diff --git a/app/jobs/session_timeout_job.rb b/app/jobs/session_timeout_job.rb index 403c8453d..99381fe49 100644 --- a/app/jobs/session_timeout_job.rb +++ b/app/jobs/session_timeout_job.rb @@ -28,7 +28,7 @@ class SessionTimeoutJob < ApplicationJob @active_session ||= {} return @active_session[user.id] if @active_session[user.id].present? - @active_session[user.id] = sessions.detect { |session| session.active? && session.user.id == user.id } + @active_session[user.id] = sessions.detect { |session| session.active? && session.user? && session.user.id == user.id } end def sessions diff --git a/spec/factories/active_record/session_store/session.rb b/spec/factories/active_record/session_store/session.rb index 94c947dc4..bf7eb7aa6 100644 --- a/spec/factories/active_record/session_store/session.rb +++ b/spec/factories/active_record/session_store/session.rb @@ -9,7 +9,7 @@ FactoryBot.define do session_id { SecureRandom.hex(16) } data do { - 'user_id' => user.id, + 'user_id' => user&.id, 'ping' => Time.zone.now, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36', '_csrf_token' => 'Yq3XiEgXxWPCURa/FvpXmptZCjgWhyPpGGIvZj9Eea0=' diff --git a/spec/jobs/session_timeout_job_spec.rb b/spec/jobs/session_timeout_job_spec.rb index ed943f29b..ecff6d42e 100644 --- a/spec/jobs/session_timeout_job_spec.rb +++ b/spec/jobs/session_timeout_job_spec.rb @@ -183,4 +183,18 @@ RSpec.describe SessionTimeoutJob, type: :job do expect(PushMessages).not_to have_received(:send_to).with(user.id, { event: 'session_timeout' }) end end + + context 'without user in session' do + let(:user) { create(:admin) } + + before do + Setting.set('session_timeout', { admin: 30.minutes.to_s }) + create(:active_session, user: nil) + end + + it 'does not crash' do + travel_to 1.hour.from_now + expect { described_class.perform_now }.not_to raise_error + end + end end