FEATURE: configure session time via site setting for all the users (#4343)

This commit is contained in:
Arpit Jalan 2016-07-23 02:57:30 +05:30 committed by GitHub
parent b2289d733f
commit a9207dafa7
8 changed files with 19 additions and 12 deletions

View file

@ -708,6 +708,7 @@ end
# Indexes
#
# idx_posts_created_at_topic_id (created_at,topic_id)
# idx_posts_deleted_posts (topic_id,post_number)
# idx_posts_user_id_deleted_at (user_id)
# index_posts_on_reply_to_post_number (reply_to_post_number)
# index_posts_on_topic_id_and_post_number (topic_id,post_number) UNIQUE

View file

@ -284,6 +284,7 @@ end
# mobile_header_baked :text
# footer_baked :text
# mobile_footer_baked :text
# compiler_version :integer default(0), not null
#
# Indexes
#

View file

@ -34,6 +34,7 @@ end
# updated_at :datetime
# unsubscribe_key_type :string
# topic_id :integer
# post_id :integer
#
# Indexes
#

View file

@ -1048,6 +1048,7 @@ end
# trust_level_locked :boolean default(FALSE), not null
# staged :boolean default(FALSE), not null
# first_seen_at :datetime
# auth_token_created_at :datetime
#
# Indexes
#

View file

@ -909,7 +909,7 @@ en:
post_undo_action_window_mins: "Number of minutes users are allowed to undo recent actions on a post (like, flag, etc)."
must_approve_users: "Staff must approve all new user accounts before they are allowed to access the site. WARNING: enabling this for a live site will revoke access for existing non-staff users!"
pending_users_reminder_delay: "Notify moderators if new users have been waiting for approval for longer than this many hours. Set to -1 to disable notifications."
permanent_session_cookie: "Use a permanent cookie that persists after closing the browser. When disabling this, you may want to log out everyone programmatically."
maximum_session_age: "User will remain logged in for n hours."
ga_tracking_code: "OBSOLETE: Google analytics (ga.js) tracking code code, eg: UA-12345678-9; see http://google.com/analytics"
ga_domain_name: "OBSOLETE: Google analytics (ga.js) domain name, eg: mysite.com; see http://google.com/analytics"
ga_universal_tracking_code: "Google Universal Analytics (analytics.js) tracking code code, eg: UA-12345678-9; see http://google.com/analytics"

View file

@ -304,7 +304,10 @@ login:
pending_users_reminder_delay:
min: -1
default: 8
permanent_session_cookie: true
maximum_session_age:
default: 2160
min: 1
max: 175200
users:
min_username_length:

View file

@ -0,0 +1,5 @@
class AddAuthTokenCreatedAtToUsers < ActiveRecord::Migration
def change
add_column :users, :auth_token_created_at, :datetime, null: true
end
end

View file

@ -36,7 +36,7 @@ class Auth::DefaultCurrentUserProvider
current_user = nil
if auth_token && auth_token.length == 32
current_user = User.find_by(auth_token: auth_token)
current_user = User.where(auth_token: auth_token).where('auth_token_created_at IS NULL OR auth_token_created_at > ?', SiteSetting.maximum_session_age.hours.ago).first
end
if current_user && (current_user.suspended? || !current_user.active)
@ -62,15 +62,10 @@ class Auth::DefaultCurrentUserProvider
end
def log_on_user(user, session, cookies)
unless user.auth_token && user.auth_token.length == 32
user.auth_token = SecureRandom.hex(16)
user.save!
end
if SiteSetting.permanent_session_cookie
cookies.permanent[TOKEN_COOKIE] = { value: user.auth_token, httponly: true }
else
cookies[TOKEN_COOKIE] = { value: user.auth_token, httponly: true }
end
user.auth_token = SecureRandom.hex(16)
user.auth_token_created_at = Time.zone.now
user.save!
cookies[TOKEN_COOKIE] = { value: user.auth_token, httponly: true, expires: SiteSetting.maximum_session_age.hours.from_now }
make_developer_admin(user)
enable_bootstrap_mode(user)
@env[CURRENT_USER_KEY] = user