moves the load account and session timeout plugin middleware
to set the expire_after before the session store is called,
and changes encrypted_cookie_store to use that option so it can
invalidate expired sessions when it unmarshals the data
for the first time.
The reason it seemed to work locally is because it sets
@options[:expire_after] after the first request.
Unfortunately this second time doesn't often happen
in the actual application when distributed amongst several
instances.
test plan:
* set the "Sessions" plugin settings to timeout after
1 minute using the following console commands;
ps = PluginSetting.
find_or_create_by_name_and_account_id("sessions",
Account.default)
ps.settings = {"session_timeout" => "1"}
ps.disabled = false
ps.save!
* (Note: normally this would be done
by going through the plugin settings ui, however, it enforces
a minimum of 20 minutes, which is difficult to test with)
* start the server and log-in
* shut down the server
* wait for 1 minute for the session to time out
* restart the server and try to click a link
* should be redirected to the log-in page
fixes #CNVS-7870
Change-Id: I843b73da7d3c001f7e632b1454c63f9d6c07f73d
Reviewed-on: https://gerrit.instructure.com/26911
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
This can successfully load rails console and rails server. There are
many, many problems still. The idea is this won't change anything under
rails 2.3, it's all backwards compatible.
closes CNVS-4711
test plan: `touch RAILS3` in your Canvas Rails.root directory. The run
`bundle update` and verify that you get rails 3 installed. Run `bundle
exec rails c` to load console or `bundle exec rails s` to start a
webrick server. You can login, though the dashboard currently breaks.
Also jammit isn't working yet.
But more importantly, Rails 2.3 should still work same as ever. All
tests should pass, and a basic regression sanity check would be good too.
Change-Id: Idd6f35de88adde84cd2db3a650f44b71bd6e9684
Reviewed-on: https://gerrit.instructure.com/18453
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
fixes#11388
This should work for single and multiple accounts.
You can now enable a plugin that lets you set
how long (in minutes) before users on your account
are automatically logged of because of inactivity.
You are required to set this to at least 20
minutes or more.
Test Plan
Steps:
1. log in as a site admin
2. [plugins]
3. [Sessions]
4. on the account drop down menu, select all
accounts, then enter a time in the text field
in minutes. At least 20 minutes
5. [Apply]
6. log out
7. go to /login and make sure the
"stay signed in" checkbox is checked
8. log in with any user that can get on the
account you enabled the plugin to work for
9. wait for a little longer than the amount of
time you set the plugin for
10. try to complete an action, like clicking on
course or the canvas home page logo
You should be logged out
Thanks Adam for writing this test plan.
Change-Id: If7dc772e4a1a59e646645c698d732308d3e0a19f
Reviewed-on: https://gerrit.instructure.com/15231
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Adds an infrastructure for using statsd (configured with
config/statsd.yml) and uses it to track a few basic stats. Stat names
are appended with the hostname.
test plan: without statsd enabled, make sure no errors are raised when
doing requests. add a statsd.yml configuration, restart the server, and
verify that stats are sent over UDP to the given host/port (this could
even be checked without statsd available, by monitoring UDP traffic)
Change-Id: Ie8c3ece7e08ff48616ffd968069bd760300e4fd2
Reviewed-on: https://gerrit.instructure.com/12673
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
* set a custom css for site admin
* other root accounts should pick up that custom css
immediately without restarting the server
Change-Id: Ief1356f7a67b3ea461656bc8f6a9bf1938566b91
Reviewed-on: https://gerrit.instructure.com/8522
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This will allow things outside of controller actions, like the soap
endpoint, to use this information and ensure that account-specific
request settings are set properly.
refs #3760
Change-Id: I85284d42b3206ff362c4aee6a998737ab89fc4b7
Reviewed-on: https://gerrit.instructure.com/2579
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Nick Cloward