From 1c2e8c9dac3c35ef3981fd045e006cbf2fe5ce57 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Sun, 17 Sep 2017 01:46:32 +0300 Subject: [PATCH 1/4] Set session timeout to 5 years in development and staging environments --- config/initializers/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 83a076769..899dfefb1 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -155,7 +155,7 @@ Devise.setup do |config| # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this # time the user will be asked for credentials again. Default is 30 minutes. - config.timeout_in = 8.hours + config.timeout_in = (Rails.env.development? || Rails.env.staging?) ? 5.years : 8.hours # If true, expires auth token on session timeout. # config.expire_auth_token_on_timeout = false From 192591139f78618ac22794dbbf8bc324a53d66a7 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 27 Sep 2017 01:21:21 +0300 Subject: [PATCH 2/4] Refactor figaro config --- config/initializers/{env_required.rb => figaro.rb} | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) rename config/initializers/{env_required.rb => figaro.rb} (80%) diff --git a/config/initializers/env_required.rb b/config/initializers/figaro.rb similarity index 80% rename from config/initializers/env_required.rb rename to config/initializers/figaro.rb index 585fd9031..9c2ae3b34 100644 --- a/config/initializers/env_required.rb +++ b/config/initializers/figaro.rb @@ -1,4 +1,4 @@ -required = %w( +Figaro.require_keys(%w[ app_name zonefile_export_dir secret_key_base @@ -11,6 +11,4 @@ required = %w( legal_documents_dir bank_statement_import_dir time_zone -) - -Figaro.require_keys(required) +]) From 030eaa3078bf8786ae8d13d1f165a63dbba563df Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 27 Sep 2017 01:58:43 +0300 Subject: [PATCH 3/4] Enable configuring user session timeout --- config/application-example.yml | 2 ++ config/initializers/devise.rb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/application-example.yml b/config/application-example.yml index 69ade1976..f54557828 100644 --- a/config/application-example.yml +++ b/config/application-example.yml @@ -127,3 +127,5 @@ payments_lhv_url: 'https://www.seb.ee/cgi-bin/dv.sh/ipank.r' payments_lhv_bank_certificate: 'eyp_pub.pem' payments_lhv_seller_private: 'kaupmees_priv.pem' payments_lhv_seller_account: 'testvpos' + +user_session_timeout: '3600' # 1 hour diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 899dfefb1..7862dccc2 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -155,7 +155,7 @@ Devise.setup do |config| # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this # time the user will be asked for credentials again. Default is 30 minutes. - config.timeout_in = (Rails.env.development? || Rails.env.staging?) ? 5.years : 8.hours + config.timeout_in = ENV['user_session_timeout'] # If true, expires auth token on session timeout. # config.expire_auth_token_on_timeout = false From 908f90d93f9e9706c890e3622b42a4950ee1bdfc Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 27 Sep 2017 02:31:39 +0300 Subject: [PATCH 4/4] Parse "user_session_timeout" config key --- config/initializers/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 7862dccc2..3fe74cba6 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -155,7 +155,7 @@ Devise.setup do |config| # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this # time the user will be asked for credentials again. Default is 30 minutes. - config.timeout_in = ENV['user_session_timeout'] + config.timeout_in = ENV['user_session_timeout'].to_i.seconds if ENV['user_session_timeout'] # If true, expires auth token on session timeout. # config.expire_auth_token_on_timeout = false