From: Jean-Philippe Lang Date: Sun, 10 Jun 2012 20:30:58 +0000 (+0000) Subject: Backported r9797 from trunk. X-Git-Tag: 1.4.4~16 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ba3828b49f776d9011555130991953360b2e590c;p=redmine.git Backported r9797 from trunk. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.4-stable@9810 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c0793a4bf..c5edb6e1f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -56,7 +56,7 @@ class ApplicationController < ActionController::Base end end - before_filter :user_setup, :check_if_login_required, :set_localization + before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization filter_parameter_logging :password rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token @@ -70,6 +70,38 @@ class ApplicationController < ActionController::Base require_dependency "repository/#{scm.underscore}" end + def session_expiration + if session[:user_id] + if session_expired? && !try_to_autologin + reset_session + flash[:error] = l(:error_session_expired) + redirect_to signin_url + else + session[:atime] = Time.now.utc.to_i + end + end + end + + def session_expired? + if Setting.session_lifetime? + unless session[:ctime] && (Time.now.utc.to_i - session[:ctime].to_i <= Setting.session_lifetime.to_i * 60) + return true + end + end + if Setting.session_timeout? + unless session[:atime] && (Time.now.utc.to_i - session[:atime].to_i <= Setting.session_timeout.to_i * 60) + return true + end + end + false + end + + def start_user_session(user) + session[:user_id] = user.id + session[:ctime] = Time.now.utc.to_i + session[:atime] = Time.now.utc.to_i + end + def user_setup # Check the settings cache for each request Setting.check_cache @@ -83,10 +115,7 @@ class ApplicationController < ActionController::Base if session[:user_id] # existing session (User.active.find(session[:user_id]) rescue nil) - elsif cookies[:autologin] && Setting.autologin? - # auto-login feature starts a new session - user = User.try_to_autologin(cookies[:autologin]) - session[:user_id] = user.id if user + elsif user = try_to_autologin user elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth? # RSS key authentication does not start a session @@ -104,12 +133,24 @@ class ApplicationController < ActionController::Base end end + def try_to_autologin + if cookies[:autologin] && Setting.autologin? + # auto-login feature starts a new session + user = User.try_to_autologin(cookies[:autologin]) + if user + reset_session + start_user_session(user) + end + user + end + end + # Sets the logged in user def logged_user=(user) reset_session if user && user.is_a?(User) User.current = user - session[:user_id] = user.id + start_user_session(user) else User.current = User.anonymous end diff --git a/app/views/settings/_authentication.html.erb b/app/views/settings/_authentication.html.erb index 14396e274..083aec83a 100644 --- a/app/views/settings/_authentication.html.erb +++ b/app/views/settings/_authentication.html.erb @@ -21,5 +21,16 @@

<%= setting_check_box :rest_api_enabled %>

+
+ <%= l(:label_session_expiration) %> + +
+

<%= setting_select :session_lifetime, [[l(:label_disabled), 0]] + [1, 7, 30, 60, 365].collect{|days| [l('datetime.distance_in_words.x_days', :count => days), (days * 60 * 24).to_s]} %>

+

<%= setting_select :session_timeout, [[l(:label_disabled), 0]] + [1, 2, 4, 8, 12, 24, 48].collect{|hours| [l('datetime.distance_in_words.x_hours', :count => hours), (hours * 60).to_s]} %>

+
+ +

<%= l(:text_session_expiration_settings) %>

+
