From 40aaa98de968b19b0f4070155e602bdcdf628659 Mon Sep 17 00:00:00 2001
From: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
Date: Sun, 22 Nov 2009 22:33:19 -0200
Subject: [PATCH] Refactoring timeoutable module and confirmable tests.

---
 generators/devise_install/templates/devise.rb |  3 ++-
 lib/devise/hooks/timeoutable.rb               |  2 +-
 lib/devise/models/timeoutable.rb              |  9 +++++---
 test/integration/confirmable_test.rb          | 18 ++++++++-------
 test/integration/timeoutable_test.rb          | 16 ++++++++++++++
 test/models/timeoutable_test.rb               | 22 +++++++++++++++++++
 6 files changed, 57 insertions(+), 13 deletions(-)

diff --git a/generators/devise_install/templates/devise.rb b/generators/devise_install/templates/devise.rb
index a8c035e5..3aae7033 100644
--- a/generators/devise_install/templates/devise.rb
+++ b/generators/devise_install/templates/devise.rb
@@ -34,7 +34,8 @@ Devise.setup do |config|
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
 
-  # The time interval to timeout the user session without activity.
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again.
   # config.timeout = 10.minutes
 
   # Configure the e-mail address which will be shown in DeviseMailer.
diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb
index 3bcb552b..af0d92cb 100644
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@@ -7,7 +7,7 @@ Warden::Manager.after_set_user do |record, warden, options|
     # is logged out by any of them.
     if warden.authenticated?(scope)
       last_request_at = warden.session(scope)['last_request_at']
-      if last_request_at && last_request_at <= 10.minutes.ago.utc
+      if record.timeout?(last_request_at)
         warden.logout(scope)
         throw :warden, :scope => scope, :message => :timeout
       end
diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb
index f18e1d07..8466ed7a 100644
--- a/lib/devise/models/timeoutable.rb
+++ b/lib/devise/models/timeoutable.rb
@@ -7,9 +7,12 @@ module Devise
     module Timeoutable
 
       def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-        end
+        base.extend ClassMethods
+      end
+
+      # Checks whether the user session has expired based on configured time.
+      def timeout?(last_access)
+        last_access && last_access <= timeout.ago.utc
       end
 
       module ClassMethods
diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb
index 90bdb367..6444aec0 100644
--- a/test/integration/confirmable_test.rb
+++ b/test/integration/confirmable_test.rb
@@ -59,19 +59,21 @@ class ConfirmationTest < ActionController::IntegrationTest
   end
 
   test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
-    Devise.confirm_within = 0
-    sign_in_as_user(:confirm => false)
+    swap Devise, :confirm_within => 0.days do
+      sign_in_as_user(:confirm => false)
 
-    assert_contain 'You have to confirm your account before continuing'
-    assert_not warden.authenticated?(:user)
+      assert_contain 'You have to confirm your account before continuing'
+      assert_not warden.authenticated?(:user)
+    end
   end
 
   test 'not confirmed user but configured with some days to confirm should be able to sign in' do
-    Devise.confirm_within = 1
-    sign_in_as_user(:confirm => false)
+    swap Devise, :confirm_within => 1.day do
+      sign_in_as_user(:confirm => false)
 
-    assert_response :success
-    assert warden.authenticated?(:user)
+      assert_response :success
+      assert warden.authenticated?(:user)
+    end
   end
 
   test 'error message is configurable by resource name' do
diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb
index 4cce312a..8046b723 100644
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@@ -41,4 +41,20 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert warden.authenticated?(:user)
   end
 
+  test 'user configured timeout limit' do
+    swap Devise, :timeout => 8.minutes do
+      user = sign_in_as_user
+
+      # Setup last_request_at to timeout
+      get edit_user_path(user)
+      assert_not_nil last_request_at
+      assert_response :success
+      assert warden.authenticated?(:user)
+
+      get users_path
+      assert_redirected_to new_user_session_path(:timeout => true)
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
 end
diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb
index 7d1da8b1..9d1ebabb 100644
--- a/test/models/timeoutable_test.rb
+++ b/test/models/timeoutable_test.rb
@@ -2,4 +2,26 @@ require 'test/test_helper'
 
 class TimeoutableTest < ActiveSupport::TestCase
 
+  test 'should be expired' do
+    assert new_user.timeout?(11.minutes.ago)
+  end
+
+  test 'should not be expired' do
+    assert_not new_user.timeout?(9.minutes.ago)
+  end
+
+  test 'should not be expired when params is nil' do
+    assert_not new_user.timeout?(nil)
+  end
+
+  test 'fallback to Devise config option' do
+    swap Devise, :timeout => 1.minute do
+      user = new_user
+      assert user.timeout?(2.minutes.ago)
+      assert_not user.timeout?(30.seconds.ago)
+      Devise.timeout = 5.minutes
+      assert_not user.timeout?(2.minutes.ago)
+      assert user.timeout?(6.minutes.ago)
+    end
+  end
 end