devise icon indicating copy to clipboard operation
devise copied to clipboard

Published 20 hours ago verified publisher icon heartcombo

Possibly incorrect skip_trackable check for timeoutable

Open jpcody opened this issue 1 year ago • 0 comments

Pre-check

  • Do not use the issues tracker for help or support, try Stack Overflow.
  • For bugs, do a quick search and make sure the bug has not yet been reported
  • If you found a security bug, do not report it through GitHub. Please send an e-mail to [email protected] instead.
  • Finally, be nice and have fun!

Environment

  • Ruby 3.2.2
  • Rails 7.0.8
  • Devise 4.9.3

Current behavior

Timeoutable primarily concerns itself with last_request_at. But for storing this value in the session, the code checks unless env['devise.skip_trackable']. Trackable doesn't concern itself with last_request_at, so it's unclear why this check exists.

In our codebase, we're attempting to skip trackable to call update_tracked_fields! ourselves, but this incidentally breaks timeoutable by failing to store last_request_at.

I'm happy to PR this, but given the code was written 11 years ago, I was reticent without first confirming this was undesired behavior.

Expected behavior

Setting env['devise.skip_trackable'] to false should have no effect on last_request_at being stored.

jpcody avatar Oct 28 '23 03:10 jpcody