kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Configurable session lifetime and timeout (#6597). 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9797 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2012-06-10 13:16:56 +00:00
parent 26ff9e1c26
commit 74645eb017
51 changed files with 555 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
app/controllers/application_controller.rb
View File

@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base
cookies.delete(:autologin)
end
before_filter :user_setup, :check_if_login_required, :set_localization
before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
rescue_from ::Unauthorized, :with => :deny_access
@ -44,6 +44,38 @@ class ApplicationController < ActionController::Base
include Redmine::MenuManager::MenuController
helper Redmine::MenuManager::MenuHelper
def session_expiration
if session[:user_id]
if session_expired? && !try_to_autologin
reset_session
flash[:error] = l(:error_session_expired)
redirect_to signin_url
else
session[:atime] = Time.now.utc.to_i
end
end
end
def session_expired?
if Setting.session_lifetime?
unless session[:ctime] && (Time.now.utc.to_i - session[:ctime].to_i <= Setting.session_lifetime.to_i * 60)
return true
end
end
if Setting.session_timeout?
unless session[:atime] && (Time.now.utc.to_i - session[:atime].to_i <= Setting.session_timeout.to_i * 60)
return true
end
end
false
end
def start_user_session(user)
session[:user_id] = user.id
session[:ctime] = Time.now.utc.to_i
session[:atime] = Time.now.utc.to_i
end
def user_setup
# Check the settings cache for each request
Setting.check_cache
@ -57,10 +89,7 @@ class ApplicationController < ActionController::Base
if session[:user_id]
# existing session
(User.active.find(session[:user_id]) rescue nil)
elsif cookies[:autologin] && Setting.autologin?
# auto-login feature starts a new session
user = User.try_to_autologin(cookies[:autologin])
session[:user_id] = user.id if user
elsif user = try_to_autologin
user
elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
# RSS key authentication does not start a session
@ -78,12 +107,24 @@ class ApplicationController < ActionController::Base
end
end
def try_to_autologin
if cookies[:autologin] && Setting.autologin?
# auto-login feature starts a new session
user = User.try_to_autologin(cookies[:autologin])
if user
reset_session
start_user_session(user)
end
user
end
end
# Sets the logged in user
def logged_user=(user)
reset_session
if user && user.is_a?(User)
User.current = user
session[:user_id] = user.id
start_user_session(user)
else
User.current = User.anonymous
end

11
app/views/settings/_authentication.html.erb
View File

@ -21,5 +21,16 @@
<p><%= setting_check_box :rest_api_enabled %></p>
</div>
<fieldset class="box">
<legend><%= l(:label_session_expiration) %></legend>
<div class="tabular settings">
<p><%= setting_select :session_lifetime, [[l(:label_disabled), 0]] + [1, 7, 30, 60, 365].collect{|days| [l('datetime.distance_in_words.x_days', :count => days), (days * 60 * 24).to_s]} %></p>
<p><%= setting_select :session_timeout, [[l(:label_disabled), 0]] + [1, 2, 4, 8, 12, 24, 48].collect{|hours| [l('datetime.distance_in_words.x_hours', :count => hours), (hours * 60).to_s]} %></p>
</div>
<p><em class="info"><%= l(:text_session_expiration_settings) %></em></p>
</fieldset>
<%= submit_tag l(:button_save) %>
<% end %>

8
config/locales/ar.yml
View File

@ -49,6 +49,9 @@ ar:
about_x_hours:
one: "حوالي ساعة"
other: "ساعات %{count}حوالي "
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "يوم"
other: "%{count} أيام"
@ -1031,3 +1034,8 @@ ar:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/bg.yml
View File

@ -50,6 +50,9 @@ bg:
about_x_hours:
one: "около 1 час"
other: "около %{count} часа"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 ден"
other: "%{count} дена"
@ -1028,3 +1031,8 @@ bg:
description_date_range_interval: Изберете диапазон чрез задаване на начална и крайна дати
description_date_from: Въведете начална дата
description_date_to: Въведете крайна дата
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/bs.yml
View File

@ -48,6 +48,9 @@ bs:
about_x_hours:
one: "oko 1 sahat"
other: "oko %{count} sahata"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dan"
other: "%{count} dana"
@ -1045,3 +1048,8 @@ bs:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/ca.yml
View File

