heartcombo--devise/lib/devise/hooks/timeoutable.rb

# Each time a record is set we check whether its session has already timed out
# or not, based on last request time. If so, the record is logged out and
# redirected to the sign in page. Also, each time the request comes and the
# record is set, we set the last request time inside its scoped session to
# verify timeout in the following request.
Warden::Manager.after_set_user do |record, warden, options|
  scope = options[:scope]

  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
    last_request_at = warden.session(scope)['last_request_at']

    if record.timedout?(last_request_at)
      path_checker = Devise::PathChecker.new(warden.env, scope)
      unless path_checker.signing_out?
        warden.logout(scope)
        throw :warden, :scope => scope, :message => :timeout
      end
    end

    unless warden.request.env['devise.skip_trackable']
      warden.session(scope)['last_request_at'] = Time.now.utc
    end
  end
end
Move remember_me hook inside strategies. 2010-03-31 19:43:19 +00:00			`# Each time a record is set we check whether its session has already timed out`
Improving docs about timeoutable 2009-11-23 01:29:03 +00:00			`# or not, based on last request time. If so, the record is logged out and`
			`# redirected to the sign in page. Also, each time the request comes and the`
Fix usage of "its" / "it's" in documentation 2011-08-16 20:06:13 +00:00			`# record is set, we set the last request time inside its scoped session to`
Improving docs about timeoutable 2009-11-23 01:29:03 +00:00			`# verify timeout in the following request.`
Introducing timeoutable to timeout sessions without activity. 2009-11-23 00:19:29 +00:00			`Warden::Manager.after_set_user do \|record, warden, options\|`
Added trackable for sign_in_count, sign_in_at and sign_in_ip. 2009-11-24 17:18:42 +00:00			`scope = options[:scope]`
Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 10:39:20 +00:00
Preventing timeoutable from interfering with stateless tokens. Signed-off-by: José Valim <jose.valim@gmail.com> 2011-02-14 15:45:00 +00:00			`if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false`
Added trackable for sign_in_count, sign_in_at and sign_in_ip. 2009-11-24 17:18:42 +00:00			`last_request_at = warden.session(scope)['last_request_at']`
Bring rememberable back. 2010-01-14 14:47:14 +00:00
			`if record.timedout?(last_request_at)`
Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 10:39:20 +00:00			`path_checker = Devise::PathChecker.new(warden.env, scope)`
			`unless path_checker.signing_out?`
			`warden.logout(scope)`
Don't pass options forward, this fixes uncaught warden error. Unfortunately could not write a test for it, although easily reproducible in Rails applications. Closes #754 2011-01-03 15:24:07 +00:00			`throw :warden, :scope => scope, :message => :timeout`
Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 10:39:20 +00:00			`end`
Introducing timeoutable to timeout sessions without activity. 2009-11-23 00:19:29 +00:00			`end`
Bring rememberable back. 2010-01-14 14:47:14 +00:00
Timeoutable also skips tracking if skip_trackable is given 2011-10-25 16:43:34 +00:00			`unless warden.request.env['devise.skip_trackable']`
			`warden.session(scope)['last_request_at'] = Time.now.utc`
			`end`
Introducing timeoutable to timeout sessions without activity. 2009-11-23 00:19:29 +00:00			`end`
			`end`