Add timeout-handler option to absolute timeout

ring-clojure · Nov 12, 2016 · 46bfee2 · 46bfee2
1 parent ae782cf
commit 46bfee2
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/src/ring/middleware/session_timeout.clj b/src/ring/middleware/session_timeout.clj
@@ -42,20 +42,27 @@
   limit on how long a compromised session can be exploited.
 
   If a session is timed out, the timeout-response option is returned. This is
-  usually a redirect to the login page.
+  usually a redirect to the login page. A timeout-handler may be provided which
+  should be a Ring handler function that takes the current request and returns
+  an appropriate response.
 
   The following options are accepted:
 
   :timeout          - the absolute timeout in seconds
-  :timeout-response - the response to send if an idle timeout occurs"
+  :timeout-response - the response to send if an idle timeout occurs
+  :timeout-handler  - a Ring handler function which takes the current request and
+                      returns a Ring response map if idle timeout occurs "
   {:arglists '([handler options])}
-  [handler {:keys [timeout timeout-response]}]
-  {:pre [(integer? timeout) (map? timeout-response)]}
+  [handler {:keys [timeout timeout-response timeout-handler]}]
+  {:pre [(integer? timeout)
+         (if (map? timeout-response)
+           (nil? timeout-handler)
+           (ifn? timeout-handler))]}
   (fn [request]
     (let [session  (:session request {})
           end-time (::absolute-timeout session)]
       (if (and end-time (< end-time (current-time)))
-        (assoc timeout-response :session nil)
+        (assoc (or timeout-response (timeout-handler request)) :session nil)
         (when-let [response (handler request)]
           (let [session (:session response session)]
             (if (or (nil? session) (and end-time (not (contains? response :session))))

diff --git a/test/ring/middleware/session_timeout_test.clj b/test/ring/middleware/session_timeout_test.clj
@@ -80,6 +80,12 @@
   (-> (constantly ok-response)
       (timeout/wrap-absolute-session-timeout timeout-options)))
 
+(def absolute-handler-with-timeout-handler
+  (-> (constantly ok-response)
+      (timeout/wrap-absolute-session-timeout
+       {:timeout 600
+        :timeout-handler timeout-handler})))
+
 (deftest test-absolute-timeout
   (testing "timeout added to session"
     (let [response (with-time 1400000000 (absolute-handler (mock/request :get "/")))]
@@ -100,6 +106,13 @@
       (is (= (:body response) "timeout"))
       (is (= (:session response :empty) nil))))
 
+  (testing "timed out with timeout handler"
+    (let [request  (-> (mock/request :get "/fooxyz")
+                       (assoc :session {::timeout/absolute-timeout 1400000600}))
+          response (with-time 1400000700 (absolute-handler-with-timeout-handler request))]
+      (is (= (:body response) "timeout on /fooxyz"))
+      (is (= (:session response :empty) nil))))
+
   (testing "nil response"
     (let [handler (timeout/wrap-absolute-session-timeout (constantly nil) timeout-options)]
       (is (nil? (handler (mock/request :get "/"))))))