Do not trigger timeout on sign in related actions

2022-11-09 12:18:31 -05:00 · 2012-06-16 13:24:07 +02:00 · 2012-06-16 13:24:07 +02:00 · 41a91188f5
commit 41a91188f5
parent 4def600076
5 changed files with 19 additions and 5 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@ -6,6 +6,7 @@

 * bug fix
  * `update_with_password` now relies on assign_attributes and forwards the :as option (by @wtn)
+  * Do not trigger timeout on sign in related actions

 * deprecations
  * Strategy#validate() no longer validates nil resources
--- a/app/controllers/devise/omniauth_callbacks_controller.rb
+++ b/app/controllers/devise/omniauth_callbacks_controller.rb
@ -1,4 +1,6 @@
 class Devise::OmniauthCallbacksController < DeviseController
+  prepend_before_filter { request.env["devise.skip_timeout"] = true }
+
  def failure
    set_flash_message :alert, :failure, :kind => failed_strategy.name.to_s.humanize, :reason => failure_message
    redirect_to after_omniauth_failure_path_for(resource_name)
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@ -1,6 +1,7 @@
 class Devise::SessionsController < DeviseController
  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
  prepend_before_filter :allow_params_authentication!, :only => :create
+  prepend_before_filter { request.env["devise.skip_timeout"] = true }

  # GET /resource/sign_in
  def new
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@ -5,17 +5,18 @@
 # verify timeout in the following request.
 Warden::Manager.after_set_user do |record, warden, options|
  scope = options[:scope]
+  env   = warden.request.env

  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
    last_request_at = warden.session(scope)['last_request_at']

-    if record.timedout?(last_request_at)
+    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
      warden.logout(scope)
      record.reset_authentication_token! if record.respond_to?(:reset_authentication_token!) && record.expire_auth_token_on_timeout
      throw :warden, :scope => scope, :message => :timeout
    end

-    unless warden.request.env['devise.skip_trackable']
+    unless env['devise.skip_trackable']
      warden.session(scope)['last_request_at'] = Time.now.utc
    end
  end
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@ -25,7 +25,7 @@ class SessionTimeoutTest < ActionController::IntegrationTest
    assert_equal old_last_request, last_request_at
  end

-  test 'not time out user session before default limit time' do
+  test 'does not time out user session before default limit time' do
    sign_in_as_user
    assert_response :success
    assert warden.authenticated?(:user)
@ -53,12 +53,21 @@ class SessionTimeoutTest < ActionController::IntegrationTest

    assert_response :redirect
    assert_redirected_to root_path
-
    follow_redirect!
-
    assert_contain 'Signed out successfully'
  end

+  test 'time out is not triggered on sign in' do
+    user = sign_in_as_user
+    get expire_user_path(user)
+
+    post "/users/sign_in", :email => user.email, :password => "123456"
+
+    assert_response :redirect
+    follow_redirect!
+    assert_contain 'You are signed in'
+  end
+
  test 'user configured timeout limit' do
    swap Devise, :timeout_in => 8.minutes do
      user = sign_in_as_user