@ -52,6 +52,9 @@ ca:
about_x_hours:
one: "aproximadament 1 hora"
other: "aproximadament %{count} hores"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dia"
other: "%{count} dies"
@ -1033,3 +1036,8 @@ ca:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/cs.yml
View File

@ -53,6 +53,9 @@ cs:
about_x_hours:
one: "asi 1 hodina"
other: "asi %{count} hodin"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 den"
other: "%{count} dnů"
@ -1034,3 +1037,8 @@ cs:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/da.yml
View File

@ -51,6 +51,9 @@ da:
about_x_hours:
one: "cirka en time"
other: "cirka %{count} timer"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "en dag"
other: "%{count} dage"
@ -1048,3 +1051,8 @@ da:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/de.yml
View File

@ -52,6 +52,9 @@ de:
about_x_hours:
one: 'etwa 1 Stunde'
other: 'etwa %{count} Stunden'
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: '1 Tag'
other: '%{count} Tagen'
@ -1049,3 +1052,8 @@ de:
setting_unsubscribe: Erlaubt Benutzern das eigene Benutzerkonto zu löschen
button_delete_my_account: Mein Benutzerkonto löschen
text_account_destroy_confirmation: Möchten Sie wirklich fortfahren?\nIhr Benutzerkonto wird für immer gelöscht und kann nicht wiederhergestellt werden.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/el.yml
View File

@ -51,6 +51,9 @@ el:
about_x_hours:
one: "περίπου 1 ώρα"
other: "περίπου %{count} ώρες"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 ημέρα"
other: "%{count} ημέρες"
@ -1031,3 +1034,8 @@ el:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/en-GB.yml
View File

@ -48,6 +48,9 @@ en-GB:
about_x_hours:
one: "about 1 hour"
other: "about %{count} hours"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 day"
other: "%{count} days"
@ -1033,3 +1036,8 @@ en-GB:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/en.yml
View File

@ -49,6 +49,9 @@ en:
about_x_hours:
one: "about 1 hour"
other: "about %{count} hours"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 day"
other: "%{count} days"
@ -194,6 +197,7 @@ en:
error_unable_delete_issue_status: 'Unable to delete issue status'
error_unable_to_connect: "Unable to connect (%{value})"
error_attachment_too_big: "This file cannot be uploaded because it exceeds the maximum allowed file size (%{max_size})"
error_session_expired: "Your session has expired. Please login again."
warning_attachments_not_saved: "%{count} file(s) could not be saved."
mail_subject_lost_password: "Your %{value} password"
@ -385,6 +389,8 @@ en:
setting_default_issue_start_date_to_creation_date: Use current date as start date for new issues
setting_commit_cross_project_ref: Allow issues of all the other projects to be referenced and fixed
setting_unsubscribe: Allow users to delete their own account
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
permission_add_project: Create project
permission_add_subprojects: Create subprojects
@ -847,6 +853,7 @@ en:
label_item_position: "%{position} of %{count}"
label_completed_versions: Completed versions
label_search_for_watchers: Search for watchers to add
label_session_expiration: Session expiration
button_login: Login
button_submit: Submit
@ -982,6 +989,7 @@ en:
text_issue_conflict_resolution_add_notes: "Add my notes and discard my other changes"
text_issue_conflict_resolution_cancel: "Discard all my changes and redisplay %{link}"
text_account_destroy_confirmation: "Are you sure you want to proceed?\nYour account will be permanently deleted, with no way to reactivate it."
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
default_role_manager: Manager
default_role_developer: Developer

8
config/locales/es.yml
View File

@ -79,6 +79,9 @@ es:
about_x_hours:
one: "alrededor de 1 hora"
other: "alrededor de %{count} horas"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 día"
other: "%{count} días"
@ -1068,3 +1071,8 @@ es:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/et.yml
View File

@ -66,6 +66,9 @@ et:
about_x_hours:
one: "umbes tund"
other: "umbes %{count} tundi"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 päev"
other: "%{count} päeva"
@ -1044,3 +1047,8 @@ et:
description_date_range_interval: "Vali vahemik algus- ja lõpukuupäeva abil"
description_date_from: "Sisesta alguskuupäev"
description_date_to: "Sisesta lõpukuupäev"
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/eu.yml
View File

