Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibly incorrect skip_trackable check for timeoutable #5649

Open
jpcody opened this issue Oct 28, 2023 · 0 comments
Open

Possibly incorrect skip_trackable check for timeoutable #5649

jpcody opened this issue Oct 28, 2023 · 0 comments

Comments

@jpcody
Copy link

jpcody commented Oct 28, 2023
edited
Loading

Pre-check

  • Do not use the issues tracker for help or support, try Stack Overflow.
  • For bugs, do a quick search and make sure the bug has not yet been reported
  • If you found a security bug, do not report it through GitHub. Please send an e-mail to [email protected] instead.
  • Finally, be nice and have fun!

Environment

  • Ruby 3.2.2
  • Rails 7.0.8
  • Devise 4.9.3

Current behavior

Timeoutable primarily concerns itself with last_request_at. But for storing this value in the session, the code checks unless env['devise.skip_trackable']. Trackable doesn't concern itself with last_request_at, so it's unclear why this check exists.

In our codebase, we're attempting to skip trackable to call update_tracked_fields! ourselves, but this incidentally breaks timeoutable by failing to store last_request_at.

I'm happy to PR this, but given the code was written 11 years ago, I was reticent without first confirming this was undesired behavior.

Expected behavior

Setting env['devise.skip_trackable'] to false should have no effect on last_request_at being stored.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jpcody