1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

Refactoring timeoutable module and confirmable tests.

This commit is contained in:
Carlos Antonio da Silva 2009-11-22 22:33:19 -02:00
parent 099c77e867
commit 40aaa98de9
6 changed files with 57 additions and 13 deletions

View file

@ -34,7 +34,8 @@ Devise.setup do |config|
# The time the user will be remembered without asking for credentials again.
# config.remember_for = 2.weeks
# The time interval to timeout the user session without activity.
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again.
# config.timeout = 10.minutes
# Configure the e-mail address which will be shown in DeviseMailer.

View file

@ -7,7 +7,7 @@ Warden::Manager.after_set_user do |record, warden, options|
# is logged out by any of them.
if warden.authenticated?(scope)
last_request_at = warden.session(scope)['last_request_at']
if last_request_at && last_request_at <= 10.minutes.ago.utc
if record.timeout?(last_request_at)
warden.logout(scope)
throw :warden, :scope => scope, :message => :timeout
end

View file

@ -7,9 +7,12 @@ module Devise
module Timeoutable
def self.included(base)
base.class_eval do
extend ClassMethods
end
base.extend ClassMethods
end
# Checks whether the user session has expired based on configured time.
def timeout?(last_access)
last_access && last_access <= timeout.ago.utc
end
module ClassMethods

View file

@ -59,19 +59,21 @@ class ConfirmationTest < ActionController::IntegrationTest
end
test 'not confirmed user with setup to block without confirmation should not be able to sign in' do
Devise.confirm_within = 0
sign_in_as_user(:confirm => false)
swap Devise, :confirm_within => 0.days do
sign_in_as_user(:confirm => false)
assert_contain 'You have to confirm your account before continuing'
assert_not warden.authenticated?(:user)
assert_contain 'You have to confirm your account before continuing'
assert_not warden.authenticated?(:user)
end
end
test 'not confirmed user but configured with some days to confirm should be able to sign in' do
Devise.confirm_within = 1
sign_in_as_user(:confirm => false)
swap Devise, :confirm_within => 1.day do
sign_in_as_user(:confirm => false)
assert_response :success
assert warden.authenticated?(:user)
assert_response :success
assert warden.authenticated?(:user)
end
end
test 'error message is configurable by resource name' do

View file

@ -41,4 +41,20 @@ class SessionTimeoutTest < ActionController::IntegrationTest
assert warden.authenticated?(:user)
end
test 'user configured timeout limit' do
swap Devise, :timeout => 8.minutes do
user = sign_in_as_user
# Setup last_request_at to timeout
get edit_user_path(user)
assert_not_nil last_request_at
assert_response :success
assert warden.authenticated?(:user)
get users_path
assert_redirected_to new_user_session_path(:timeout => true)
assert_not warden.authenticated?(:user)
end
end
end

View file

@ -2,4 +2,26 @@ require 'test/test_helper'
class TimeoutableTest < ActiveSupport::TestCase
test 'should be expired' do
assert new_user.timeout?(11.minutes.ago)
end
test 'should not be expired' do
assert_not new_user.timeout?(9.minutes.ago)
end
test 'should not be expired when params is nil' do
assert_not new_user.timeout?(nil)
end
test 'fallback to Devise config option' do
swap Devise, :timeout => 1.minute do
user = new_user
assert user.timeout?(2.minutes.ago)
assert_not user.timeout?(30.seconds.ago)
Devise.timeout = 5.minutes
assert_not user.timeout?(2.minutes.ago)
assert user.timeout?(6.minutes.ago)
end
end
end