Merge pull request #2750 from louman/master

Timeoutable - fixes missing caller
2022-11-09 12:18:31 -05:00 · 2013-11-21 08:38:12 -08:00 · 2013-11-21 08:38:12 -08:00 · c85ecbb9ac
commit c85ecbb9ac
parent 0514e60bc4 b16899f7bf
2 changed files with 13 additions and 8 deletions
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@ -12,7 +12,7 @@ Warden::Manager.after_set_user do |record, warden, options|
    proxy = Devise::Hooks::Proxy.new(warden)

    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
-      Devise.sign_out_all_scopes ? proxy.sign_out : sign_out(scope)
+      Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)

      if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
        record.reset_authentication_token!
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@ -35,14 +35,19 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
    assert warden.authenticated?(:user)
  end

-  test 'time out user session after default limit time' do
-    user = sign_in_as_user
-    get expire_user_path(user)
-    assert_not_nil last_request_at
+  test 'time out user session after default limit time when sign_out_all_scopes is false' do
+    swap Devise, sign_out_all_scopes: false do
+      sign_in_as_admin

-    get users_path
-    assert_redirected_to users_path
-    assert_not warden.authenticated?(:user)
+      user = sign_in_as_user
+      get expire_user_path(user)
+      assert_not_nil last_request_at
+
+      get users_path
+      assert_redirected_to users_path
+      assert_not warden.authenticated?(:user)
+      assert warden.authenticated?(:admin)
+    end
  end

  test 'time out all sessions after default limit time when sign_out_all_scopes is true' do