Merge pull request #875 from opf/fix/4090_session_expires_setting_breaks_api

Make it so that API session do not expire.
11 years ago · 3fedcdcf4b
parent 02d2d36f40 4d41bff3a0
commit 3fedcdcf4b
2 changed files with 34 additions and 1 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -685,7 +685,7 @@ class ApplicationController < ActionController::Base
  private

  def session_expired?
-    current_user.logged? &&
+    !api_request? && current_user.logged? &&
    (session_ttl_enabled? && (session[:updated_at].nil? ||
                             (session[:updated_at] + Setting.session_ttl.to_i.minutes) < Time.now))
  end
--- a/spec/controllers/api/v2/authentication_spec.rb
+++ b/spec/controllers/api/v2/authentication_spec.rb
@ -36,4 +36,37 @@ describe Api::V2::AuthenticationController do

    it_should_behave_like "a controller action with require_login"
  end
+
+  describe "session" do
+    let(:api_key) { user.api_key }
+    let(:user) { FactoryGirl.create(:admin) }
+    let(:ttl) { 42 }
+
+    before do
+      Setting.stub(:login_required?).and_return true
+      Setting.stub(:rest_api_enabled?).and_return true
+      Setting.stub(:session_ttl_enabled?).and_return true
+      Setting.stub(:session_ttl).and_return ttl
+    end
+
+    after do
+      User.current = nil
+    end
+
+    ##
+    # Sessions for API requests should never expire.
+    # Actually, there shouldn't be any to begin with, but we can't change that for now.
+    it 'should not expire' do
+      session[:updated_at] = Time.now
+
+      get :index, :format => 'xml', :key => api_key
+      expect(response.status).to eq(200)
+
+      Timecop.travel(Time.now + (ttl + 1).minutes) do
+        # Now another request after a normal session would be expired
+        get :index, :format => 'xml', :key => api_key
+        expect(response.status).to eq(200)
+      end
+    end
+  end
 end