add a cucumber test to simulate expiration of a session

Signed-off-by: Reinier Balt <lrbalt@gmail.com>

app/controllers/login_controller.rb

@@ -33,30 +33,30 @@ class LoginController < ApplicationController
       @page_title = "TRACKS::Login"
       cookies[:preferred_auth] = prefered_auth? unless cookies[:preferred_auth]
       case request.method
-        when :post
-          if @user = User.authenticate(params['user_login'], params['user_password'])
-            session['user_id'] = @user.id
-            # If checkbox on login page checked, we don't expire the session after 1 hour
-            # of inactivity and we remember this user for future browser sessions
-            session['noexpiry'] = params['user_noexpiry']
-            msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." 
-            notify :notice, "Login successful: session #{msg}"
-            cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
-            unless should_expire_sessions?
-              @user.remember_me
-              cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
-            end
-            redirect_back_or_home
-            return
-          else
-            @login = params['user_login']
-            notify :warning, t('login.unsuccessful')
-          end
-        when :get
-          if User.no_users_yet?
-            redirect_to signup_path
-            return
+      when :post
+        if @user = User.authenticate(params['user_login'], params['user_password'])
+          session['user_id'] = @user.id
+          # If checkbox on login page checked, we don't expire the session after 1 hour
+          # of inactivity and we remember this user for future browser sessions
+          session['noexpiry'] = params['user_noexpiry']
+          msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
+          notify :notice, "Login successful: session #{msg}"
+          cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
+          unless should_expire_sessions?
+            @user.remember_me
+            cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
           end
+          redirect_back_or_home
+          return
+        else
+          @login = params['user_login']
+          notify :warning, t('login.unsuccessful')
+        end
+      when :get
+        if User.no_users_yet?
+          redirect_to signup_path
+          return
+        end
       end
       respond_to do |format|
         format.html
@@ -77,9 +77,26 @@ class LoginController < ApplicationController
       redirect_to_login
     end
   end
+
+  def expire_session
+    # this is a hack to enable cucumber to expire a session by calling this
+    # method. The method will be unavailable for production environment
+    unless Rails.env.production?
+      session['expiry_time'] = Time.now
+      respond_to do |format|
+        format.html { render :text => "Session expired for test purposes"}
+        format.js { render :text => "" }
+      end
+    else
+      respond_to do |format|
+        format.html { render :text => "Not available for production use"}
+        format.js { render :text => "" }
+      end
+    end
+  end
   
   def check_expiry
-    # Gets called by periodically_call_remote to check whether 
+    # Gets called by periodically_call_remote to check whether
     # the session has timed out yet
     unless session == nil
       if session
@@ -95,7 +112,7 @@ class LoginController < ApplicationController
     end
   end
 
-    def login_cas
+  def login_cas
     # If checkbox on login page checked, we don't expire the session after 1 hour
     # of inactivity and we remember this user for future browser sessions
 
@@ -110,7 +127,6 @@ class LoginController < ApplicationController
           @user.remember_me
           cookies[:auth_token] = { :value => @user.remember_token, :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
         end
-        #redirect_back_or_home
       else
         notify :warning, t('login.cas_username_not_found', :username => session[:cas_user])
         redirect_to signup_url ; return
@@ -118,7 +134,7 @@ class LoginController < ApplicationController
     else
       notify :warning, result.message
     end
-    redirect_back_or_home 
+    redirect_back_or_home
 
   end