+ <%= submit_tag l(:button_save) %> <% end %> diff --git a/config/locales/ar.yml b/config/locales/ar.yml index 7dbdb5646..9a88cc89a 100644 --- a/config/locales/ar.yml +++ b/config/locales/ar.yml @@ -49,6 +49,9 @@ ar: about_x_hours: one: "حوالي ساعة" other: "ساعات %{count}حوالي " + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "يوم" other: "%{count} أيام" @@ -1031,3 +1034,8 @@ ar: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/bg.yml b/config/locales/bg.yml index db574321f..ea2d9a378 100644 --- a/config/locales/bg.yml +++ b/config/locales/bg.yml @@ -50,6 +50,9 @@ bg: about_x_hours: one: "около 1 час" other: "около %{count} часа" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 ден" other: "%{count} дена" @@ -1028,3 +1031,8 @@ bg: description_date_range_interval: Изберете диапазон чрез задаване на начална и крайна дати description_date_from: Въведете начална дата description_date_to: Въведете крайна дата + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/bs.yml b/config/locales/bs.yml index 7e80c3b0a..39aac6339 100644 --- a/config/locales/bs.yml +++ b/config/locales/bs.yml @@ -48,6 +48,9 @@ bs: about_x_hours: one: "oko 1 sahat" other: "oko %{count} sahata" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dan" other: "%{count} dana" @@ -1045,3 +1048,8 @@ bs: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/ca.yml b/config/locales/ca.yml index 304c5123d..71d3361aa 100644 --- a/config/locales/ca.yml +++ b/config/locales/ca.yml @@ -52,6 +52,9 @@ ca: about_x_hours: one: "aproximadament 1 hora" other: "aproximadament %{count} hores" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dia" other: "%{count} dies" @@ -1033,3 +1036,8 @@ ca: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/cs.yml b/config/locales/cs.yml index 1e6a8c668..163e1b02f 100644 --- a/config/locales/cs.yml +++ b/config/locales/cs.yml @@ -53,6 +53,9 @@ cs: about_x_hours: one: "asi 1 hodina" other: "asi %{count} hodin" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 den" other: "%{count} dnů" @@ -1034,3 +1037,8 @@ cs: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/da.yml b/config/locales/da.yml index 5cb6d9084..dd610a22a 100644 --- a/config/locales/da.yml +++ b/config/locales/da.yml @@ -51,6 +51,9 @@ da: about_x_hours: one: "cirka en time" other: "cirka %{count} timer" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "en dag" other: "%{count} dage" @@ -1048,3 +1051,8 @@ da: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/de.yml b/config/locales/de.yml index 49d38e657..374fcb2ea 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -52,6 +52,9 @@ de: about_x_hours: one: 'etwa 1 Stunde' other: 'etwa %{count} Stunden' + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: '1 Tag' other: '%{count} Tagen' @@ -1049,3 +1052,8 @@ de: setting_unsubscribe: Erlaubt Benutzern das eigene Benutzerkonto zu löschen button_delete_my_account: Mein Benutzerkonto löschen text_account_destroy_confirmation: Möchten Sie wirklich fortfahren?\nIhr Benutzerkonto wird für immer gelöscht und kann nicht wiederhergestellt werden. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/el.yml b/config/locales/el.yml index 88e135808..a2c81681a 100644 --- a/config/locales/el.yml +++ b/config/locales/el.yml @@ -51,6 +51,9 @@ el: about_x_hours: one: "περίπου 1 ώρα" other: "περίπου %{count} ώρες" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 ημέρα" other: "%{count} ημέρες" @@ -1031,3 +1034,8 @@ el: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/en-GB.yml b/config/locales/en-GB.yml index 9b885ec2a..f01c41e9a 100644 --- a/config/locales/en-GB.yml +++ b/config/locales/en-GB.yml @@ -48,6 +48,9 @@ en-GB: about_x_hours: one: "about 1 hour" other: "about %{count} hours" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 day" other: "%{count} days" @@ -1033,3 +1036,8 @@ en-GB: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/en.yml b/config/locales/en.yml index 6c13393fc..2c587d8df 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -49,6 +49,9 @@ en: about_x_hours: one: "about 1 hour" other: "about %{count} hours" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 day" other: "%{count} days" @@ -194,6 +197,7 @@ en: error_unable_delete_issue_status: 'Unable to delete issue status' error_unable_to_connect: "Unable to connect (%{value})" error_attachment_too_big: "This file cannot be uploaded because it exceeds the maximum allowed file size (%{max_size})" + error_session_expired: "Your session has expired. Please login again." warning_attachments_not_saved: "%{count} file(s) could not be saved." mail_subject_lost_password: "Your %{value} password" @@ -385,6 +389,8 @@ en: setting_default_issue_start_date_to_creation_date: Use current date as start date for new issues setting_commit_cross_project_ref: Allow issues of all the other projects to be referenced and fixed setting_unsubscribe: Allow users to delete their own account + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout permission_add_project: Create project permission_add_subprojects: Create subprojects @@ -847,6 +853,7 @@ en: label_item_position: "%{position} of %{count}" label_completed_versions: Completed versions label_search_for_watchers: Search for watchers to add + label_session_expiration: Session expiration button_login: Login button_submit: Submit @@ -982,6 +989,7 @@ en: text_issue_conflict_resolution_add_notes: "Add my notes and discard my other changes" text_issue_conflict_resolution_cancel: "Discard all my changes and redisplay %{link}" text_account_destroy_confirmation: "Are you sure you want to proceed?\nYour account will be permanently deleted, with no way to reactivate it." + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." default_role_manager: Manager default_role_developer: Developer diff --git a/config/locales/es.yml b/config/locales/es.yml index 9a0a9096a..fa22b782a 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -79,6 +79,9 @@ es: about_x_hours: one: "alrededor de 1 hora" other: "alrededor de %{count} horas" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 día" other: "%{count} días" @@ -1068,3 +1071,8 @@ es: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/et.yml b/config/locales/et.yml index 14f407973..2c6c38313 100644 --- a/config/locales/et.yml +++ b/config/locales/et.yml @@ -67,6 +67,9 @@ et: about_x_hours: one: "umbes 1 tund" other: "umbes %{count} tundi" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 päev" other: "%{count} päeva" @@ -1047,3 +1050,8 @@ et: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/eu.yml b/config/locales/eu.yml index 2c6eaec4d..e836e6bbf 100644 --- a/config/locales/eu.yml +++ b/config/locales/eu.yml @@ -52,6 +52,9 @@ eu: about_x_hours: one: "ordu 1 inguru" other: "%{count} ordu inguru" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "egun 1" other: "%{count} egun" @@ -1034,3 +1037,8 @@ eu: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/fa.yml b/config/locales/fa.yml index 7d071aa7f..8030080de 100644 --- a/config/locales/fa.yml +++ b/config/locales/fa.yml @@ -49,6 +49,9 @@ fa: about_x_hours: one: "نزدیک 1 ساعت" other: "نزدیک %{count} ساعت" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 روز" other: "%{count} روز" @@ -1033,3 +1036,8 @@ fa: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/fi.yml b/config/locales/fi.yml index 5b43fa875..7ab7a6a67 100644 --- a/config/locales/fi.yml +++ b/config/locales/fi.yml @@ -94,6 +94,9 @@ fi: about_x_hours: one: "noin tunti" other: "noin %{count} tuntia" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "päivä" other: "%{count} päivää" @@ -1052,3 +1055,8 @@ fi: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/fr.yml b/config/locales/fr.yml index d3e2a5473..976d62a28 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -53,6 +53,9 @@ fr: about_x_hours: one: "environ une heure" other: "environ %{count} heures" + x_hours: + one: "une heure" + other: "%{count} heures" x_days: one: "un jour" other: "%{count} jours" @@ -201,6 +204,7 @@ fr: error_workflow_copy_target: 'Veuillez sélectionner les trackers et rôles cibles' error_issue_done_ratios_not_updated: L'avancement des demandes n'a pas pu être mis à jour. error_attachment_too_big: Ce fichier ne peut pas être attaché car il excède la taille maximale autorisée (%{max_size}) + error_session_expired: "Votre session a expiré. Veuillez vous reconnecter." warning_attachments_not_saved: "%{count} fichier(s) n'ont pas pu être sauvegardés." @@ -381,6 +385,8 @@ fr: setting_default_issue_start_date_to_creation_date: Donner à la date de début d'une nouvelle demande la valeur de la date du jour setting_commit_cross_project_ref: Permettre le référencement et la résolution des demandes de tous les autres projets setting_unsubscribe: Permettre aux utilisateurs de supprimer leur propre compte + setting_session_lifetime: Durée de vie maximale des sessions + setting_session_timeout: Durée maximale d'inactivité permission_add_project: Créer un projet permission_add_subprojects: Créer des sous-projets @@ -822,6 +828,7 @@ fr: label_copy_attachments: Copier les fichiers label_item_position: "%{position} sur %{count}" label_completed_versions: Versions passées + label_session_expiration: Expiration des sessions button_login: Connexion button_submit: Soumettre @@ -938,6 +945,7 @@ fr: text_issue_conflict_resolution_add_notes: "Ajouter mes notes et ignorer mes autres changements" text_issue_conflict_resolution_cancel: "Annuler ma mise à jour et réafficher %{link}" text_account_destroy_confirmation: "Êtes-vous sûr de vouloir continuer ?\nVotre compte sera définitivement supprimé, sans aucune possibilité de le réactiver." + text_session_expiration_settings: "Attention : le changement de ces paramètres peut entrainer l'expiration des sessions utilisateurs en cours, y compris la vôtre." default_role_manager: "Manager " default_role_developer: "Développeur " diff --git a/config/locales/gl.yml b/config/locales/gl.yml index 94df2918f..b60060c37 100644 --- a/config/locales/gl.yml +++ b/config/locales/gl.yml @@ -90,6 +90,9 @@ gl: about_x_hours: one: 'aproximadamente unha hora' other: '%{count} horas' + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: '1 día' other: '%{count} días' @@ -1042,3 +1045,8 @@ gl: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/he.yml b/config/locales/he.yml index fde9b4e59..c059bb181 100644 --- a/config/locales/he.yml +++ b/config/locales/he.yml @@ -55,6 +55,9 @@ he: about_x_hours: one: 'בערך שעה אחת' other: 'בערך %{count} שעות' + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: 'יום אחד' other: '%{count} ימים' @@ -1036,3 +1039,8 @@ he: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/hr.yml b/config/locales/hr.yml index e6efe76f7..c5d8c3090 100644 --- a/config/locales/hr.yml +++ b/config/locales/hr.yml @@ -48,6 +48,9 @@ hr: about_x_hours: one: "oko sat vremena" other: "oko %{count} sati" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dan" other: "%{count} dana" @@ -1034,3 +1037,8 @@ hr: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/hu.yml b/config/locales/hu.yml index 85d7aa3f9..311dfff72 100644 --- a/config/locales/hu.yml +++ b/config/locales/hu.yml @@ -50,6 +50,9 @@ about_x_hours: one: 'csaknem 1 órája' other: 'csaknem %{count} órája' + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: '1 napja' other: '%{count} napja' @@ -1050,3 +1053,8 @@ text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/id.yml b/config/locales/id.yml index 15b38c945..c61a36f4e 100644 --- a/config/locales/id.yml +++ b/config/locales/id.yml @@ -46,6 +46,9 @@ id: about_x_hours: one: "sekitar sejam" other: "sekitar %{count} jam" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "sehari" other: "%{count} hari" @@ -1037,3 +1040,8 @@ id: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/it.yml b/config/locales/it.yml index a5aa649f8..b3dfd5ec4 100644 --- a/config/locales/it.yml +++ b/config/locales/it.yml @@ -54,6 +54,9 @@ it: about_x_hours: one: "circa un'ora" other: "circa %{count} ore" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 giorno" other: "%{count} giorni" @@ -1032,3 +1035,8 @@ it: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/ja.yml b/config/locales/ja.yml index c65cdec90..fcf8383ac 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -52,6 +52,9 @@ ja: about_x_hours: one: "約1時間" other: "約%{count}時間" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1日" other: "%{count}日" @@ -1061,3 +1064,8 @@ ja: text_account_destroy_confirmation: |- 本当にアカウントを削除しますか? アカウントは恒久的に削除されます。削除後に再度アカウントを有効にする手段はありません。 + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/ko.yml b/config/locales/ko.yml index 0ceebd145..9551516ba 100644 --- a/config/locales/ko.yml +++ b/config/locales/ko.yml @@ -49,6 +49,9 @@ ko: about_x_hours: one: "약 한시간" other: "약 %{count}시간" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "하루" other: "%{count}일" @@ -1081,3 +1084,8 @@ ko: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/lt.yml b/config/locales/lt.yml index 9e6d434bc..381919bb9 100644 --- a/config/locales/lt.yml +++ b/config/locales/lt.yml @@ -58,6 +58,9 @@ lt: about_x_hours: one: "apie 1 valanda" other: "apie %{count} valandų" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 diena" other: "%{count} dienų" @@ -1091,3 +1094,8 @@ lt: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/lv.yml b/config/locales/lv.yml index 6933d45de..e0ad5a390 100644 --- a/config/locales/lv.yml +++ b/config/locales/lv.yml @@ -45,6 +45,9 @@ lv: about_x_hours: one: "aptuveni 1 stunda" other: "aptuveni %{count} stundas" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 diena" other: "%{count} dienas" @@ -1025,3 +1028,8 @@ lv: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/mk.yml b/config/locales/mk.yml index f88ab87cc..10ae05db1 100644 --- a/config/locales/mk.yml +++ b/config/locales/mk.yml @@ -49,6 +49,9 @@ mk: about_x_hours: one: "околу 1 час" other: "околу %{count} часа" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 ден" other: "%{count} дена" @@ -1031,3 +1034,8 @@ mk: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/mn.yml b/config/locales/mn.yml index 5e3013563..2c3c7bf8c 100644 --- a/config/locales/mn.yml +++ b/config/locales/mn.yml @@ -48,6 +48,9 @@ mn: about_x_hours: one: "1 цаг орчим" other: "ойролцоогоор %{count} цаг" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 өдөр" other: "%{count} өдөр" @@ -1031,3 +1034,8 @@ mn: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/nl.yml b/config/locales/nl.yml index 8b6c2e658..18b9782cd 100644 --- a/config/locales/nl.yml +++ b/config/locales/nl.yml @@ -48,6 +48,9 @@ nl: about_x_hours: one: "ongeveer 1 uur" other: "ongeveer %{count} uren" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dag" other: "%{count} dagen" @@ -1013,3 +1016,8 @@ nl: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/no.yml b/config/locales/no.yml index 404a44404..be87bd5eb 100644 --- a/config/locales/no.yml +++ b/config/locales/no.yml @@ -43,6 +43,9 @@ about_x_hours: one: "rundt 1 time" other: "rundt %{count} timer" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dag" other: "%{count} dager" @@ -1021,3 +1024,8 @@ text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/pl.yml b/config/locales/pl.yml index 1869cdafa..310f49119 100644 --- a/config/locales/pl.yml +++ b/config/locales/pl.yml @@ -81,6 +81,9 @@ pl: about_x_hours: one: "około godziny" other: "około %{count} godzin" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dzień" other: "%{count} dni" @@ -1048,3 +1051,8 @@ pl: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml index 3796a3651..b3aaef3e5 100644 --- a/config/locales/pt-BR.yml +++ b/config/locales/pt-BR.yml @@ -52,6 +52,9 @@ pt-BR: about_x_hours: one: 'aproximadamente 1 hora' other: 'aproximadamente %{count} horas' + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: '1 dia' @@ -1053,3 +1056,8 @@ pt-BR: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/pt.yml b/config/locales/pt.yml index ae1fed497..fe69ecc9c 100644 --- a/config/locales/pt.yml +++ b/config/locales/pt.yml @@ -50,6 +50,9 @@ pt: about_x_hours: one: "aproximadamente 1 hora" other: "aproximadamente %{count} horas" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dia" other: "%{count} dias" @@ -1036,3 +1039,8 @@ pt: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/ro.yml b/config/locales/ro.yml index 14c8a63c5..0448defc3 100644 --- a/config/locales/ro.yml +++ b/config/locales/ro.yml @@ -46,6 +46,9 @@ ro: about_x_hours: one: "aproximativ o oră" other: "aproximativ %{count} ore" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "o zi" other: "%{count} zile" @@ -1028,3 +1031,8 @@ ro: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/ru.yml b/config/locales/ru.yml index de1260e6a..95a45b79e 100644 --- a/config/locales/ru.yml +++ b/config/locales/ru.yml @@ -116,6 +116,9 @@ ru: few: "около %{count} часов" many: "около %{count} часов" other: "около %{count} часа" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "%{count} день" few: "%{count} дня" @@ -1144,3 +1147,8 @@ ru: setting_unsubscribe: "Разрешить пользователям удалять свои учетные записи" button_delete_my_account: "Удалить мою учетную запись" text_account_destroy_confirmation: "Ваша учетная запись будет полностью удалена без возможности восстановления.\nВы уверены, что хотите продолжить?" + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/sk.yml b/config/locales/sk.yml index bc66a0ca0..e93399251 100644 --- a/config/locales/sk.yml +++ b/config/locales/sk.yml @@ -48,6 +48,9 @@ sk: about_x_hours: one: "okolo 1 hodiny" other: "okolo %{count} hodín" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 deň" other: "%{count} dní" @@ -1031,3 +1034,8 @@ sk: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/sl.yml b/config/locales/sl.yml index ca8269d18..6ac328a11 100644 --- a/config/locales/sl.yml +++ b/config/locales/sl.yml @@ -49,6 +49,9 @@ sl: about_x_hours: one: "okrog 1. ure" other: "okrog %{count} ur" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 dan" other: "%{count} dni" @@ -1031,3 +1034,8 @@ sl: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/sq.yml b/config/locales/sq.yml index 353278dcf..f9956add7 100644 --- a/config/locales/sq.yml +++ b/config/locales/sq.yml @@ -49,6 +49,9 @@ sq: about_x_hours: one: "about 1 hour" other: "about %{count} hours" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 day" other: "%{count} days" @@ -1027,3 +1030,8 @@ sq: description_date_range_interval: Choose range by selecting start and end date description_date_from: Enter start date description_date_to: Enter end date + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/sr-YU.yml b/config/locales/sr-YU.yml index 06e4df19c..c088223cd 100644 --- a/config/locales/sr-YU.yml +++ b/config/locales/sr-YU.yml @@ -50,6 +50,9 @@ sr-YU: about_x_hours: one: "približno jedan sat" other: "približno %{count} sati" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "jedan dan" other: "%{count} dana" @@ -1031,3 +1034,8 @@ sr-YU: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/sr.yml b/config/locales/sr.yml index c7a2e692e..40ef2a6bf 100644 --- a/config/locales/sr.yml +++ b/config/locales/sr.yml @@ -50,6 +50,9 @@ sr: about_x_hours: one: "приближно један сат" other: "приближно %{count} сати" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "један дан" other: "%{count} дана" @@ -1032,3 +1035,8 @@ sr: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/sv.yml b/config/locales/sv.yml index b7fc051b6..aef59843f 100644 --- a/config/locales/sv.yml +++ b/config/locales/sv.yml @@ -78,6 +78,9 @@ sv: about_x_hours: one: "ungefär en timme" other: "ungefär %{count} timmar" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "en dag" other: "%{count} dagar" @@ -1069,3 +1072,8 @@ sv: description_date_range_interval: Ange intervall genom att välja start- och slutdatum description_date_from: Ange startdatum description_date_to: Ange slutdatum + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/th.yml b/config/locales/th.yml index 2cb817142..0a4fdc98c 100644 --- a/config/locales/th.yml +++ b/config/locales/th.yml @@ -48,6 +48,9 @@ th: about_x_hours: one: "about 1 hour" other: "about %{count} hours" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 day" other: "%{count} days" @@ -1028,3 +1031,8 @@ th: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/tr.yml b/config/locales/tr.yml index 65ad2bba5..17e26f275 100644 --- a/config/locales/tr.yml +++ b/config/locales/tr.yml @@ -55,6 +55,9 @@ tr: about_x_hours: one: 'yaklaşık 1 saat' other: 'yaklaşık %{count} saat' + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: '1 gün' other: '%{count} gün' @@ -1050,3 +1053,8 @@ tr: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/uk.yml b/config/locales/uk.yml index b2536ea1e..16916c08e 100644 --- a/config/locales/uk.yml +++ b/config/locales/uk.yml @@ -48,6 +48,9 @@ uk: about_x_hours: one: "about 1 hour" other: "about %{count} hours" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 day" other: "%{count} days" @@ -1026,3 +1029,8 @@ uk: setting_unsubscribe: "Дозволити користувачам видаляти свої облікові записи" button_delete_my_account: "Видалити мій обліковий запис" text_account_destroy_confirmation: "Ваш обліковий запис буде повністю видалений без можливості відновлення.\nВи певні, что бажаете продовжити?" + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/vi.yml b/config/locales/vi.yml index 75e821b42..1c046646b 100644 --- a/config/locales/vi.yml +++ b/config/locales/vi.yml @@ -79,6 +79,9 @@ vi: about_x_hours: one: "khoảng 1 giờ" other: "khoảng %{count} giờ" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 ngày" other: "%{count} ngày" @@ -1082,3 +1085,8 @@ vi: text_account_destroy_confirmation: |- Are you sure you want to proceed? Your account will be permanently deleted, with no way to reactivate it. + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml index 62579d305..7628069e7 100644 --- a/config/locales/zh-TW.yml +++ b/config/locales/zh-TW.yml @@ -120,6 +120,9 @@ about_x_hours: one: "約 1 小時" other: "約 %{count} 小時" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "1 天" other: "%{count} 天" @@ -1111,3 +1114,8 @@ description_date_range_interval: 選擇起始與結束日期以設定範圍區間 description_date_from: 輸入起始日期 description_date_to: 輸入結束日期 + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/locales/zh.yml b/config/locales/zh.yml index 6d84ebc31..ca4f93b12 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -51,6 +51,9 @@ zh: about_x_hours: one: "大约一小时" other: "大约 %{count} 小时" + x_hours: + one: "1 hour" + other: "%{count} hours" x_days: one: "一天" other: "%{count} 天" @@ -1033,3 +1036,8 @@ zh: text_account_destroy_confirmation: |- 确定继续处理? 您的账号一旦删除,将无法再次激活使用。 + error_session_expired: Your session has expired. Please login again. + text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours." + setting_session_lifetime: Session maximum lifetime + setting_session_timeout: Session inactivity timeout + label_session_expiration: Session expiration diff --git a/config/settings.yml b/config/settings.yml index 66bc78e15..67c8f6ca7 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -36,6 +36,14 @@ unsubscribe: password_min_length: format: int default: 4 +# Maximum lifetime of user sessions in minutes +session_lifetime: + format: int + default: 0 +# User session timeout in minutes +session_timeout: + format: int + default: 0 attachment_max_size: format: int default: 5120 diff --git a/doc/CHANGELOG b/doc/CHANGELOG index 2c2f69aec..b6d443a6c 100644 --- a/doc/CHANGELOG +++ b/doc/CHANGELOG @@ -7,6 +7,7 @@ http://www.redmine.org/ == TBD v1.4.4 * Defect #11112: REST API - custom fields in POST/PUT ignored for time_entries +* Feature #6597: Configurable session lifetime and timeout * Patch #11113: Small glitch in German localization == 2012-06-05 v1.4.3 diff --git a/test/functional/sessions_test.rb b/test/functional/sessions_test.rb new file mode 100644 index 000000000..d469f5050 --- /dev/null +++ b/test/functional/sessions_test.rb @@ -0,0 +1,113 @@ +# Redmine - project management software +# Copyright (C) 2006-2012 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +require File.expand_path('../../test_helper', __FILE__) + +class SessionStartTest < ActionController::TestCase + tests AccountController + + def test_login_should_set_session_timestamps + post :login, :username => 'jsmith', :password => 'jsmith' + assert_response 302 + assert_equal 2, session[:user_id] + assert_not_nil session[:ctime] + assert_not_nil session[:atime] + end +end + +class SessionsTest < ActionController::TestCase + tests WelcomeController + + def test_atime_from_user_session_should_be_updated + created = 2.hours.ago.utc.to_i + get :index, {}, {:user_id => 2, :ctime => created, :atime => created} + assert_response :success + assert_equal created, session[:ctime] + assert_not_equal created, session[:atime] + assert session[:atime] > created + end + + def test_user_session_should_not_be_reset_if_lifetime_and_timeout_disabled + with_settings :session_lifetime => '0', :session_timeout => '0' do + get :index, {}, {:user_id => 2} + assert_response :success + end + end + + def test_user_session_without_ctime_should_be_reset_if_lifetime_enabled + with_settings :session_lifetime => '720' do + get :index, {}, {:user_id => 2} + assert_redirected_to '/login' + end + end + + def test_user_session_with_expired_ctime_should_be_reset_if_lifetime_enabled + with_settings :session_timeout => '720' do + get :index, {}, {:user_id => 2, :atime => 2.days.ago.utc.to_i} + assert_redirected_to '/login' + end + end + + def test_user_session_with_valid_ctime_should_not_be_reset_if_lifetime_enabled + with_settings :session_timeout => '720' do + get :index, {}, {:user_id => 2, :atime => 3.hours.ago.utc.to_i} + assert_response :success + end + end + + def test_user_session_without_atime_should_be_reset_if_timeout_enabled + with_settings :session_timeout => '60' do + get :index, {}, {:user_id => 2} + assert_redirected_to '/login' + end + end + + def test_user_session_with_expired_atime_should_be_reset_if_timeout_enabled + with_settings :session_timeout => '60' do + get :index, {}, {:user_id => 2, :atime => 4.hours.ago.utc.to_i} + assert_redirected_to '/login' + end + end + + def test_user_session_with_valid_atime_should_not_be_reset_if_timeout_enabled + with_settings :session_timeout => '60' do + get :index, {}, {:user_id => 2, :atime => 10.minutes.ago.utc.to_i} + assert_response :success + end + end + + def test_expired_user_session_should_be_restarted_if_autologin + with_settings :session_lifetime => '720', :session_timeout => '60', :autologin => 7 do + token = Token.create!(:user_id => 2, :action => 'autologin', :created_on => 1.day.ago) + @request.cookies['autologin'] = token.value + created = 2.hours.ago.utc.to_i + + get :index, {}, {:user_id => 2, :ctime => created, :atime => created} + assert_equal 2, session[:user_id] + assert_response :success + assert_not_equal created, session[:ctime] + assert session[:ctime] >= created + end + end + + def test_anonymous_session_should_not_be_reset + with_settings :session_lifetime => '720', :session_timeout => '60' do + get :index + assert_response :success + end + end +end