Merge pull request #1118 from ZmagoD/zd_SCI_2323

sign_out user after 7 days [fixes SCI-2323]

app/models/user.rb

@@ -5,7 +5,8 @@ class User < ApplicationRecord
   acts_as_token_authenticatable
   devise :invitable, :confirmable, :database_authenticatable, :registerable,
          :async, :recoverable, :rememberable, :trackable, :validatable,
-         :omniauthable, omniauth_providers: Extends::OMNIAUTH_PROVIDERS,
+         :timeoutable, :omniauthable,
+         omniauth_providers: Extends::OMNIAUTH_PROVIDERS,
          stretches: Constants::PASSWORD_STRETCH_FACTOR
   has_attached_file :avatar,
                     styles: {

config/initializers/devise.rb

@@ -176,7 +176,7 @@ Devise.setup do |config|
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
+  config.remember_for = 1.weeks
 
   # Invalidates all the remember me tokens when the user signs out.
   config.expire_all_remember_me_on_sign_out = true
@@ -200,7 +200,7 @@ Devise.setup do |config|
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 3.hours
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false

spec/factories/users.rb

@@ -5,5 +5,6 @@ FactoryBot.define do
     email 'admin_test@scinote.net'
     password 'asdf1243'
     password_confirmation 'asdf1243'
+    current_sign_in_at DateTime.now
   end
 end