From d0619aaea04f33b5ff981c5892b76f3cf5ac65ac Mon Sep 17 00:00:00 2001 From: Adrian Gruntkowski Date: Tue, 3 Sep 2024 21:48:05 +0200 Subject: [PATCH] Redirect to login on expired legacy session (#4523) After refactor, it turned out that when the _legacy_ session times out, the conn is halted but no body is sent. This results in 500 error (`Plug.Conn.NotSentError`). This PR fixes it by redirecting to login page. --- lib/plausible_web/plugs/session_timeout_plug.ex | 1 + test/plausible_web/plugs/session_timeout_plug_test.exs | 2 ++ 2 files changed, 3 insertions(+) diff --git a/lib/plausible_web/plugs/session_timeout_plug.ex b/lib/plausible_web/plugs/session_timeout_plug.ex index 7ba60f226..0add19b18 100644 --- a/lib/plausible_web/plugs/session_timeout_plug.ex +++ b/lib/plausible_web/plugs/session_timeout_plug.ex @@ -18,6 +18,7 @@ defmodule PlausibleWeb.SessionTimeoutPlug do user_id && timeout_at && now() > timeout_at -> conn |> PlausibleWeb.UserAuth.log_out_user() + |> Phoenix.Controller.redirect(to: "/login") |> halt() user_id -> diff --git a/test/plausible_web/plugs/session_timeout_plug_test.exs b/test/plausible_web/plugs/session_timeout_plug_test.exs index ce8ee1563..8a95fc75b 100644 --- a/test/plausible_web/plugs/session_timeout_plug_test.exs +++ b/test/plausible_web/plugs/session_timeout_plug_test.exs @@ -41,5 +41,7 @@ defmodule PlausibleWeb.SessionTimeoutPlugTest do |> SessionTimeoutPlug.call(@opts) assert conn.private[:plug_session_info] == :renew + assert conn.halted + assert Phoenix.ConnTest.redirected_to(conn, 302) == "/login" end end