Making sure timeoutable respects rememberable if both are loaded.

2022-11-09 12:18:31 -05:00 · 2010-09-29 12:21:07 +08:00 · 2010-09-29 12:21:07 +08:00 · 16c39a9f17
commit 16c39a9f17
parent fbb77a6edd
2 changed files with 21 additions and 2 deletions
--- a/lib/devise/models/timeoutable.rb
+++ b/lib/devise/models/timeoutable.rb
@ -22,9 +22,19 @@ module Devise

      # Checks whether the user session has expired based on configured time.
      def timedout?(last_access)
+        return false if remember_exists_and_not_expired?
+        
        last_access && last_access <= self.class.timeout_in.ago
      end
      
+      private
+      
+      def remember_exists_and_not_expired?
+        return false unless respond_to?(:remember_expired?)
+        
+        remember_created_at && !remember_expired?
+      end
+      
      module ClassMethods
        Devise::Models.config(self, :timeout_in)
      end
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@ -77,4 +77,13 @@ class SessionTimeoutTest < ActionController::IntegrationTest
    end
  end
  
+  test 'time out not triggered if remembered' do
+    user = sign_in_as_user :remember_me => true
+    get expire_user_path(user)
+    assert_not_nil last_request_at
+    
+    get users_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+  end
 end