Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Timeout does not explode when reset_authentication_token! is accident…

…ally defined by Active Model
  • Loading branch information...
commit 4bc2ff997aac4985d1f4ee0eacec6ee39cc7fe50 1 parent b1633f2
@josevalim josevalim authored
View
1  CHANGELOG.rdoc
@@ -7,6 +7,7 @@
* bug fix
* `update_with_password` now relies on assign_attributes and forwards the :as option (by @wtn)
* Do not trigger timeout on sign in related actions
+ * Timeout does not explode when reset_authentication_token! is accidentally defined by Active Model (by @remomueller)
* deprecations
* Strategy#validate() no longer validates nil resources
View
4 lib/devise/hooks/timeoutable.rb
@@ -12,7 +12,9 @@
if record.timedout?(last_request_at) && !env['devise.skip_timeout']
warden.logout(scope)
- record.reset_authentication_token! if record.respond_to?(:reset_authentication_token!) && record.expire_auth_token_on_timeout
+ if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
+ record.reset_authentication_token!
+ end
throw :warden, :scope => scope, :message => :timeout
end
View
17 test/integration/timeoutable_test.rb
@@ -68,6 +68,23 @@ def last_request_at
assert_contain 'You are signed in'
end
+ test 'admin does not explode on time out' do
+ admin = sign_in_as_admin
+ get expire_admin_path(admin)
+
+ Admin.send :define_method, :reset_authentication_token! do
+ nil
+ end
+
+ begin
+ get admins_path
+ assert_redirected_to admins_path
+ assert_not warden.authenticated?(:admin)
+ ensure
+ Admin.send(:remove_method, :reset_authentication_token!)
+ end
+ end
+
test 'user configured timeout limit' do
swap Devise, :timeout_in => 8.minutes do
user = sign_in_as_user
View
5 test/rails_app/app/controllers/admins_controller.rb
@@ -3,4 +3,9 @@ class AdminsController < ApplicationController
def index
end
+
+ def expire
+ admin_session['last_request_at'] = 31.minutes.ago.utc
+ render :text => 'Admin will be expired on next request'
+ end
end
View
4 test/rails_app/config/routes.rb
@@ -9,7 +9,9 @@
end
end
- resources :admins, :only => [:index]
+ resources :admins, :only => [:index] do
+ get :expire, :on => :member
+ end
# Users scope
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
Please sign in to comment.
Something went wrong with that request. Please try again.