@ -52,6 +52,9 @@ eu:
about_x_hours:
one: "ordu 1 inguru"
other: "%{count} ordu inguru"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "egun 1"
other: "%{count} egun"
@ -1034,3 +1037,8 @@ eu:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/fa.yml
View File

@ -49,6 +49,9 @@ fa:
about_x_hours:
one: "نزدیک 1 ساعت"
other: "نزدیک %{count} ساعت"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 روز"
other: "%{count} روز"
@ -1033,3 +1036,8 @@ fa:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/fi.yml
View File

@ -94,6 +94,9 @@ fi:
about_x_hours:
one: "noin tunti"
other: "noin %{count} tuntia"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "päivä"
other: "%{count} päivää"
@ -1052,3 +1055,8 @@ fi:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/fr.yml
View File

@ -53,6 +53,9 @@ fr:
about_x_hours:
one: "environ une heure"
other: "environ %{count} heures"
x_hours:
one: "une heure"
other: "%{count} heures"
x_days:
one: "un jour"
other: "%{count} jours"
@ -201,6 +204,7 @@ fr:
error_workflow_copy_target: 'Veuillez sélectionner les trackers et rôles cibles'
error_issue_done_ratios_not_updated: L'avancement des demandes n'a pas pu être mis à jour.
error_attachment_too_big: Ce fichier ne peut pas être attaché car il excède la taille maximale autorisée (%{max_size})
error_session_expired: "Votre session a expiré. Veuillez vous reconnecter."
warning_attachments_not_saved: "%{count} fichier(s) n'ont pas pu être sauvegardés."
@ -381,6 +385,8 @@ fr:
setting_default_issue_start_date_to_creation_date: Donner à la date de début d'une nouvelle demande la valeur de la date du jour
setting_commit_cross_project_ref: Permettre le référencement et la résolution des demandes de tous les autres projets
setting_unsubscribe: Permettre aux utilisateurs de supprimer leur propre compte
setting_session_lifetime: Durée de vie maximale des sessions
setting_session_timeout: Durée maximale d'inactivité
permission_add_project: Créer un projet
permission_add_subprojects: Créer des sous-projets
@ -822,6 +828,7 @@ fr:
label_copy_attachments: Copier les fichiers
label_item_position: "%{position} sur %{count}"
label_completed_versions: Versions passées
label_session_expiration: Expiration des sessions
button_login: Connexion
button_submit: Soumettre
@ -938,6 +945,7 @@ fr:
text_issue_conflict_resolution_add_notes: "Ajouter mes notes et ignorer mes autres changements"
text_issue_conflict_resolution_cancel: "Annuler ma mise à jour et réafficher %{link}"
text_account_destroy_confirmation: "Êtes-vous sûr de vouloir continuer ?\nVotre compte sera définitivement supprimé, sans aucune possibilité de le réactiver."
text_session_expiration_settings: "Attention : le changement de ces paramètres peut entrainer l'expiration des sessions utilisateurs en cours, y compris la vôtre."
default_role_manager: "Manager "
default_role_developer: "Développeur "

8
config/locales/gl.yml
View File

@ -90,6 +90,9 @@ gl:
about_x_hours:
one: 'aproximadamente unha hora'
other: '%{count} horas'
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: '1 día'
other: '%{count} días'
@ -1042,3 +1045,8 @@ gl:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/he.yml
View File

@ -55,6 +55,9 @@ he:
about_x_hours:
one: 'בערך שעה אחת'
other: 'בערך %{count} שעות'
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: 'יום אחד'
other: '%{count} ימים'
@ -1036,3 +1039,8 @@ he:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/hr.yml
View File

@ -48,6 +48,9 @@ hr:
about_x_hours:
one: "oko sat vremena"
other: "oko %{count} sati"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dan"
other: "%{count} dana"
@ -1034,3 +1037,8 @@ hr:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/hu.yml
View File

