redirect user to the referrer if latest request was not GET after timeout

closes #2421
2022-11-09 12:18:31 -05:00 · 2013-05-19 15:45:11 +03:00 · 2013-05-19 15:45:11 +03:00 · b7079c7cf2
commit b7079c7cf2
parent 4e2cdc2d5b
5 changed files with 33 additions and 3 deletions
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@ -78,7 +78,14 @@ module Devise
    def redirect_url
      if warden_message == :timeout
        flash[:timedout] = true
-        attempted_path || scope_path
+
+        path = if request.get?
+          attempted_path
+        else
+          request.referrer
+        end
+
+        path || scope_path
      else
        scope_path
      end
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@ -45,6 +45,16 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
    assert_not warden.authenticated?(:user)
  end

+  test 'time out user session after deault limit time and redirect to latest get request' do
+    user = sign_in_as_user
+    visit edit_form_user_path(user)
+
+    click_button 'Update'
+    sign_in_as_user
+
+    assert_equal edit_form_user_url(user), current_url
+  end
+
  test 'time out is not triggered on sign out' do
    user = sign_in_as_user
    get expire_user_path(user)
--- a/test/rails_app/app/controllers/users_controller.rb
+++ b/test/rails_app/app/controllers/users_controller.rb
@ -8,6 +8,14 @@ class UsersController < ApplicationController
    respond_with(current_user)
  end

+  def edit_form
+    user_session['last_request_at'] = 31.minutes.ago.utc
+  end
+
+  def update_form
+    render :text => 'Update'
+  end
+
  def accept
    @current_user = current_user
  end
--- a/test/rails_app/app/views/users/edit_form.html.erb
+++ b/test/rails_app/app/views/users/edit_form.html.erb
@ -0,0 +1 @@
+<%= button_to 'Update', update_form_user_path(current_user), method: 'put' %>
--- a/test/rails_app/config/routes.rb
+++ b/test/rails_app/config/routes.rb
@ -1,8 +1,12 @@
 Rails.application.routes.draw do
  # Resources for testing
  resources :users, :only => [:index] do
-    get :expire, :on => :member
-    get :accept, :on => :member
+    member do
+      get :expire
+      get :accept
+      get :edit_form
+      put :update_form
+    end

    authenticate do
      post :exhibit, :on => :member
				`@ -0,0 +1 @@`
				`<%= button_to 'Update', update_form_user_path(current_user), method: 'put' %>`