make API sessions not expire

pull/875/head
Markus Kahl 11 years ago
parent 2f464252ed
commit 4d41bff3a0
  1. 2
      app/controllers/application_controller.rb
  2. 33
      spec/controllers/api/v2/authentication_spec.rb

@ -685,7 +685,7 @@ class ApplicationController < ActionController::Base
private
def session_expired?
current_user.logged? &&
!api_request? && current_user.logged? &&
(session_ttl_enabled? && (session[:updated_at].nil? ||
(session[:updated_at] + Setting.session_ttl.to_i.minutes) < Time.now))
end

@ -36,4 +36,37 @@ describe Api::V2::AuthenticationController do
it_should_behave_like "a controller action with require_login"
end
describe "session" do
let(:api_key) { user.api_key }
let(:user) { FactoryGirl.create(:admin) }
let(:ttl) { 42 }
before do
Setting.stub(:login_required?).and_return true
Setting.stub(:rest_api_enabled?).and_return true
Setting.stub(:session_ttl_enabled?).and_return true
Setting.stub(:session_ttl).and_return ttl
end
after do
User.current = nil
end
##
# Sessions for API requests should never expire.
# Actually, there shouldn't be any to begin with, but we can't change that for now.
it 'should not expire' do
session[:updated_at] = Time.now
get :index, :format => 'xml', :key => api_key
expect(response.status).to eq(200)
Timecop.travel(Time.now + (ttl + 1).minutes) do
# Now another request after a normal session would be expired
get :index, :format => 'xml', :key => api_key
expect(response.status).to eq(200)
end
end
end
end

Loading…
Cancel
Save