feat(auth): keep remember tokens on session timeout
- add timeout-specific logout path without remember-token revocation - reset session timers after remember-me auto login - compact session policy wording in admin settings (DE/EN) - extend auth tests for timeout/manual logout behavior
This commit is contained in:
@@ -273,11 +273,14 @@ class RememberMeServiceTest extends TestCase
|
||||
$_SESSION = [];
|
||||
|
||||
$session = $this->createMock(SessionStoreInterface::class);
|
||||
$setKeys = [];
|
||||
$session->method('get')->willReturnMap([
|
||||
['user', [], []],
|
||||
['no_active_tenant', false, false],
|
||||
]);
|
||||
$session->expects($this->once())->method('set');
|
||||
$session->method('set')->willReturnCallback(function (string $key, mixed $value) use (&$setKeys): void {
|
||||
$setKeys[] = $key;
|
||||
});
|
||||
|
||||
$cookie = $this->createMock(CookieStoreInterface::class);
|
||||
$cookie->method('get')->willReturn('selector:token');
|
||||
@@ -318,6 +321,9 @@ class RememberMeServiceTest extends TestCase
|
||||
authSessionTenantContextService: $tenantCtx
|
||||
);
|
||||
$this->assertTrue($service->autoLoginFromCookie());
|
||||
$this->assertContains('user', $setKeys);
|
||||
$this->assertContains('session_started_at', $setKeys);
|
||||
$this->assertContains('session_last_activity', $setKeys);
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user