diff --git a/lib/devise.rb b/lib/devise.rb index 012fbe45..d1869651 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -116,7 +116,6 @@ module Devise mattr_accessor :remember_for @@remember_for = 2.weeks - # TODO: extend_remember_period is no longer used # If true, extends the user's remember period when remembered via cookie. mattr_accessor :extend_remember_period @@extend_remember_period = false diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 655ea78f..75217d85 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -39,7 +39,7 @@ module Devise module Rememberable extend ActiveSupport::Concern - attr_accessor :remember_me, :extend_remember_period + attr_accessor :remember_me def self.required_fields(klass) [:remember_created_at] @@ -71,6 +71,10 @@ module Devise self.class.remember_for.from_now end + def extend_remember_period + self.class.extend_remember_period + end + def rememberable_value if respond_to?(:remember_token) remember_token @@ -152,9 +156,6 @@ module Devise end end - private - - # TODO: extend_remember_period is no longer used Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out) end end diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index fcc76ea5..3a09a6b4 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -25,8 +25,7 @@ module Devise end if validate(resource) - remember_me(resource) - extend_remember_me_period(resource) + remember_me(resource) if extend_remember_me?(resource) resource.after_remembered success!(resource) end @@ -43,10 +42,8 @@ module Devise private - def extend_remember_me_period(resource) - if resource.respond_to?(:extend_remember_period=) - resource.extend_remember_period = mapping.to.extend_remember_period - end + def extend_remember_me?(resource) + resource.respond_to?(:extend_remember_period) && resource.extend_remember_period end def remember_me? diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 2d82cca3..4eb52daa 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -92,7 +92,6 @@ class RememberMeTest < ActionDispatch::IntegrationTest assert_response :success assert warden.authenticated?(:user) assert warden.user(:user) == user - assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie." end test 'remember the user before sign up and redirect them to their home' do @@ -118,6 +117,40 @@ class RememberMeTest < ActionDispatch::IntegrationTest end end + test 'extends remember period when extend remember period config is true' do + swap Devise, extend_remember_period: true, remember_for: 1.year do + user = create_user_and_remember + old_remember_token = nil + + travel_to 1.day.ago do + get root_path + old_remember_token = request.cookies['remember_user_token'] + end + + get root_path + current_remember_token = request.cookies['remember_user_token'] + + refute_equal old_remember_token, current_remember_token + end + end + + test 'does not extend remember period when extend period config is false' do + swap Devise, extend_remember_period: false, remember_for: 1.year do + user = create_user_and_remember + old_remember_token = nil + + travel_to 1.day.ago do + get root_path + old_remember_token = request.cookies['remember_user_token'] + end + + get root_path + current_remember_token = request.cookies['remember_user_token'] + + assert_equal old_remember_token, current_remember_token + end + end + test 'do not remember other scopes' do create_user_and_remember get root_path