Expire other sessions on password change (#17796).

Contributed by Jan Schulz-Hofen. git-svn-id: http://svn.redmine.org/redmine/trunk@13412 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com> 2014-09-16 21:38:54 +0000
committer: Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com> 2014-09-16 21:38:54 +0000
commit: b519aba63ee0043ffd60f9002fc236f717d9f172 (patch)
tree: 4e8a47e052704bc97318550c316138c2c3977d87 /test/functional/my_controller_test.rb
parent: e632a79d59fc90ef0076f741f16b84fb689b99df (diff)
download: redmine-b519aba63ee0043ffd60f9002fc236f717d9f172.tar.gz
redmine-b519aba63ee0043ffd60f9002fc236f717d9f172.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb
index 6577aee6a..53c73341a 100644
--- a/test/functional/my_controller_test.rb
+++ b/test/functional/my_controller_test.rb
@@ -185,6 +185,18 @@ class MyControllerTest < ActionController::TestCase
     assert User.try_to_login('jsmith', 'secret123')
   end
 
+  def test_change_password_kills_other_sessions
+    @request.session[:ctime] = (Time.now - 30.minutes).utc.to_i
+
+    jsmith = User.find(2)
+    jsmith.passwd_changed_on = Time.now
+    jsmith.save!
+
+    get 'account'
+    assert_response 302
+    assert flash[:error].match(/Your session has expired/)
+  end
+
   def test_change_password_should_redirect_if_user_cannot_change_its_password
     User.find(2).update_attribute(:auth_source_id, 1)
author	Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>	2014-09-16 21:38:54 +0000
committer	Jean-Baptiste Barth <jeanbaptiste.barth@gmail.com>	2014-09-16 21:38:54 +0000
commit	b519aba63ee0043ffd60f9002fc236f717d9f172 (patch)
tree	4e8a47e052704bc97318550c316138c2c3977d87 /test/functional/my_controller_test.rb
parent	e632a79d59fc90ef0076f741f16b84fb689b99df (diff)
download	redmine-b519aba63ee0043ffd60f9002fc236f717d9f172.tar.gz redmine-b519aba63ee0043ffd60f9002fc236f717d9f172.zip