From 76e7025f07165af4763b941540190b1d693898ac 2015-02-15 09:09:35
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2015-02-15 09:09:35
Subject: [PATCH] Workaround for timestamps rounding issues with Rails4.2 and mysql5.7 that may kill user session after password is changed (#17460).

git-svn-id: http://svn.redmine.org/redmine/trunk@14011 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index 8ef263e..982541d 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -102,7 +102,7 @@ class MyController < ApplicationController
         if @user.save
           # Reset the session creation time to not log out this session on next
           # request due to ApplicationController#force_logout_if_password_changed
-          session[:ctime] = Time.now.utc.to_i
+          session[:ctime] = User.current.passwd_changed_on.utc.to_i
           flash[:notice] = l(:notice_account_password_updated)
           redirect_to my_account_path
         end
diff --git a/app/models/user.rb b/app/models/user.rb
index 2175d06..8811a65 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -314,7 +314,7 @@ class User < Principal
   def salt_password(clear_password)
     self.salt = User.generate_salt
     self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
-    self.passwd_changed_on = Time.now
+    self.passwd_changed_on = Time.now.change(:usec => 0)
   end
 
   # Does the backend storage allow this user to change their password?