Follow up fix for new disabled cookies with token auth.

app/models/user_device.rb

@@ -148,7 +148,7 @@ log user device action
 =end
 
   def self.action(user_device_id, user_agent, ip, user_id, type)
-    user_device = UserDevice.find(user_device_id)
+    user_device = UserDevice.lookup(id: user_device_id)
 
     # update location if needed
     if user_device.ip != ip
@@ -174,9 +174,12 @@ log user device action
       end
     end
 
+    # only update updated_at every 5 min.
+    return user_device if type != 'session' && (user_device.updated_at + 5.minutes) > Time.zone.now
+
     # update attributes
     user_device.updated_at = Time.zone.now # force update, also if no other attribute has changed
-    user_device.save
+    user_device.save!
     user_device
   end
 

test/controllers/user_organization_controller_test.rb

@@ -227,7 +227,7 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     # create user with admin role
     role = Role.lookup(name: 'Admin')
     params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params.to_json, @headers
+    post '/api/v1/users', params.to_json, @headers.merge('Authorization' => credentials)
     assert_response(201)
     result = JSON.parse(@response.body)
     assert(result)
@@ -239,7 +239,7 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     # create user with agent role
     role = Role.lookup(name: 'Agent')
     params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params.to_json, @headers
+    post '/api/v1/users', params.to_json, @headers.merge('Authorization' => credentials)
     assert_response(201)
     result = JSON.parse(@response.body)
     assert(result)
@@ -271,7 +271,7 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     # create user with admin role
     role = Role.lookup(name: 'Admin')
     params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params.to_json, @headers
+    post '/api/v1/users', params.to_json, @headers.merge('Authorization' => credentials)
     assert_response(401)
     result = JSON.parse(@response.body)
     assert(result)
@@ -279,7 +279,7 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     # create user with agent role
     role = Role.lookup(name: 'Agent')
     params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params.to_json, @headers
+    post '/api/v1/users', params.to_json, @headers.merge('Authorization' => credentials)
     assert_response(401)
     result = JSON.parse(@response.body)
     assert(result)
@@ -287,7 +287,7 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     # create user with customer role
     role = Role.lookup(name: 'Customer')
     params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params.to_json, @headers
+    post '/api/v1/users', params.to_json, @headers.merge('Authorization' => credentials)
     assert_response(201)
     result = JSON.parse(@response.body)
     assert(result)
@@ -325,13 +325,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     # create user with admin role
     role = Role.lookup(name: 'Admin')
     params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params.to_json, @headers
+    post '/api/v1/users', params.to_json, @headers.merge('Authorization' => credentials)
     assert_response(401)
 
     # create user with agent role
     role = Role.lookup(name: 'Agent')
     params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params.to_json, @headers
+    post '/api/v1/users', params.to_json, @headers.merge('Authorization' => credentials)
     assert_response(401)
 
   end

test/integration/user_device_controller_test.rb

@@ -278,9 +278,12 @@ class UserDeviceControllerTest < ActionDispatch::IntegrationTest
     assert_equal(0, email_notification_count('user_device_new_location', @admin.email))
     assert_equal(result.class, Array)
     user_device_last = UserDevice.last
+    assert_equal(user_device_last.id, user_device_first.id)
     assert_equal(user_device_last.updated_at.to_s, user_device_first.updated_at.to_s)
 
-    ENV['USER_DEVICE_UPDATED_AT'] = (Time.zone.now - 4.hours).to_s
+    user_device_last.updated_at = Time.zone.now - 4.hours
+    user_device_last.save!
+
     params = {}
     get '/api/v1/users', params, @headers.merge('Authorization' => credentials)
     assert_response(200)
@@ -293,8 +296,9 @@ class UserDeviceControllerTest < ActionDispatch::IntegrationTest
     assert_equal(0, email_notification_count('user_device_new_location', @admin.email))
     assert_equal(result.class, Array)
     user_device_last = UserDevice.last
-    assert_not_equal(user_device_last.updated_at.to_s, user_device_first.updated_at.to_s)
-    ENV['USER_DEVICE_UPDATED_AT'] = nil
+    assert_equal(user_device_last.id, user_device_first.id)
+    assert(user_device_last.updated_at > user_device_first.updated_at)
+
   end
 
   test '07 - login index with admin with basic auth' do