From b4ffe5ef05a2a29700bae78db0b3560e6b5fc7b5 Mon Sep 17 00:00:00 2001
From: Holger Just <holger@plan.io>
Date: Fri, 17 Apr 2015 16:43:04 +0200
Subject: [PATCH] Set a back_url when forcing new login after session
 expiration

---
 app/controllers/application_controller.rb |  4 ++--
 test/functional/sessions_test.rb          | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2388fc9..3913771 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -63,9 +63,9 @@ class ApplicationController < ActionController::Base
     if session[:user_id]
       if session_expired? && !try_to_autologin
         set_localization(User.active.find_by_id(session[:user_id]))
-        reset_session
+        self.logged_user = nil
         flash[:error] = l(:error_session_expired)
-        redirect_to signin_url
+        require_login
       else
         session[:atime] = Time.now.utc.to_i
       end
diff --git a/test/functional/sessions_test.rb b/test/functional/sessions_test.rb
index 1d75fc8..9e70326 100644
--- a/test/functional/sessions_test.rb
+++ b/test/functional/sessions_test.rb
@@ -56,14 +56,14 @@ class SessionsTest < ActionController::TestCase
   def test_user_session_without_ctime_should_be_reset_if_lifetime_enabled
     with_settings :session_lifetime => '720' do
       get :index, {}, {:user_id => 2}
-      assert_redirected_to '/login'
+      assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'
     end
   end
 
   def test_user_session_with_expired_ctime_should_be_reset_if_lifetime_enabled
     with_settings :session_timeout => '720' do
       get :index, {}, {:user_id => 2, :atime => 2.days.ago.utc.to_i}
-      assert_redirected_to '/login'
+      assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'
     end
   end
 
@@ -77,14 +77,14 @@ class SessionsTest < ActionController::TestCase
   def test_user_session_without_atime_should_be_reset_if_timeout_enabled
     with_settings :session_timeout => '60' do
       get :index, {}, {:user_id => 2}
-      assert_redirected_to '/login'
+      assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'
     end
   end
 
   def test_user_session_with_expired_atime_should_be_reset_if_timeout_enabled
     with_settings :session_timeout => '60' do
       get :index, {}, {:user_id => 2, :atime => 4.hours.ago.utc.to_i}
-      assert_redirected_to '/login'
+      assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'
     end
   end
 
@@ -117,7 +117,7 @@ class SessionsTest < ActionController::TestCase
 
     with_settings :session_timeout => '60' do
       get :index, {}, {:user_id => user.id, :atime => 4.hours.ago.utc.to_i}
-      assert_redirected_to '/login'
+      assert_redirected_to 'http://test.host/login?back_url=http%3A%2F%2Ftest.host%2F'
       assert_include "Veuillez vous reconnecter", flash[:error]
       assert_equal :fr, current_language
     end
-- 
2.2.2