Devise-在不因用户不活动而注销用户之前发出请求而不重置倒数计时 [英] Devise - Make a request without resetting the countdown until a user is logged out due to inactivity
问题描述
我正在使用Devise开发RoR应用程序。我想让客户端向服务器发送一个请求,以查看由于不活动而导致客户端上的用户自动注销之前还剩下多少时间(使用 Timeoutable 模块) 。我不希望此请求导致Devise在用户注销之前重置倒数计时。我该如何配置?
I'm working on a RoR app with Devise. I want to let clients send a request to the server to see how much time is left until the user on the client is automatically logged out due to inactivity (using the Timeoutable module). I don't want this request to cause Devise to reset the countdown until the user is logged off. How can I configure this?
这是我现在的代码:
class SessionTimeoutController < ApplicationController
before_filter :authenticate_user!
# Calculates the number of seconds until the user is
# automatically logged out due to inactivity. Unlike most
# requests, it should not reset the timeout countdown itself.
def check_time_until_logout
@time_left = current_user.timeout_in
end
# Determines whether the user has been logged out due to
# inactivity or not. Unlike most requests, it should not reset the
# timeout countdown itself.
def has_user_timed_out
@has_timed_out = current_user.timedout? (Time.now)
end
# Resets the clock used to determine whether to log the user out
# due to inactivity.
def reset_user_clock
# Receiving an arbitrary request from a client automatically
# resets the Devise Timeoutable timer.
head :ok
end
end
SessionTimeoutController#reset_user_clock 之所以有效,是因为每次RoR收到经过身份验证的用户的请求时, Timeoutable#timeout_in 都会重置为我在 Devise#timeout_in 。如何防止 check_time_until_logout 和 has_user_timed_out 中的重置?
SessionTimeoutController#reset_user_clock works because every time RoR receives a request from an authenticated user, Timeoutable#timeout_in is reset to whatever I have configured in Devise#timeout_in. How do I prevent that reset in check_time_until_logout and has_user_timed_out?
推荐答案
我最终不得不对代码进行一些更改。我将显示完成后的结果,然后解释它的作用:
I ended up having to make several changes to my code. I'll show what I ended up with when I was finished, then explain what it does:
class SessionTimeoutController < ApplicationController
# These are what prevent check_time_until_logout and
# reset_user_clock from resetting users' Timeoutable
# Devise "timers"
prepend_before_action :skip_timeout, only: [:check_time_until_logout, :has_user_timed_out]
def skip_timeout
request.env["devise.skip_trackable"] = true
end
skip_before_filter :authenticate_user!, only: [:has_user_timed_out]
def check_time_until_logout
@time_left = Devise.timeout_in - (Time.now - user_session["last_request_at"]).round
end
def has_user_timed_out
@has_timed_out = (!current_user) or (current_user.timedout? (user_session["last_request_at"]))
end
def reset_user_clock
# Receiving an arbitrary request from a client automatically
# resets the Devise Timeoutable timer.
head :ok
end
end
这些是更改我做了:
使用 env [ devise.skip_trackable]
Using env["devise.skip_trackable"]
这是防止Devise重置由于不活动而注销用户之前等待的时间的代码:
This is the code that prevents Devise from resetting how long it waits before logging a user out due to inactivity:
prepend_before_action :skip_timeout, only: [:check_time_until_logout, :has_user_timed_out]
def skip_timeout
request.env["devise.skip_trackable"] = true
end
此代码更改了Devise内部用于确定是否更新其存储的值以跟踪的哈希值用户上一次活动的时间。具体来说,这是我们正在与之交互的Devise代码(链接 ):
This code changes a hash value that Devise uses internally to decide whether to update the value it stores to keep track of when the user last had activity. Specifically, this is the Devise code we're interacting with (link):
Warden::Manager.after_set_user do |record, warden, options|
scope = options[:scope]
env = warden.request.env
if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
last_request_at = warden.session(scope)['last_request_at']
if record.timedout?(last_request_at) && !env['devise.skip_timeout']
warden.logout(scope)
if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
record.reset_authentication_token!
end
throw :warden, :scope => scope, :message => :timeout
end
unless env['devise.skip_trackable']
warden.session(scope)['last_request_at'] = Time.now.utc
end
end
end
(请注意,每次Rails执行该代码
(Note that this code is executed every time that Rails processes a request from a client.)