@ -50,6 +50,9 @@
about_x_hours:
one: 'csaknem 1 órája'
other: 'csaknem %{count} órája'
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: '1 napja'
other: '%{count} napja'
@ -1050,3 +1053,8 @@
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/id.yml
View File

@ -46,6 +46,9 @@ id:
about_x_hours:
one: "sekitar sejam"
other: "sekitar %{count} jam"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "sehari"
other: "%{count} hari"
@ -1037,3 +1040,8 @@ id:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/it.yml
View File

@ -54,6 +54,9 @@ it:
about_x_hours:
one: "circa un'ora"
other: "circa %{count} ore"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 giorno"
other: "%{count} giorni"
@ -1032,3 +1035,8 @@ it:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/ja.yml
View File

@ -52,6 +52,9 @@ ja:
about_x_hours:
one: "約1時間"
other: "約%{count}時間"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1日"
other: "%{count}日"
@ -1061,3 +1064,8 @@ ja:
text_account_destroy_confirmation: |-
本当にアカウントを削除しますか?
アカウントは恒久的に削除されます。削除後に再度アカウントを有効にする手段はありません。
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/ko.yml
View File

@ -49,6 +49,9 @@ ko:
about_x_hours:
one: "약 한시간"
other: "약 %{count}시간"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "하루"
other: "%{count}일"
@ -1081,3 +1084,8 @@ ko:
text_account_destroy_confirmation: |-
계속하시겠습니까?
계정이 삭제되면 복구할 수 없습니다.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/lt.yml
View File

@ -58,6 +58,9 @@ lt:
about_x_hours:
one: "apie 1 valanda"
other: "apie %{count} valandų"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 diena"
other: "%{count} dienų"
@ -1091,3 +1094,8 @@ lt:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/lv.yml
View File

@ -45,6 +45,9 @@ lv:
about_x_hours:
one: "aptuveni 1 stunda"
other: "aptuveni %{count} stundas"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 diena"
other: "%{count} dienas"
@ -1025,3 +1028,8 @@ lv:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/mk.yml
View File

@ -49,6 +49,9 @@ mk:
about_x_hours:
one: "околу 1 час"
other: "околу %{count} часа"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 ден"
other: "%{count} дена"
@ -1031,3 +1034,8 @@ mk:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/mn.yml
View File

@ -48,6 +48,9 @@ mn:
about_x_hours:
one: "1 цаг орчим"
other: "ойролцоогоор %{count} цаг"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 өдөр"
other: "%{count} өдөр"
@ -1031,3 +1034,8 @@ mn:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/nl.yml
View File

@ -48,6 +48,9 @@ nl:
about_x_hours:
one: "ongeveer 1 uur"
other: "ongeveer %{count} uren"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dag"
other: "%{count} dagen"
@ -1013,3 +1016,8 @@ nl:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/no.yml
View File

@ -43,6 +43,9 @@
about_x_hours:
one: "rundt 1 time"
other: "rundt %{count} timer"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dag"
other: "%{count} dager"
@ -1021,3 +1024,8 @@
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/pl.yml
View File

@ -81,6 +81,9 @@ pl:
about_x_hours:
one: "około godziny"
other: "około %{count} godzin"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dzień"
other: "%{count} dni"
@ -1048,3 +1051,8 @@ pl:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/pt-BR.yml
View File

@ -52,6 +52,9 @@ pt-BR:
about_x_hours:
one: 'aproximadamente 1 hora'
other: 'aproximadamente %{count} horas'
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: '1 dia'
@ -1053,3 +1056,8 @@ pt-BR:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/pt.yml
View File

@ -50,6 +50,9 @@ pt:
about_x_hours:
one: "aproximadamente 1 hora"
other: "aproximadamente %{count} horas"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dia"
other: "%{count} dias"
@ -1036,3 +1039,8 @@ pt:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/ro.yml
View File

@ -46,6 +46,9 @@ ro:
about_x_hours:
one: "aproximativ o oră"
other: "aproximativ %{count} ore"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "o zi"
other: "%{count} zile"
@ -1028,3 +1031,8 @@ ro:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/ru.yml
View File

