Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-09 14:56:01 +01:00
Code Issues Packages Projects Releases Activity

Update session token only once per minute (#29041).

Browse Source 
Patch by Pavel Rosický.


git-svn-id: http://svn.redmine.org/redmine/trunk@21376 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA
2022-01-22 04:04:05 +00:00
parent 5d0798c0d1
commit 8bb06c04ba
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/models/user.rb
View File

@@ -469,7 +469,14 @@ class User < Principal
if Setting.session_timeout? if Setting.session_timeout?
scope = scope.where("updated_on > ?", Setting.session_timeout.to_i.minutes.ago) scope = scope.where("updated_on > ?", Setting.session_timeout.to_i.minutes.ago)
end end
scope.update_all(:updated_on => Time.now) == 1 last_updated = scope.maximum(:updated_on)
if last_updated.nil?
false
elsif last_updated <= 1.minute.ago
scope.update_all(:updated_on => Time.now) == 1
else
true
end
end end
# Return an array of project ids for which the user has explicitly turned mail notifications on # Return an array of project ids for which the user has explicitly turned mail notifications on

13
test/functional/sessions_controller_test.rb
View File

@@ -45,6 +45,19 @@ class SessionsControllerTest < Redmine::ControllerTest
assert token.updated_on > created assert token.updated_on > created
end end
def test_session_token_should_be_updated_only_once_per_minute
token = Token.create!(:user_id => 2, :action => 'session', :created_on => 1.second.ago, :updated_on => 1.second.ago)
updated = token.reload.updated_on
get :index, :session => {
:user_id => 2,
:tk => token.value
}
assert_response :success
token.reload
assert_equal updated.to_i, token.updated_on.to_i
end
def test_user_session_should_not_be_reset_if_lifetime_and_timeout_disabled def test_user_session_should_not_be_reset_if_lifetime_and_timeout_disabled
created = 2.years.ago created = 2.years.ago
token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created) token = Token.create!(:user_id => 2, :action => 'session', :created_on => created, :updated_on => created)