From a9207dafa787baa1b77086213efdf85999e5edcb Mon Sep 17 00:00:00 2001 From: Arpit Jalan Date: Sat, 23 Jul 2016 02:57:30 +0530 Subject: [PATCH] FEATURE: configure session time via site setting for all the users (#4343) --- app/models/post.rb | 1 + app/models/site_customization.rb | 1 + app/models/unsubscribe_key.rb | 1 + app/models/user.rb | 1 + config/locales/server.en.yml | 2 +- config/site_settings.yml | 5 ++++- ...22071221_add_auth_token_created_at_to_users.rb | 5 +++++ lib/auth/default_current_user_provider.rb | 15 +++++---------- 8 files changed, 19 insertions(+), 12 deletions(-) create mode 100644 db/migrate/20160722071221_add_auth_token_created_at_to_users.rb diff --git a/app/models/post.rb b/app/models/post.rb index 8bb5ef151..4a513e11e 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -708,6 +708,7 @@ end # Indexes # # idx_posts_created_at_topic_id (created_at,topic_id) +# idx_posts_deleted_posts (topic_id,post_number) # idx_posts_user_id_deleted_at (user_id) # index_posts_on_reply_to_post_number (reply_to_post_number) # index_posts_on_topic_id_and_post_number (topic_id,post_number) UNIQUE diff --git a/app/models/site_customization.rb b/app/models/site_customization.rb index 5978892f4..19d6f9778 100644 --- a/app/models/site_customization.rb +++ b/app/models/site_customization.rb @@ -284,6 +284,7 @@ end # mobile_header_baked :text # footer_baked :text # mobile_footer_baked :text +# compiler_version :integer default(0), not null # # Indexes # diff --git a/app/models/unsubscribe_key.rb b/app/models/unsubscribe_key.rb index c7220cf9e..6cc8b7f25 100644 --- a/app/models/unsubscribe_key.rb +++ b/app/models/unsubscribe_key.rb @@ -34,6 +34,7 @@ end # updated_at :datetime # unsubscribe_key_type :string # topic_id :integer +# post_id :integer # # Indexes # diff --git a/app/models/user.rb b/app/models/user.rb index 9a86dca05..bc0a613da 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1048,6 +1048,7 @@ end # trust_level_locked :boolean default(FALSE), not null # staged :boolean default(FALSE), not null # first_seen_at :datetime +# auth_token_created_at :datetime # # Indexes # diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index cbba8f15d..b51efc38b 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -909,7 +909,7 @@ en: post_undo_action_window_mins: "Number of minutes users are allowed to undo recent actions on a post (like, flag, etc)." must_approve_users: "Staff must approve all new user accounts before they are allowed to access the site. WARNING: enabling this for a live site will revoke access for existing non-staff users!" pending_users_reminder_delay: "Notify moderators if new users have been waiting for approval for longer than this many hours. Set to -1 to disable notifications." - permanent_session_cookie: "Use a permanent cookie that persists after closing the browser. When disabling this, you may want to log out everyone programmatically." + maximum_session_age: "User will remain logged in for n hours." ga_tracking_code: "OBSOLETE: Google analytics (ga.js) tracking code code, eg: UA-12345678-9; see http://google.com/analytics" ga_domain_name: "OBSOLETE: Google analytics (ga.js) domain name, eg: mysite.com; see http://google.com/analytics" ga_universal_tracking_code: "Google Universal Analytics (analytics.js) tracking code code, eg: UA-12345678-9; see http://google.com/analytics" diff --git a/config/site_settings.yml b/config/site_settings.yml index 00d183208..b42174fd9 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -304,7 +304,10 @@ login: pending_users_reminder_delay: min: -1 default: 8 - permanent_session_cookie: true + maximum_session_age: + default: 2160 + min: 1 + max: 175200 users: min_username_length: diff --git a/db/migrate/20160722071221_add_auth_token_created_at_to_users.rb b/db/migrate/20160722071221_add_auth_token_created_at_to_users.rb new file mode 100644 index 000000000..a6cea2bbc --- /dev/null +++ b/db/migrate/20160722071221_add_auth_token_created_at_to_users.rb @@ -0,0 +1,5 @@ +class AddAuthTokenCreatedAtToUsers < ActiveRecord::Migration + def change + add_column :users, :auth_token_created_at, :datetime, null: true + end +end diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb index 0c084e84a..107562e91 100644 --- a/lib/auth/default_current_user_provider.rb +++ b/lib/auth/default_current_user_provider.rb @@ -36,7 +36,7 @@ class Auth::DefaultCurrentUserProvider current_user = nil if auth_token && auth_token.length == 32 - current_user = User.find_by(auth_token: auth_token) + current_user = User.where(auth_token: auth_token).where('auth_token_created_at IS NULL OR auth_token_created_at > ?', SiteSetting.maximum_session_age.hours.ago).first end if current_user && (current_user.suspended? || !current_user.active) @@ -62,15 +62,10 @@ class Auth::DefaultCurrentUserProvider end def log_on_user(user, session, cookies) - unless user.auth_token && user.auth_token.length == 32 - user.auth_token = SecureRandom.hex(16) - user.save! - end - if SiteSetting.permanent_session_cookie - cookies.permanent[TOKEN_COOKIE] = { value: user.auth_token, httponly: true } - else - cookies[TOKEN_COOKIE] = { value: user.auth_token, httponly: true } - end + user.auth_token = SecureRandom.hex(16) + user.auth_token_created_at = Time.zone.now + user.save! + cookies[TOKEN_COOKIE] = { value: user.auth_token, httponly: true, expires: SiteSetting.maximum_session_age.hours.from_now } make_developer_admin(user) enable_bootstrap_mode(user) @env[CURRENT_USER_KEY] = user