feat(auth): keep remember tokens on session timeout

- add timeout-specific logout path without remember-token revocation

- reset session timers after remember-me auto login

- compact session policy wording in admin settings (DE/EN)

- extend auth tests for timeout/manual logout behavior
This commit is contained in:
2026-03-09 20:47:21 +01:00
parent 792af5a532
commit af8ee10930
8 changed files with 106 additions and 11 deletions

View File

@@ -273,11 +273,14 @@ class RememberMeServiceTest extends TestCase
$_SESSION = [];
$session = $this->createMock(SessionStoreInterface::class);
$setKeys = [];
$session->method('get')->willReturnMap([
['user', [], []],
['no_active_tenant', false, false],
]);
$session->expects($this->once())->method('set');
$session->method('set')->willReturnCallback(function (string $key, mixed $value) use (&$setKeys): void {
$setKeys[] = $key;
});
$cookie = $this->createMock(CookieStoreInterface::class);
$cookie->method('get')->willReturn('selector:token');
@@ -318,6 +321,9 @@ class RememberMeServiceTest extends TestCase
authSessionTenantContextService: $tenantCtx
);
$this->assertTrue($service->autoLoginFromCookie());
$this->assertContains('user', $setKeys);
$this->assertContains('session_started_at', $setKeys);
$this->assertContains('session_last_activity', $setKeys);
}
// ---------------------------------------------------------------