---
src/app/controllers/application_controller.rb | 9 ++++++-
src/config/initializers/session_store.rb | 2 +-
src/public/javascripts/application.js | 7 +++++-
src/spec/requests/sessions_spec.rb | 34 +++++++++++++++++++++++++++
4 files changed, 49 insertions(+), 3 deletions(-)
create mode 100644 src/spec/requests/sessions_spec.rb
diff --git a/src/app/controllers/application_controller.rb
b/src/app/controllers/application_controller.rb
index be59245..05c1aab 100644
--- a/src/app/controllers/application_controller.rb
+++ b/src/app/controllers/application_controller.rb
@@ -25,7 +25,7 @@ class ApplicationController < ActionController::Base
# FIXME: not sure what we're doing aobut service layer w/ deltacloud
include ApplicationService
helper_method :current_session, :current_user, :filter_view?
- before_filter :read_breadcrumbs, :set_locale
+ before_filter :read_breadcrumbs, :set_locale, :check_session
# General error handlers, must be in order from least specific
# to most specific
@@ -422,4 +422,11 @@ class ApplicationController < ActionController::Base
result
end
+ #before filter to invalidate session for backbone
+ def check_session
+ return unless request.format == :json
+ session_entity = SessionEntity.find_by_session_id(current_session)
+ logout if session_entity.present? && session_entity.created_at <
15.minutes.ago
+ end
+
end
diff --git a/src/config/initializers/session_store.rb
b/src/config/initializers/session_store.rb
index 8ff62fa..5fd69a1 100644
--- a/src/config/initializers/session_store.rb
+++ b/src/config/initializers/session_store.rb
@@ -28,4 +28,4 @@ Conductor::Application.config.session = {
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with "rake db:sessions:create")
-Conductor::Application.config.session_store :active_record_store
+Conductor::Application.config.session_store :active_record_store, :expire_after =>
15.minutes
diff --git a/src/public/javascripts/application.js
b/src/public/javascripts/application.js
index 2162880..fa842b2 100644
--- a/src/public/javascripts/application.js
+++ b/src/public/javascripts/application.js
@@ -25,7 +25,12 @@ $.extend(Conductor, {
$('#tab').html(data).show();
})
.error(function(data) {
- $('#tab').html(data.responseText).show();
+ // If our session has timed out, redirect to the login page:
+ if(data.status == 401) {
+ window.location = Conductor.PATH_PREFIX + "login";
+ } else {
+ $('#tab').html(data.responseText).show();
+ }
});
Conductor.tabRemoveActiveClass();
diff --git a/src/spec/requests/sessions_spec.rb b/src/spec/requests/sessions_spec.rb
new file mode 100644
index 0000000..c93df9d
--- /dev/null
+++ b/src/spec/requests/sessions_spec.rb
@@ -0,0 +1,34 @@
+require 'spec_helper'
+
+describe "Sessions" do
+ describe "User not logged in" do
+
+ it "should not be authenticated" do
+ get pools_path
+ response.status.should be(302)
+ end
+ end
+
+ describe "User logged in" do
+ before do
+ @user = FactoryGirl.create :tuser
+ visit root_path
+ fill_in "Username", :with => @user.login
+ fill_in "password-input", :with => "secret"
+ click_button "Login"
+ end
+
+ it "should be authenticated" do
+ page.status_code.should be(200)
+ end
+
+ it "should have expired session" do
+ visit pools_path
+ Timecop.travel(Time.now+16.minutes)
+ visit pools_path
+ page.body.should include "#login"
+ Timecop.return
+ end
+
+ end
+end
--
1.7.11.2