jro_apps/redmine Commit - r13629:76e7025f0716

Workaround for timestamps rounding issues with Rails4.2 and mysql5.7 that may kill user session after password is changed (#17460)....

Jean-Philippe Lang -

r13629:76e7025f0716

parent child

Context file:

r13629:76e7025f0716

app/controllers/my_controller.rb +1 -1

                     if @user.save
                       # Reset the session creation time to not log out this session on next
                       # request due to ApplicationController#force_logout_if_password_changed
-                      session[:ctime] = Time.now.utc.to_i
+                      session[:ctime] = User.current.passwd_changed_on.utc.to_i
                       flash[:notice] = l(:notice_account_password_updated)
                       redirect_to my_account_path
                     end

app/models/user.rb +1 -1

               def salt_password(clear_password)
                 self.salt = User.generate_salt
                 self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
-                self.passwd_changed_on = Time.now
+                self.passwd_changed_on = Time.now.change(:usec => 0)
               end
               # Does the backend storage allow this user to change their password?

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages