diff --git a/apps/fz_http/lib/fz_http/devices/device/query.ex b/apps/fz_http/lib/fz_http/devices/device/query.ex index 39d2eb8656..55bd6d1760 100644 --- a/apps/fz_http/lib/fz_http/devices/device/query.ex +++ b/apps/fz_http/lib/fz_http/devices/device/query.ex @@ -29,11 +29,13 @@ defmodule FzHttp.Devices.Device.Query do dynamic = if FzHttp.Config.vpn_sessions_expire?() do vpn_session_duration = FzHttp.Config.fetch_config!(:vpn_session_duration) + vpn_session_interval = %Postgrex.Interval{days: 0, months: 0, secs: vpn_session_duration} dynamic( [user: user], is_nil(user.last_signed_in_at) or - user.last_signed_in_at < from_now(^vpn_session_duration, "second") + fragment("? + ?::interval", user.last_signed_in_at, ^vpn_session_interval) > + fragment("now()") ) else true diff --git a/apps/fz_http/test/fz_http/devices_test.exs b/apps/fz_http/test/fz_http/devices_test.exs index c296c1cb78..f0d70b09b2 100644 --- a/apps/fz_http/test/fz_http/devices_test.exs +++ b/apps/fz_http/test/fz_http/devices_test.exs @@ -853,14 +853,18 @@ defmodule FzHttp.DevicesTest do end test "does not render peers for users with expired VPN session" do - FzHttp.Config.put_system_env_override(:vpn_session_duration, 1) - two_seconds_in_future = DateTime.utc_now() |> DateTime.add(2, :second) + FzHttp.Config.put_system_env_override(:vpn_session_duration, 5) + ten_seconds_in_past = DateTime.utc_now() |> DateTime.add(-10, :second) user = UsersFixtures.create_user_with_role(:unprivileged) DevicesFixtures.create_device(user: user) - user = UsersFixtures.update(user, last_signed_in_at: two_seconds_in_future) + user = UsersFixtures.update(user, last_signed_in_at: ten_seconds_in_past) assert to_peer_list() == [] + three_seconds_in_past = DateTime.utc_now() |> DateTime.add(-3, :second) + user = UsersFixtures.update(user, last_signed_in_at: three_seconds_in_past) + assert length(to_peer_list()) == 1 + UsersFixtures.update(user, last_signed_in_at: nil) assert length(to_peer_list()) == 1 end