From 796e7c98229487c5144ae12df3c5cee1d47f24b2 Mon Sep 17 00:00:00 2001
From: zmagod <zmago_devetak@yahoo.com>
Date: Tue, 24 Apr 2018 15:42:31 +0200
Subject: [PATCH] sign_out user after 7 days [fixes SCI-2323]

---
 app/controllers/application_controller.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index ce83efeb4..890cea781 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -6,6 +6,7 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception, prepend: true
   before_action :authenticate_user!
+  before_action :check_max_session_time
   helper_method :current_team
   before_action :update_current_team, if: :user_signed_in?
   around_action :set_time_zone, if: :current_user
@@ -65,6 +66,13 @@ class ApplicationController < ActionController::Base
 
   private
 
+  def check_max_session_time
+    if current_user && current_user.current_sign_in_at + 7.days < Time.now
+      sign_out current_user
+      redirect_to new_user_session_path
+    end
+  end
+
   def update_current_team
     if current_user.current_team_id.blank? &&
        current_user.teams.count > 0