github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity

Authentication token expiration on session timeout

Browse Source
This commit is contained in:
Andrey Voronkov
2012-04-02 20:48:23 +04:00
parent 9d724cb72a
commit 7ecbba089f
4 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
test/integration/token_authenticatable_test.rb
View File

@@ -100,6 +100,19 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
end
end
test 'should not authenticated and reset token when expire_auth_token_on_timeout is set to true, timeoutable is enabled and we have a timed out session' do
swap Devise, :token_authentication_key => :secret_token, :expire_auth_token_on_timeout => true, :timeout_in => (-1).minute do
user = sign_in_as_new_user_with_token
assert warden.authenticated?(:user)
token = user.authentication_token
get_users_path_as_existing_user(user)
assert_not warden.authenticated?(:user)
user.reload
assert_not_equal token, user.authentication_token
end
end
test 'should not be subject to injection' do
swap Devise, :token_authentication_key => :secret_token do
user1 = create_user_with_authentication_token()