diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb index 7cb33f39..08ded1c9 100644 --- a/app/controllers/login_controller.rb +++ b/app/controllers/login_controller.rb @@ -33,30 +33,30 @@ class LoginController < ApplicationController @page_title = "TRACKS::Login" cookies[:preferred_auth] = prefered_auth? unless cookies[:preferred_auth] case request.method - when :post - if @user = User.authenticate(params['user_login'], params['user_password']) - session['user_id'] = @user.id - # If checkbox on login page checked, we don't expire the session after 1 hour - # of inactivity and we remember this user for future browser sessions - session['noexpiry'] = params['user_noexpiry'] - msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." - notify :notice, "Login successful: session #{msg}" - cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] } - unless should_expire_sessions? - @user.remember_me - cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] } - end - redirect_back_or_home - return - else - @login = params['user_login'] - notify :warning, t('login.unsuccessful') - end - when :get - if User.no_users_yet? - redirect_to signup_path - return + when :post + if @user = User.authenticate(params['user_login'], params['user_password']) + session['user_id'] = @user.id + # If checkbox on login page checked, we don't expire the session after 1 hour + # of inactivity and we remember this user for future browser sessions + session['noexpiry'] = params['user_noexpiry'] + msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." + notify :notice, "Login successful: session #{msg}" + cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] } + unless should_expire_sessions? + @user.remember_me + cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] } end + redirect_back_or_home + return + else + @login = params['user_login'] + notify :warning, t('login.unsuccessful') + end + when :get + if User.no_users_yet? + redirect_to signup_path + return + end end respond_to do |format| format.html @@ -77,9 +77,26 @@ class LoginController < ApplicationController redirect_to_login end end + + def expire_session + # this is a hack to enable cucumber to expire a session by calling this + # method. The method will be unavailable for production environment + unless Rails.env.production? + session['expiry_time'] = Time.now + respond_to do |format| + format.html { render :text => "Session expired for test purposes"} + format.js { render :text => "" } + end + else + respond_to do |format| + format.html { render :text => "Not available for production use"} + format.js { render :text => "" } + end + end + end def check_expiry - # Gets called by periodically_call_remote to check whether + # Gets called by periodically_call_remote to check whether # the session has timed out yet unless session == nil if session @@ -95,7 +112,7 @@ class LoginController < ApplicationController end end - def login_cas + def login_cas # If checkbox on login page checked, we don't expire the session after 1 hour # of inactivity and we remember this user for future browser sessions @@ -110,7 +127,6 @@ class LoginController < ApplicationController @user.remember_me cookies[:auth_token] = { :value => @user.remember_token, :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] } end - #redirect_back_or_home else notify :warning, t('login.cas_username_not_found', :username => session[:cas_user]) redirect_to signup_url ; return @@ -118,7 +134,7 @@ class LoginController < ApplicationController else notify :warning, result.message end - redirect_back_or_home + redirect_back_or_home end diff --git a/app/views/login/check_expiry.js.erb b/app/views/login/check_expiry.js.erb index 9076531b..6bd3487d 100644 --- a/app/views/login/check_expiry.js.erb +++ b/app/views/login/check_expiry.js.erb @@ -1,9 +1,10 @@ <% if @session_expired - theHtml = content_tag( + theHtml = escape_javascript(content_tag( :div, t('login.session_time_out', :link => link_to(t('login.log_in_again'), :controller => "login", :action => "login")), - :"class" => "warning") + :"class" => "warning")) + logger.debug("theHtml='#{theHtml}'") -%> - $('div#navcontainer').remove(); + $('div#navcontainer').hide(); $('div#content').html('<%=theHtml%>'); <% end -%> \ No newline at end of file diff --git a/features/logging_in.feature b/features/logging_in.feature index 1e07dc20..b4c9c321 100644 --- a/features/logging_in.feature +++ b/features/logging_in.feature @@ -49,3 +49,11 @@ Feature: Existing user logging in | search page | search page | Logout (Test User) | | "top secret" project for user "testuser" | "top secret" project for user "testuser" | Logout (Test User) | | context page for "@secret location" for user "testuser" | context page for "@secret location" for user "testuser" | Logout (Test User) | + + @selenium @wip + Scenario: When session expires, you should be logged out + When I go to the login page + And I submit the login form as user "testuser" with password "secret" + Then I should be on the login page + When my session expires + Then I should see "Session has timed out" \ No newline at end of file diff --git a/features/step_definitions/login_steps.rb b/features/step_definitions/login_steps.rb index 49995c1d..502dfb8d 100644 --- a/features/step_definitions/login_steps.rb +++ b/features/step_definitions/login_steps.rb @@ -2,6 +2,7 @@ Given /^I have logged in as "(.*)" with password "(.*)"$/ do |username, password visit login_path fill_in "Login", :with => username fill_in "Password", :with => password + uncheck "Stay logged in:" click_button if response.respond_to? :selenium selenium.wait_for_page_to_load(5000) @@ -13,5 +14,20 @@ end When /^I submit the login form as user "([^\"]*)" with password "([^\"]*)"$/ do |username, password| fill_in 'Login', :with => username fill_in 'Password', :with => password + uncheck "Stay logged in:" click_button end + +When /^my session expires$/ do + selenium.wait_for_page_to_load(5000) + + # use expire_session to force expiry of session + js = '$.ajax({type: "GET", url: "/login/expire_session", dataType: "script", async: false});' + selenium.run_script(js); + + # force check of expiry bypassing timeout + js = '$.ajax({type: "GET", url: "/login/check_expiry", dataType: "script", async: false});' + selenium.run_script(js); + + sleep(2) +end diff --git a/features/step_definitions/todo_steps.rb b/features/step_definitions/todo_steps.rb index 4a57a897..b8a5c91d 100644 --- a/features/step_definitions/todo_steps.rb +++ b/features/step_definitions/todo_steps.rb @@ -79,6 +79,7 @@ When /I change the (.*) field of "([^\"]*)" to "([^\"]*)"$/ do |field, todo_name selenium.click("//img[@id='edit_icon_todo_#{todo.id}']", :wait_for => :ajax, :javascript_framework => :jquery) selenium.type("css=form.edit_todo_form input[name=#{field}]", new_value) selenium.click("css=button.positive", :wait_for => :ajax, :javascript_framework => :jquery) + # TODO: change to a wait_for sleep(5) end