Closes hedyorg#129.

RMerbis · Feb 22, 2021 · 58a2e38 · 58a2e38
1 parent 9f231d4
commit 58a2e38
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 3 deletions.
diff --git a/auth.py b/auth.py
@@ -305,6 +305,7 @@ def get_profile (user):
             output ['gender'] = user ['gender']
         if 'verification_pending' in user:
             output ['verification_pending'] = True
+        output ['session_expires_at'] = timems () + session_length * 1000
 
         return jsonify (output), 200
 

diff --git a/doc/backend.md b/doc/backend.md
@@ -69,7 +69,7 @@
 - `GET /profile`
     - This route allows the user to retrieve their profile.
     - This route requires a session, otherwise it returns 403.
-    - If successful, this route returns 200 with a body of the shape `{username: STRING, email: STRING, birth_year: INTEGER|UNDEFINED, country: STRING|UNDEFINED, gender: m|f|o|UNDEFINED, verification_pending: UNDEFINED|true}`.
+    - If successful, this route returns 200 with a body of the shape `{username: STRING, email: STRING, birth_year: INTEGER|UNDEFINED, country: STRING|UNDEFINED, gender: m|f|o|UNDEFINED, verification_pending: UNDEFINED|true, session_expires_at: INTEGER}`.
 
 - `POST /profile`
     - This route allows the user to change its `email`, `birth_year`, `gender` and/or `country`.

diff --git a/static/js/app.js b/static/js/app.js
@@ -68,9 +68,19 @@
 
 })();
 
+function reloadOnExpiredSession () {
+   // If user is not logged in or session is not expired, return false.
+   if (! window.auth.profile || window.auth.profile.session_expires_at > Date.now ()) return false;
+   // Otherwise, reload the page to update the top bar.
+   location.reload ();
+   return true;
+}
+
 function runit(level, lang, cb) {
   if (window.State.disable_run) return;
 
+  if (reloadOnExpiredSession ()) return;
+
   error.hide();
   try {
     level = level.toString();
@@ -116,6 +126,8 @@ function runit(level, lang, cb) {
 window.saveit = function saveit(level, lang, name, code, cb) {
   error.hide();
 
+  if (reloadOnExpiredSession ()) return;
+
   if (name === true) name = $ ('#program_name').val ();
 
   window.State.unsaved_changes = false;

diff --git a/tests_e2e.py b/tests_e2e.py
@@ -3,9 +3,9 @@
 import random
 from utils import type_check, timems
 import urllib.parse
+from config import config
 
-# TODO: unhardcode port
-host = 'http://localhost:5000/'
+host = 'http://localhost:' + str (config ['port']) + '/'
 
 t0 = timems ()
 
@@ -111,6 +111,14 @@ def getProfile1(state, response):
         raise Exception ('Invalid username (getProfile1)')
     if profile ['email'] != username + '@domain.com':
         raise Exception ('Invalid username (getProfile1)')
+    if not profile ['session_expires_at']:
+        raise Exception ('No session_expires_at (getProfile1)')
+    expire = profile ['session_expires_at'] - config ['session'] ['session_length'] * 60 * 1000 - timems ()
+    if expire > 0:
+        raise Exception ('Invalid session_expires_at (getProfile1), too large')
+    # We give the server up to 10ms to respond to the query
+    if expire < -10:
+        raise Exception ('Invalid session_expires_at (getProfile1), too small')
 
 def getProfile2(state, response):
     profile = response ['body']