Fixes #3600 - wrong behaviour for the disabled option in session timeout.
This commit is contained in:
parent
c9774c8b45
commit
c49da0a4c9
4 changed files with 80 additions and 4 deletions
|
@ -35,7 +35,10 @@ class SessionTimeout extends App.Controller
|
||||||
checkLogout: =>
|
checkLogout: =>
|
||||||
return if App.Session.get() is undefined
|
return if App.Session.get() is undefined
|
||||||
|
|
||||||
@timeTillLogout = @currentTime() - (@lastEvent + @getTimeout())
|
timeout = @getTimeout()
|
||||||
|
return if timeout < 1
|
||||||
|
|
||||||
|
@timeTillLogout = @currentTime() - (@lastEvent + timeout)
|
||||||
|
|
||||||
# close logut warning
|
# close logut warning
|
||||||
if @timeTillLogout < @showLogoutWarningBefore
|
if @timeTillLogout < @showLogoutWarningBefore
|
||||||
|
@ -58,7 +61,7 @@ class SessionTimeout extends App.Controller
|
||||||
return if App.Session.get() is undefined
|
return if App.Session.get() is undefined
|
||||||
|
|
||||||
@logoutWarningClose()
|
@logoutWarningClose()
|
||||||
|
|
||||||
App.Auth.logout(false, =>
|
App.Auth.logout(false, =>
|
||||||
@navigate '#session_timeout'
|
@navigate '#session_timeout'
|
||||||
)
|
)
|
||||||
|
@ -74,7 +77,7 @@ class SessionTimeout extends App.Controller
|
||||||
continue if parseInt(value) < timeout
|
continue if parseInt(value) < timeout
|
||||||
timeout = parseInt(value)
|
timeout = parseInt(value)
|
||||||
|
|
||||||
if timeout is -1
|
if timeout < 1
|
||||||
timeout = parseInt(config['default'])
|
timeout = parseInt(config['default'])
|
||||||
|
|
||||||
return timeout * 1000
|
return timeout * 1000
|
||||||
|
|
|
@ -14,6 +14,7 @@ class SessionTimeoutJob < ApplicationJob
|
||||||
user = User.find_by(id: session.data['user_id'])
|
user = User.find_by(id: session.data['user_id'])
|
||||||
if user
|
if user
|
||||||
timeout = get_timeout(user)
|
timeout = get_timeout(user)
|
||||||
|
return if timeout < 1
|
||||||
return if session.data['ping'] > timeout.seconds.ago
|
return if session.data['ping'] > timeout.seconds.ago
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -49,7 +50,7 @@ class SessionTimeoutJob < ApplicationJob
|
||||||
timeout = value.to_i
|
timeout = value.to_i
|
||||||
end
|
end
|
||||||
|
|
||||||
if timeout == -1
|
if timeout < 1
|
||||||
timeout = config['default'].to_i
|
timeout = config['default'].to_i
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -102,4 +102,52 @@ RSpec.describe SessionTimeoutJob, type: :job do
|
||||||
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
|
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with timeout fallback from admin to default' do
|
||||||
|
let(:user) { create(:admin) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
Setting.set('session_timeout', { admin: '0', default: 30.minutes.to_s })
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does kill the session' do
|
||||||
|
travel_to 1.hour.from_now
|
||||||
|
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does also kill the session of deleted users' do
|
||||||
|
user.destroy
|
||||||
|
travel_to 1.hour.from_now
|
||||||
|
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not kill the session' do
|
||||||
|
travel_to 1.minute.from_now
|
||||||
|
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with timeouts all disabled' do
|
||||||
|
let(:user) { create(:admin) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
Setting.set('session_timeout', { admin: '0', default: '0' })
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not kill the session because all timeouts are disabled in 1 hour' do
|
||||||
|
travel_to 1.hour.from_now
|
||||||
|
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does also kill the session of deleted users' do
|
||||||
|
user.destroy
|
||||||
|
travel_to 1.hour.from_now
|
||||||
|
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(-1)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not kill the session because all timeouts are disabled in 1 minute' do
|
||||||
|
travel_to 1.minute.from_now
|
||||||
|
expect { described_class.perform_now }.to change(ActiveRecord::SessionStore::Session, :count).by(0)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -115,5 +115,29 @@ RSpec.describe 'Dashboard', type: :system, authenticated_as: true do
|
||||||
expect(page).to have_text('Due to inactivity you are automatically logged out.', wait: 20)
|
expect(page).to have_text('Due to inactivity you are automatically logged out.', wait: 20)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'Logout by frontend plugin - Fallback from admin to default', authenticated_as: :authenticate do
|
||||||
|
def authenticate
|
||||||
|
Setting.set('session_timeout', { admin: '0', default: '1000' })
|
||||||
|
admin
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not logout user', authenticated_as: :admin do
|
||||||
|
sleep 1.5
|
||||||
|
expect(page).to have_no_text('Due to inactivity you are automatically logged out.', wait: 0)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'Logout by frontend plugin - No logout because timeouts are disabled', authenticated_as: :authenticate do
|
||||||
|
def authenticate
|
||||||
|
Setting.set('session_timeout', { admin: '0', default: '0' })
|
||||||
|
admin
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not logout user', authenticated_as: :admin do
|
||||||
|
sleep 1.5
|
||||||
|
expect(page).to have_no_text('Due to inactivity you are automatically logged out.', wait: 0)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue