Adding i18n flash message when session is expired.

lib/devise.rb

@@ -14,7 +14,7 @@ module Devise
 
   # Maps the messages types that are used in flash message. This array is not
   # frozen, so you can add messages from your own strategies.
-  FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid ]
+  FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout ]
 
   # Declare encryptors length which are used in migrations.
   ENCRYPTORS_LENGTH = {

lib/devise/hooks/timeoutable.rb

@@ -6,10 +6,7 @@
 Warden::Manager.after_set_user do |record, warden, options|
   if record.present? && record.respond_to?(:timeout?)
     scope = options[:scope]
-    # Current record may have already be logged out by another hook.
-    # For instance, Devise confirmable hook may have logged the record out.
-    # TODO: is it possible to move this check to warden?
-    # It should stop the hooks if the record is logged out by any of them.
+    # Record may have already been logged out by another hook (ie confirmable).
     if warden.authenticated?(scope)
       last_request_at = warden.session(scope)['last_request_at']
       if record.timeout?(last_request_at)

lib/devise/locales/en.yml

@@ -6,6 +6,7 @@ en:
       unauthenticated: 'You need to sign in or sign up before continuing.'
       unconfirmed: 'You have to confirm your account before continuing.'
       invalid: 'Invalid email or password.'
+      timeout: 'Your session expired, please sign in again to continue.'
     passwords:
       send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
       updated: 'Your password was changed successfully. You are now signed in.'

test/integration/timeoutable_test.rb

@@ -15,6 +15,18 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert_not_equal old_last_request, last_request_at
   end
 
+  test 'not time out user session before default limit time' do
+    user = sign_in_as_user
+
+    # Setup last_request_at to timeout
+    get edit_user_path(user)
+    assert_not_nil last_request_at
+
+    get users_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+  end
+
   test 'time out user session after default limit time' do
     sign_in_as_user
     assert_response :success
@@ -29,18 +41,6 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
 
-  test 'not time out user session before default limit time' do
-    user = sign_in_as_user
-
-    # Setup last_request_at to timeout
-    get edit_user_path(user)
-    assert_not_nil last_request_at
-
-    get users_path
-    assert_response :success
-    assert warden.authenticated?(:user)
-  end
-
   test 'user configured timeout limit' do
     swap Devise, :timeout => 8.minutes do
       user = sign_in_as_user
@@ -57,4 +57,17 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     end
   end
 
+  test 'error message with i18n' do
+    store_translations :en, :devise => {
+      :sessions => { :user => { :timeout => 'Session expired!' } }
+    } do
+      sign_in_as_user
+      # Setup last_request_at to timeout
+      get new_user_path
+      get users_path
+      follow_redirect!
+      assert_contain 'Session expired!'
+    end
+  end
+
 end