@ -116,6 +116,9 @@ ru:
few: "около %{count} часов"
many: "около %{count} часов"
other: "около %{count} часа"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "%{count} день"
few: "%{count} дня"
@ -1144,3 +1147,8 @@ ru:
setting_unsubscribe: "Разрешить пользователям удалять свои учетные записи"
button_delete_my_account: "Удалить мою учетную запись"
text_account_destroy_confirmation: "Ваша учетная запись будет полностью удалена без возможности восстановления.\nВы уверены, что хотите продолжить?"
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/sk.yml
View File

@ -48,6 +48,9 @@ sk:
about_x_hours:
one: "okolo 1 hodiny"
other: "okolo %{count} hodín"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 deň"
other: "%{count} dní"
@ -1031,3 +1034,8 @@ sk:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/sl.yml
View File

@ -49,6 +49,9 @@ sl:
about_x_hours:
one: "okrog 1. ure"
other: "okrog %{count} ur"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 dan"
other: "%{count} dni"
@ -1031,3 +1034,8 @@ sl:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/sq.yml
View File

@ -49,6 +49,9 @@ sq:
about_x_hours:
one: "about 1 hour"
other: "about %{count} hours"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 day"
other: "%{count} days"
@ -1027,3 +1030,8 @@ sq:
description_date_range_interval: Choose range by selecting start and end date
description_date_from: Enter start date
description_date_to: Enter end date
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/sr-YU.yml
View File

@ -50,6 +50,9 @@ sr-YU:
about_x_hours:
one: "približno jedan sat"
other: "približno %{count} sati"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "jedan dan"
other: "%{count} dana"
@ -1031,3 +1034,8 @@ sr-YU:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/sr.yml
View File

@ -50,6 +50,9 @@ sr:
about_x_hours:
one: "приближно један сат"
other: "приближно %{count} сати"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "један дан"
other: "%{count} дана"
@ -1032,3 +1035,8 @@ sr:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/sv.yml
View File

@ -78,6 +78,9 @@ sv:
about_x_hours:
one: "ungefär en timme"
other: "ungefär %{count} timmar"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "en dag"
other: "%{count} dagar"
@ -1069,3 +1072,8 @@ sv:
description_date_range_interval: Ange intervall genom att välja start- och slutdatum
description_date_from: Ange startdatum
description_date_to: Ange slutdatum
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/th.yml
View File

@ -48,6 +48,9 @@ th:
about_x_hours:
one: "about 1 hour"
other: "about %{count} hours"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 day"
other: "%{count} days"
@ -1028,3 +1031,8 @@ th:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/tr.yml
View File

@ -55,6 +55,9 @@ tr:
about_x_hours:
one: 'yaklaşık 1 saat'
other: 'yaklaşık %{count} saat'
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: '1 gün'
other: '%{count} gün'
@ -1050,3 +1053,8 @@ tr:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/uk.yml
View File

@ -48,6 +48,9 @@ uk:
about_x_hours:
one: "about 1 hour"
other: "about %{count} hours"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 day"
other: "%{count} days"
@ -1026,3 +1029,8 @@ uk:
setting_unsubscribe: "Дозволити користувачам видаляти свої облікові записи"
button_delete_my_account: "Видалити мій обліковий запис"
text_account_destroy_confirmation: "Ваш обліковий запис буде повністю видалений без можливості відновлення.\nВи певні, что бажаете продовжити?"
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/vi.yml
View File

@ -79,6 +79,9 @@ vi:
about_x_hours:
one: "khoảng 1 giờ"
other: "khoảng %{count} giờ"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 ngày"
other: "%{count} ngày"
@ -1082,3 +1085,8 @@ vi:
text_account_destroy_confirmation: |-
Are you sure you want to proceed?
Your account will be permanently deleted, with no way to reactivate it.
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/zh-TW.yml
View File

@ -120,6 +120,9 @@
about_x_hours:
one: "約 1 小時"
other: "約 %{count} 小時"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "1 天"
other: "%{count} 天"
@ -1111,3 +1114,8 @@
description_date_range_interval: 選擇起始與結束日期以設定範圍區間
description_date_from: 輸入起始日期
description_date_to: 輸入結束日期
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/locales/zh.yml
View File

