
 ## Instrumentation/Notification
 
 Authie will publish events to the ActiveSupport::Notification instrumentation system. The following events are published

db/migrate/20230627165500_add_countries_to_authie_sessions.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class AddCountriesToAuthieSessions < ActiveRecord::Migration[6.1]
+  def change
+    add_column :authie_sessions, :login_ip_country, :string
+    add_column :authie_sessions, :two_factored_ip_country, :string
+    add_column :authie_sessions, :last_activity_ip_country, :string
+  end
+end

lib/authie/config.rb

@@ -8,6 +8,7 @@ class Config
     attr_accessor :browser_id_cookie_name
     attr_accessor :session_token_length
     attr_accessor :extend_session_expiry_on_touch
+    attr_accessor :ip_lookup
 
     def initialize
       @session_inactivity_timeout = 12.hours
@@ -16,6 +17,13 @@ def initialize
       @browser_id_cookie_name = :browser_id
       @session_token_length = 64
       @extend_session_expiry_on_touch = false
+      @lookup_ip_country_backend = nil
+    end
+
+    def lookup_ip_country(ip)
+      return nil if @lookup_ip_country_backend.nil?
+
+      @lookup_ip_country_backend.call(ip)
     end
   end
 

lib/authie/session.rb

@@ -96,7 +96,11 @@ def invalidate
     # @return [Authie::Session]
     def touch
       @session.last_activity_at = Time.now
+      if @controller.request.ip != @session.last_activity_ip
+        @session.last_activity_ip_country = Authie.config.lookup_ip_country(@controller.request.ip)
+      end
       @session.last_activity_ip = @controller.request.ip
+
       @session.last_activity_path = @controller.request.path
       @session.requests += 1
       extend_session_expiry_if_appropriate
@@ -124,6 +128,7 @@ def see_password
     def mark_as_two_factored(skip: nil)
       @session.two_factored_at = Time.now
       @session.two_factored_ip = @controller.request.ip
+      @session.two_factored_ip_country = Authie.config.lookup_ip_country(@controller.request.ip)
       @session.skip_two_factor = skip unless skip.nil?
       @session.save!
       Authie.notify(:mark_as_two_factor, session: self)
@@ -244,6 +249,7 @@ def start(controller, user:, persistent: false, see_password: false, **params)
         session.browser_id = cookies[:browser_id]
         session.login_at = Time.now
         session.login_ip = controller.request.ip
+        session.login_ip_country = Authie.config.lookup_ip_country(session.login_ip)
         session.host = controller.request.host
         session.user_agent = controller.request.user_agent
         session.expires_at = Time.now + Authie.config.persistent_session_length if persistent
@@ -298,9 +304,11 @@ def get_session(controller)
     delegate :invalidate_others!, to: :session
     delegate :last_activity_at, to: :session
     delegate :last_activity_ip, to: :session
+    delegate :last_activity_ip_country, to: :session
     delegate :last_activity_path, to: :session
     delegate :login_at, to: :session
     delegate :login_ip, to: :session
+    delegate :login_ip_country, to: :session
     delegate :password_seen_at, to: :session
     delegate :persisted?, to: :session
     delegate :persistent?, to: :session
@@ -311,6 +319,7 @@ def get_session(controller)
     delegate :token_hash, to: :session
     delegate :two_factored_at, to: :session
     delegate :two_factored_ip, to: :session
+    delegate :two_factored_ip_country, to: :session
     delegate :two_factored?, to: :session
     delegate :skip_two_factor?, to: :session
     delegate :update, to: :session

spec/lib/session_spec.rb

@@ -142,6 +142,21 @@
       expect(session.last_activity_ip).to eq '1.2.3.4'
     end
 
+    it 'sets the last activity IP country' do
+      allow(controller.request).to receive(:ip).and_return('1.2.3.4')
+      allow(Authie.config).to receive(:lookup_ip_country).with('1.2.3.4').and_return('FR')
+      session.touch
+      expect(session.last_activity_ip_country).to eq 'FR'
+    end
+
+    it 'does not lookup an IP if the last activity IP does not change' do
+      allow(controller.request).to receive(:ip).and_return('1.2.3.4')
+      session.update!(last_activity_ip: '1.2.3.4', last_activity_ip_country: 'FR')
+      expect(Authie.config).to_not receive(:lookup_ip_country)
+      session.touch
+      expect(session.last_activity_ip_country).to eq 'FR'
+    end
+
     it 'sets the last activity path' do
       allow(controller.request).to receive(:path).and_return('/blah/blah')
       session.touch
@@ -250,6 +265,13 @@
       expect(session.two_factored_ip).to eq '1.2.3.4'
     end
 
+    it 'sets the ip address country' do
+      allow(controller.request).to receive(:ip).and_return('1.2.3.4')
+      allow(Authie.config).to receive(:lookup_ip_country).with('1.2.3.4').and_return('AU')
+      session.mark_as_two_factored
+      expect(session.two_factored_ip_country).to eq 'AU'
+    end
+
     it 'it dispatched an event' do
       expect(Authie).to receive(:notify).with(:mark_as_two_factor, session: session)
       session.mark_as_two_factored
@@ -320,6 +342,14 @@
       end
     end
 
+    it 'adds the login IP coutnry' do
+      allow(Authie.config).to receive(:lookup_ip_country).with('1.2.3.4').and_return('GB')
+      allow(controller.request).to receive(:ip).and_return('1.2.3.4')
+      session = described_class.start(controller, user: user)
+      expect(session).to be_a Authie::Session
+      expect(session.session.login_ip_country).to eq 'GB'
+    end
+
     it 'invalidates all other sessions for the same browser' do
       existing_session = Authie::SessionModel.create!(user: user, active: true, browser_id: browser_id)
       described_class.start(controller, user: user)