Fix expire_in method for unauthenticated user [SCI-7943] (#4983)

This commit is contained in:
ajugo 2023-02-20 10:14:46 +01:00 committed by GitHub
parent 461d06dad9
commit 4515ab0a65
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -36,6 +36,8 @@ class Users::SessionsController < Devise::SessionsController
end
def expire_in
return render body: nil, status: :unauthorized if current_user.blank?
if current_user.remember_created_at.nil? || (current_user.remember_created_at + Devise.remember_for).past?
render plain: (Devise.timeout_in.to_i - (Time.now.to_i - user_session['last_request_at']).round) * 1000
else