@ -51,6 +51,9 @@ zh:
about_x_hours:
one: "大约一小时"
other: "大约 %{count} 小时"
x_hours:
one: "1 hour"
other: "%{count} hours"
x_days:
one: "一天"
other: "%{count} 天"
@ -1033,3 +1036,8 @@ zh:
text_account_destroy_confirmation: |-
确定继续处理?
您的账号一旦删除,将无法再次激活使用。
error_session_expired: Your session has expired. Please login again.
text_session_expiration_settings: "Warning: changing these settings may expire the current sessions including yours."
setting_session_lifetime: Session maximum lifetime
setting_session_timeout: Session inactivity timeout
label_session_expiration: Session expiration

8
config/settings.yml
View File

@ -36,6 +36,14 @@ unsubscribe:
password_min_length:
format: int
default: 4
# Maximum lifetime of user sessions in minutes
session_lifetime:
format: int
default: 0
# User session timeout in minutes
session_timeout:
format: int
default: 0
attachment_max_size:
format: int
default: 5120

113
test/functional/sessions_test.rb Normal file
View File

@ -0,0 +1,113 @@
# Redmine - project management software
# Copyright (C) 2006-2012 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require File.expand_path('../../test_helper', __FILE__)
class SessionStartTest < ActionController::TestCase
tests AccountController
def test_login_should_set_session_timestamps
post :login, :username => 'jsmith', :password => 'jsmith'
assert_response 302
assert_equal 2, session[:user_id]
assert_not_nil session[:ctime]
assert_not_nil session[:atime]
end
end
class SessionsTest < ActionController::TestCase
tests WelcomeController
def test_atime_from_user_session_should_be_updated
created = 2.hours.ago.utc.to_i
get :index, {}, {:user_id => 2, :ctime => created, :atime => created}
assert_response :success
assert_equal created, session[:ctime]
assert_not_equal created, session[:atime]
assert session[:atime] > created
end
def test_user_session_should_not_be_reset_if_lifetime_and_timeout_disabled
with_settings :session_lifetime => '0', :session_timeout => '0' do
get :index, {}, {:user_id => 2}
assert_response :success
end
end
def test_user_session_without_ctime_should_be_reset_if_lifetime_enabled
with_settings :session_lifetime => '720' do
get :index, {}, {:user_id => 2}
assert_redirected_to '/login'
end
end
def test_user_session_with_expired_ctime_should_be_reset_if_lifetime_enabled
with_settings :session_timeout => '720' do
get :index, {}, {:user_id => 2, :atime => 2.days.ago.utc.to_i}
assert_redirected_to '/login'
end
end
def test_user_session_with_valid_ctime_should_not_be_reset_if_lifetime_enabled
with_settings :session_timeout => '720' do
get :index, {}, {:user_id => 2, :atime => 3.hours.ago.utc.to_i}
assert_response :success
end
end
def test_user_session_without_atime_should_be_reset_if_timeout_enabled
with_settings :session_timeout => '60' do
get :index, {}, {:user_id => 2}
assert_redirected_to '/login'
end
end
def test_user_session_with_expired_atime_should_be_reset_if_timeout_enabled
with_settings :session_timeout => '60' do
get :index, {}, {:user_id => 2, :atime => 4.hours.ago.utc.to_i}
assert_redirected_to '/login'
end
end
def test_user_session_with_valid_atime_should_not_be_reset_if_timeout_enabled
with_settings :session_timeout => '60' do
get :index, {}, {:user_id => 2, :atime => 10.minutes.ago.utc.to_i}
assert_response :success
end
end
def test_expired_user_session_should_be_restarted_if_autologin
with_settings :session_lifetime => '720', :session_timeout => '60', :autologin => 7 do
token = Token.create!(:user_id => 2, :action => 'autologin', :created_on => 1.day.ago)
@request.cookies['autologin'] = token.value
created = 2.hours.ago.utc.to_i
get :index, {}, {:user_id => 2, :ctime => created, :atime => created}
assert_equal 2, session[:user_id]
assert_response :success
assert_not_equal created, session[:ctime]
assert session[:ctime] >= created
end
end
def test_anonymous_session_should_not_be_reset
with_settings :session_lifetime => '720', :session_timeout => '60' do
get :index
assert_response :success
end
end
end