这些行尾对我们来说很有趣:
These lines near the end are interesting to us:
unless env['devise.skip_trackable']
warden.session(scope)['last_request_at'] = Time.now.utc
end
这是重置倒计时直到用户由于不活动而注销之前的代码。仅当 env ['devise.skip_trackable'] 不是 true 时才执行,因此我们需要在更改此值之前Devise处理用户的请求。
This is the code that "resets" the countdown until the user is logged out due to inactivity. It's only executed if env['devise.skip_trackable'] is not true, so we need to change that value before Devise processes the user's request.
为此,我们告诉Rails更改 env ['devise.skip_trackable'] ,然后再执行其他操作。同样,从我的最终代码中:
To do that, we tell Rails to change the value of env['devise.skip_trackable'] before it does anything else. Again, from my final code:
prepend_before_action :skip_timeout, only: [:check_time_until_logout, :has_user_timed_out]
def skip_timeout
request.env["devise.skip_trackable"] = true
end
以上所有要点都是我需要更改的答案。不过,我还需要进行其他一些更改才能使代码正常工作,因此我也将在此处进行记录。
Everything above this point is what I needed to change to answer my question. There were a couple other changes I needed to make to get my code to work as I wanted, though, so I'll document them here, too.
正确使用 Timeoutable
我误读了有关 Timeoutable 的文档code>模块,所以我的问题中的代码还有其他一些问题。
I misread the documentation about the Timeoutable module, so my code in my question has a couple other problems.
首先,我的 check_time_until_logout 方法将总是返回相同的值。这是我执行的操作的错误版本:
First, my check_time_until_logout method was going to always return the same value. This is the incorrect version of the action I had:
def check_time_until_logout
@time_left = current_user.timeout_in
end
我认为 Timeoutable#timeout_in 将返回直到用户自动注销为止的时间。相反,它返回Devise被配置为在注销用户之前等待的时间。我们需要计算用户离开自己的时间。
I thought that Timeoutable#timeout_in would return the amount of time until the user was automatically logged out. Instead, it returns the amount of time that Devise is configured to wait before logging users out. We need to calculate how much longer the user has left ourselves.
要计算此值,我们需要知道用户上一次具有Devise识别的活动的时间。这段代码来自我们在上面的Devise来源中确定的用户上次活动时间:
To calculate this, we need to know when the user last had activity that Devise recognized. This code, from the Devise source we looked at above, determines when the user was last active:
last_request_at = warden.session(scope)['last_request_at']
我们需要获取<$ c返回的对象的句柄$ c> warden.session(scope)。看起来像 user_session 哈希,Devise为我们提供了类似 current_user 和 user_signed_in的句柄
We need to get a handle to the object returned by warden.session(scope). It looks like the user_session hash, which Devise provides for us like the handles current_user and user_signed_in?, is that object.
使用 user_session 哈希并计算剩余时间我们自己, check_time_until_logout 方法变为
Using the user_session hash and calculating the time remaining ourselves, the check_time_until_logout method becomes
def check_time_until_logout
@time_left = Devise.timeout_in - (Time.now - user_session["last_request_at"]).round
end
我还误读了 Timeoutable#timedout?的文档。它检查用户过去一次激活时的时间是否超过了用户的超时时间,而在当前时间过去时则不是。我们需要进行的更改非常简单:我们无需传递 Time.now ,而需要传递 user_session 哈希值:
I also misread the documentation for Timeoutable#timedout?. It checks to see if the user has timed out when you pass in the time the user was last active, not when you pass in the current time. The change we need to make is straightforward: instead of passing in Time.now, we need to pass in the time in the user_session hash:
def has_user_timed_out
@has_timed_out = (!current_user) or (current_user.timedout? (user_session["last_request_at"]))
end
一旦完成这三个更改,我的控制器发挥了我预期的作用。
Once I made these three changes, my controller acted the way I expected it to.
这篇关于Devise-在不因用户不活动而注销用户之前发出请求而不重置倒数计时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
