From da9ad5797cc3321a5d4fa1ec21ce351a059b9207 Mon Sep 17 00:00:00 2001
From: Oleksii Kriuchykhin <okriuchykhin@biosistemika.com>
Date: Thu, 28 Jul 2022 17:15:47 +0200
Subject: [PATCH] Make devise session timeout configurable through env variable
 [SCI-7028]

---
 config/initializers/devise.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index e7d8c83ea..2241f6465 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -202,7 +202,11 @@ Devise.setup do |config|
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  config.timeout_in = 3.hours
+  config.timeout_in = if ENV['SCINOTE_SESSION_TIMEOUTS_IN'].present?
+                        ENV['SCINOTE_SESSION_TIMEOUTS_IN'].to_i.seconds
+                      else
+                        3.hours
+                      end
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false