Remove obsolete expire_auth_token_on_timeout

This should have been removed in dff7891b97 when token authentication (and the reset_authentication_token! method) were removed.
2026-04-28 03:00:29 -04:00 · 2015-07-11 09:01:22 -03:00
parent c72be1531c
commit 4064641967
6 changed files with 1 additions and 36 deletions
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -146,10 +146,6 @@ module Devise
  mattr_accessor :timeout_in
  @@timeout_in = 30.minutes

-  # Authentication token expiration on timeout
-  mattr_accessor :expire_auth_token_on_timeout
-  @@expire_auth_token_on_timeout = false
-
  # Used to encrypt password. Please generate one with rake secret.
  mattr_accessor :pepper
  @@pepper = nil
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@@ -21,10 +21,6 @@ Warden::Manager.after_set_user do |record, warden, options|
    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
      Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)

-      if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
-        record.reset_authentication_token!
-      end
-
      throw :warden, scope: scope, message: :timeout
    end

--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@@ -158,9 +158,6 @@ Devise.setup do |config|
  # time the user will be asked for credentials again. Default is 30 minutes.
  # config.timeout_in = 30.minutes

-  # If true, expires auth token on session timeout.
-  # config.expire_auth_token_on_timeout = false
-
  # ==> Configuration for :lockable
  # Defines which strategy will be used to lock an account.
  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@@ -110,23 +110,6 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
    assert_contain 'You are signed in'
  end

-  test 'admin does not explode on time out' do
-    admin = sign_in_as_admin
-    get expire_admin_path(admin)
-
-    Admin.send :define_method, :reset_authentication_token! do
-      nil
-    end
-
-    begin
-      get admins_path
-      assert_redirected_to admins_path
-      assert_not warden.authenticated?(:admin)
-    ensure
-      Admin.send(:remove_method, :reset_authentication_token!)
-    end
-  end
-
  test 'user configured timeout limit' do
    swap Devise, timeout_in: 8.minutes do
      user = sign_in_as_user
--- a/test/rails_app/app/controllers/admins_controller.rb
+++ b/test/rails_app/app/controllers/admins_controller.rb
@@ -3,9 +3,4 @@ class AdminsController < ApplicationController

  def index
  end
-
-  def expire
-    admin_session['last_request_at'] = 31.minutes.ago.utc
-    render text: 'Admin will be expired on next request'
-  end
 end
--- a/test/rails_app/config/routes.rb
+++ b/test/rails_app/config/routes.rb
@@ -13,9 +13,7 @@ Rails.application.routes.draw do
    end
  end

-  resources :admins, only: [:index] do
-    get :expire, on: :member
-  end
+  resources :admins, only: [:index]

  # Users scope
  devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }