mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 09:36:19 -05:00
FIX: don't expire old sessions when logging in
This commit is contained in:
parent
521d3d11f2
commit
b5fbff947b
2 changed files with 27 additions and 3 deletions
|
@ -72,9 +72,14 @@ class Auth::DefaultCurrentUserProvider
|
|||
end
|
||||
|
||||
def log_on_user(user, session, cookies)
|
||||
user.auth_token = SecureRandom.hex(16)
|
||||
user.auth_token_updated_at = Time.zone.now
|
||||
user.save!
|
||||
legit_token = user.auth_token && user.auth_token.length == 32
|
||||
expired_token = user.auth_token_updated_at && user.auth_token_updated_at < SiteSetting.maximum_session_age.hours.ago
|
||||
|
||||
if !legit_token || expired_token
|
||||
user.update_columns(auth_token: SecureRandom.hex(16),
|
||||
auth_token_updated_at: Time.zone.now)
|
||||
end
|
||||
|
||||
cookies[TOKEN_COOKIE] = { value: user.auth_token, httponly: true, expires: SiteSetting.maximum_session_age.hours.from_now }
|
||||
make_developer_admin(user)
|
||||
enable_bootstrap_mode(user)
|
||||
|
|
|
@ -83,7 +83,26 @@ describe Auth::DefaultCurrentUserProvider do
|
|||
provider("/", "HTTP_COOKIE" => "_t=#{user.auth_token}").refresh_session(user, {}, cookies)
|
||||
|
||||
expect(user.auth_token_updated_at - Time.now).to eq(0)
|
||||
end
|
||||
|
||||
it "recycles existing auth_token correctly" do
|
||||
SiteSetting.maximum_session_age = 3
|
||||
user = Fabricate(:user)
|
||||
provider('/').log_on_user(user, {}, {})
|
||||
|
||||
original_auth_token = user.auth_token
|
||||
|
||||
freeze_time 2.hours.from_now
|
||||
provider('/').log_on_user(user, {}, {})
|
||||
|
||||
user.reload
|
||||
expect(user.auth_token).to eq(original_auth_token)
|
||||
|
||||
freeze_time 10.hours.from_now
|
||||
|
||||
provider('/').log_on_user(user, {}, {})
|
||||
user.reload
|
||||
expect(user.auth_token).not_to eq(original_auth_token)
|
||||
end
|
||||
|
||||
it "correctly expires session" do
|
||||
|
|
Loading…
Reference in a new issue