Timeout does not explode when reset_authentication_token! is accidentally defined by Active Model

2026-04-06 03:01:21 -04:00 · 2012-06-16 14:04:29 +02:00
parent b1633f2454
commit 4bc2ff997a
5 changed files with 29 additions and 2 deletions
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@@ -68,6 +68,23 @@ class SessionTimeoutTest < ActionController::IntegrationTest
    assert_contain 'You are signed in'
  end

+  test 'admin does not explode on time out' do
+    admin = sign_in_as_admin
+    get expire_admin_path(admin)
+
+    Admin.send :define_method, :reset_authentication_token! do
+      nil
+    end
+
+    begin
+      get admins_path
+      assert_redirected_to admins_path
+      assert_not warden.authenticated?(:admin)
+    ensure
+      Admin.send(:remove_method, :reset_authentication_token!)
+    end
+  end
+
  test 'user configured timeout limit' do
    swap Devise, :timeout_in => 8.minutes do
      user = sign_in_as_user
--- a/test/rails_app/app/controllers/admins_controller.rb
+++ b/test/rails_app/app/controllers/admins_controller.rb
@@ -3,4 +3,9 @@ class AdminsController < ApplicationController

  def index
  end
+
+  def expire
+    admin_session['last_request_at'] = 31.minutes.ago.utc
+    render :text => 'Admin will be expired on next request'
+  end
 end
--- a/test/rails_app/config/routes.rb
+++ b/test/rails_app/config/routes.rb
@@ -9,7 +9,9 @@ Rails.application.routes.draw do
    end
  end

-  resources :admins, :only => [:index]
+  resources :admins, :only => [:index] do
+    get :expire, :on => :member
+  end

  # Users scope
  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }