From 76e7025f07165af4763b941540190b1d693898ac Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 15 Feb 2015 09:09:35 +0000
Subject: [PATCH] Workaround for timestamps rounding issues with Rails4.2 and
 mysql5.7 that may kill user session after password is changed (#17460).

git-svn-id: http://svn.redmine.org/redmine/trunk@14011 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/my_controller.rb | 2 +-
 app/models/user.rb               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index 8ef263ebc..982541db1 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -102,7 +102,7 @@ class MyController < ApplicationController
         if @user.save
           # Reset the session creation time to not log out this session on next
           # request due to ApplicationController#force_logout_if_password_changed
-          session[:ctime] = Time.now.utc.to_i
+          session[:ctime] = User.current.passwd_changed_on.utc.to_i
           flash[:notice] = l(:notice_account_password_updated)
           redirect_to my_account_path
         end
diff --git a/app/models/user.rb b/app/models/user.rb
index 2175d0682..8811a65fd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -314,7 +314,7 @@ class User < Principal
   def salt_password(clear_password)
     self.salt = User.generate_salt
     self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
-    self.passwd_changed_on = Time.now
+    self.passwd_changed_on = Time.now.change(:usec => 0)
   end
 
   # Does the backend storage allow this user to change their password?
-- 
2.39.5