Add session expiration delay configuration through UI application

settings

CHANGELOG

@@ -1,6 +1,7 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.12.0 (unreleased)
+  - Add session expiration delay configuration through UI application settings
   - Don't notify users mentioned in code blocks or blockquotes.
   - Disable changing of the source branch in merge request update API (Stan Hu)
   - Shorten merge request WIP text.
@@ -1497,4 +1498,4 @@ v 0.8.0
   - stability
   - security fixes
   - increased test coverage
-  - email notification
+  - email notification

app/controllers/admin/application_settings_controller.rb

@@ -40,6 +40,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :home_page_url,
       :after_sign_out_path,
       :max_attachment_size,
+      :session_expire_seconds,
       :default_project_visibility,
       :default_snippet_visibility,
       :restricted_signup_domains_raw,

app/models/application_setting.rb

@@ -15,6 +15,7 @@
 #  twitter_sharing_enabled      :boolean          default(TRUE)
 #  restricted_visibility_levels :text
 #  max_attachment_size          :integer          default(10), not null
+#  session_expire_seconds       :integer          default(604800), not null
 #  default_project_visibility   :integer
 #  default_snippet_visibility   :integer
 #  restricted_signup_domains    :text
@@ -61,6 +62,7 @@ class ApplicationSetting < ActiveRecord::Base
       sign_in_text: Settings.extra['sign_in_text'],
       restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
       max_attachment_size: Settings.gitlab['max_attachment_size'],
+      session_expire_seconds: Settings.gitlab['session_expire_seconds'],
       default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
       default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
       restricted_signup_domains: Settings.gitlab['restricted_signup_domains']

app/views/admin/application_settings/_form.html.haml

@@ -83,6 +83,10 @@
       = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2'
       .col-sm-10
         = f.number_field :max_attachment_size, class: 'form-control'
+    .form-group
+      = f.label :session_expire_seconds, 'Session duration (seconds)', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.number_field :session_expire_seconds, class: 'form-control'
     .form-group
       = f.label :restricted_signup_domains, 'Restricted domains for sign-ups', class: 'control-label col-sm-2'
       .col-sm-10

config/initializers/1_settings.rb

@@ -128,6 +128,7 @@ Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e
 Settings.gitlab['default_projects_features'] ||= {}
 Settings.gitlab['webhook_timeout'] ||= 10
 Settings.gitlab['max_attachment_size'] ||= 10
+Settings.gitlab['session_expire_seconds'] ||= 604800
 Settings.gitlab.default_projects_features['issues']         = true if Settings.gitlab.default_projects_features['issues'].nil?
 Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
 Settings.gitlab.default_projects_features['wiki']           = true if Settings.gitlab.default_projects_features['wiki'].nil?

config/initializers/session_store.rb

@@ -6,6 +6,6 @@ Gitlab::Application.config.session_store(
   key: '_gitlab_session',
   secure: Gitlab.config.gitlab.https,
   httponly: true,
-  expire_after: 1.week,
+  expire_after: ActiveRecord::Base.connected? && ActiveRecord::Base.connection.table_exists?('application_settings') ? ApplicationSetting.current.session_expire_seconds : Settings.gitlab['session_expire_seconds'],
   path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
 )

db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb

@@ -0,0 +1,5 @@
+class AddSessionExpireSecondsForApplicationSettings < ActiveRecord::Migration
+  def change
+    add_column :application_settings, :session_expire_seconds, :integer, default: 604800, null: false
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150529150354) do
+ActiveRecord::Schema.define(version: 20150604202921) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -35,6 +35,7 @@ ActiveRecord::Schema.define(version: 20150529150354) do
     t.text     "restricted_signup_domains"
     t.boolean  "user_oauth_applications",      default: true
     t.string   "after_sign_out_path"
+    t.integer  "session_expire_seconds",       default: 604800, null: false
   end
 
   create_table "broadcast_messages", force: true do |t|

lib/gitlab/current_settings.rb

@@ -21,7 +21,8 @@ module Gitlab
         gravatar_enabled: Settings.gravatar['enabled'],
         sign_in_text: Settings.extra['sign_in_text'],
         restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
-        max_attachment_size: Settings.gitlab['max_attachment_size']
+        max_attachment_size: Settings.gitlab['max_attachment_size'],
+        session_expire_seconds: Settings.gitlab['session_expire_seconds']
       )
     end
   end

spec/models/application_setting_spec.rb

@@ -15,6 +15,7 @@
 #  twitter_sharing_enabled      :boolean          default(TRUE)
 #  restricted_visibility_levels :text
 #  max_attachment_size          :integer          default(10), not null
+#  session_expire_seconds       :integer          default(604800), not null
 #  default_project_visibility   :integer
 #  default_snippet_visibility   :integer
 #  restricted_signup_domains    :text