jro_apps/redmine Commit - r13629:76e7025f0716

Workaround for timestamps rounding issues with Rails4.2 and mysql5.7 that may kill user session after password is changed (#17460)....

Jean-Philippe Lang -

r13629:76e7025f0716

parent child

Context file:

r13629:76e7025f0716

app/controllers/my_controller.rb +1 -1

                      if @user.save
                        # Reset the session creation time to not log out this session on next
                        # request due to ApplicationController#force_logout_if_password_changed
-                       session[:ctime] = Time.now.utc.to_i
+                       session[:ctime] = User.current.passwd_changed_on.utc.to_i
                        flash[:notice] = l(:notice_account_password_updated)
                        redirect_to my_account_path
                      end

app/models/user.rb +1 -1

                def salt_password(clear_password)
                  self.salt = User.generate_salt
                  self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
-                 self.passwd_changed_on = Time.now
+                 self.passwd_changed_on = Time.now.change(:usec => 0)
                end
                # Does the backend storage allow this user to change their password?

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages