From 6aa995acbdf1c53a6a78b358973832c1f2eadab0 Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Fri, 9 Aug 2024 16:19:02 -0400
Subject: [PATCH 01/12] 34 Add session timeout

---
 .envrc                                    |  2 ++
 app/assets/uswds/_uswds-theme.scss        | 10 ++++++----
 app/controllers/application_controller.rb | 17 +++++++++++++++++
 app/controllers/sessions_controller.rb    |  4 ++++
 config/locales/en.yml                     |  1 +
 config/routes.rb                          |  1 +
 spec/requests/sessions_request_spec.rb    | 22 ++++++++++++++++++++++
 7 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/.envrc b/.envrc
index 4fbb075a..87faf917 100644
--- a/.envrc
+++ b/.envrc
@@ -5,5 +5,7 @@ use nix
 mkdir -p .nix-bundler
 export BUNDLE_PATH=./.nix-bundler
 
+export SESSION_TIMEOUT_IN_MINUTES=15
+
 # Login Env Vars
 source .env_login
diff --git a/app/assets/uswds/_uswds-theme.scss b/app/assets/uswds/_uswds-theme.scss
index cc33a15c..eead761c 100644
--- a/app/assets/uswds/_uswds-theme.scss
+++ b/app/assets/uswds/_uswds-theme.scss
@@ -7,7 +7,9 @@ in the form $setting: value,
 ----------------------------------------
 */
 
-@use "uswds-core" with (
-  $theme-image-path: "images",
-  $theme-font-path: "fonts"
-)
+//
+//  @use "uswds-core" with (
+//    $setting: value,
+//    $setting: value
+//  );
+//
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 34c3a93f..c8350aa9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,6 +3,8 @@
 class ApplicationController < ActionController::Base
   helper_method :current_user, :logged_in?
 
+  before_action :check_session_expiration
+
   def current_user
     return unless session[:userinfo]
 
@@ -18,12 +20,27 @@ def sign_in(login_userinfo)
     user = User.user_from_userinfo(login_userinfo)
 
     @current_user = user
+    renew_session
     session[:userinfo] = login_userinfo
   end
 
   def sign_out
     @current_user = nil
     session.delete(:userinfo)
+    session.delete(:session_timeout_at)
+  end
+
+  def renew_session
+    session[:session_timeout_at] = Time.current + ENV.fetch("SESSION_TIMEOUT_IN_MINUTES", 15).to_i.seconds
+  end
+
+  def check_session_expiration
+    if session[:session_timeout_at].present? && session[:session_timeout_at] < Time.current
+      sign_out
+      redirect_to dashboard_path, alert: I18n.t("session_expired_alert")
+    else
+      renew_session
+    end
   end
 
   def redirect_if_logged_in(path = "/dashboard")
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index e64fade8..a35fd7d0 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -24,6 +24,10 @@ def result
     redirect_to dashboard_path
   end
 
+  def renew
+    renew_session
+  end
+
   private
 
   def check_error_result
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 86bbf980..3b802ccf 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -32,3 +32,4 @@ en:
   please_try_again: "Please try again."
   login_error: "There was an issue with logging in. Please try again."
   already_logged_in_notice: "You are already logged in."
+  session_expired_alert: "Your session has expired. Please log in again."
diff --git a/config/routes.rb b/config/routes.rb
index 7a1763af..1613c1d4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -4,6 +4,7 @@
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
   get 'auth/result', to: 'sessions#result'
   resource 'session', only: [:new, :create, :destroy]
+  post 'session/renew', to: 'sessions#renew'
 
   get '/', to: "dashboard#index"
   get '/dashboard', to: "dashboard#index"
diff --git a/spec/requests/sessions_request_spec.rb b/spec/requests/sessions_request_spec.rb
index 8466e041..d740716f 100644
--- a/spec/requests/sessions_request_spec.rb
+++ b/spec/requests/sessions_request_spec.rb
@@ -40,4 +40,26 @@
     expect(response).to have_http_status(:redirect)
     expect(response).to redirect_to("/dashboard")
   end
+
+  it "times out the session" do
+    session_timeout_in_minutes = ENV.fetch("SESSION_TIMEOUT_IN_MINUTES", 15)
+
+    code = "ABC123"
+    login_gov = instance_double(LoginGov)
+    allow(LoginGov).to receive(:new).and_return(login_gov)
+    allow(login_gov).to receive(:exchange_token_from_auth_result).with(code).and_return(
+      [{ email: "test@example.com", sub: "sub" }]
+    )
+    get "/auth/result", params: { code: }
+
+    expect(session[:userinfo]).not_to be_nil
+    expect(session[:session_timeout_at]).not_to be_nil
+
+    travel_to session_timeout_in_minutes.to_i.minutes.from_now do
+      get dashboard_path
+
+      expect(session[:userinfo]).to be_nil
+      expect(session[:session_timeout_at]).to be_nil
+    end
+  end
 end

From d31cd9e8492da2fc2420e55562b882aad654d9b1 Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Sat, 10 Aug 2024 13:51:51 -0400
Subject: [PATCH 02/12] 34 Added session timeout warning modal

---
 app/controllers/application_controller.rb |  2 +-
 app/javascript/application.js             | 36 +++++++++++++++++++++++
 app/views/layouts/application.html.erb    | 10 +++++++
 app/views/modals/_renew_session.html.erb  | 25 ++++++++++++++++
 app/views/shared/_flash.html.erb          | 14 +++++++++
 config/routes.rb                          |  2 +-
 6 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 app/views/modals/_renew_session.html.erb
 create mode 100644 app/views/shared/_flash.html.erb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c8350aa9..b895df11 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -31,7 +31,7 @@ def sign_out
   end
 
   def renew_session
-    session[:session_timeout_at] = Time.current + ENV.fetch("SESSION_TIMEOUT_IN_MINUTES", 15).to_i.seconds
+    session[:session_timeout_at] = Time.current + ENV.fetch("SESSION_TIMEOUT_IN_MINUTES", 15).to_i.minutes
   end
 
   def check_session_expiration
diff --git a/app/javascript/application.js b/app/javascript/application.js
index e69de29b..afd4aa8e 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -0,0 +1,36 @@
+document.addEventListener("DOMContentLoaded", function () {
+  var sessionTimeoutMinutes = window.appConfig.sessionTimeoutMinutes;
+  var sessionTimeoutMs = sessionTimeoutMinutes * 60 * 1000;
+  var warningTimeoutMs = (sessionTimeoutMinutes - 2) * 60 * 1000;
+
+  function showTimeoutWarning() {
+    document.getElementById("renew-modal-button").click();
+  }
+
+  document
+    .getElementById("extend-session-button")
+    .addEventListener("click", function () {
+      renewSession();
+    });
+
+  function renewSession() {
+    fetch("/sessions/renew", {
+      method: "POST",
+      headers: {
+        "X-CSRF-Token": document
+          .querySelector('meta[name="csrf-token"]')
+          .getAttribute("content"),
+      },
+    }).then(function (response) {
+      if (response.ok) {
+        document.getElementById("renew-modal").style.display = "none";
+        clearTimeout(timeoutWarning);
+        timeoutWarning = setTimeout(showTimeoutWarning, warningTimeoutMs);
+      }
+    });
+  }
+
+  var timeoutWarning = setTimeout(() => {
+    showTimeoutWarning();
+  }, warningTimeoutMs);
+});
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index a9dfbf59..34feee40 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -11,10 +11,20 @@
     <%= javascript_include_tag 'application' %>
     <%= javascript_include_tag 'uswds', async: true %>
     <%= javascript_include_tag 'uswds-init', async: true %>
+
+    <script>
+      window.appConfig = {
+        sessionTimeoutMinutes: <%= ENV.fetch('SESSION_TIMEOUT_IN_MINUTES', 15).to_i.minutes %>
+      }
+    </script>
   </head>
 
   <body>
     <%= render "layouts/header" %>
+    <%= render "shared/flash" %>
+
     <%= yield %>
+
+    <%= render "modals/renew_session" %>
   </body>
 </html>
diff --git a/app/views/modals/_renew_session.html.erb b/app/views/modals/_renew_session.html.erb
new file mode 100644
index 00000000..2911d488
--- /dev/null
+++ b/app/views/modals/_renew_session.html.erb
@@ -0,0 +1,25 @@
+<a href="#renew-modal" style="display:none;" id="renew-modal-button" class="usa-button" aria-controls="renew-modal" data-open-modal></a>
+
+<div
+  class="usa-modal"
+  id="renew-modal"
+  aria-labelledby="modal-1-heading"
+  aria-describedby="modal-1-description"
+>
+  <div class="usa-modal__content">
+    <div class="usa-modal__main">
+      <h2 class="usa-modal__heading" id="modal-1-heading">
+        Session expire
+      </h2>
+      <div class="usa-prose">
+        <p id="modal-1-description">
+            Your session will expire in <span id="countdown"></span><br>
+            Please click below if you would like to continue.
+        </p>
+      </div>
+      <div class="usa-modal__footer">
+          <button class="usa-button modal-btn" id="extend-session-button" data-close-modal type="button">Renew Session</button>
+      </div>
+    </div>
+  </div>
+</div>
\ No newline at end of file
diff --git a/app/views/shared/_flash.html.erb b/app/views/shared/_flash.html.erb
new file mode 100644
index 00000000..09e6b124
--- /dev/null
+++ b/app/views/shared/_flash.html.erb
@@ -0,0 +1,14 @@
+<% flash.each do |key, value| %>
+  <% alert_class = case key.to_sym
+     when :notice then "usa-alert--success"
+     when :alert then "usa-alert--error"
+     when :error then "usa-alert--error"
+     else "usa-alert--info"
+     end %>
+
+  <div class="usa-alert <%= alert_class %> usa-alert--slim">
+    <div class="usa-alert__body">
+      <p class="usa-alert__text"><%= value %></p>
+    </div>
+  </div>
+<% end %>
diff --git a/config/routes.rb b/config/routes.rb
index 1613c1d4..6f23acb9 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -4,7 +4,7 @@
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
   get 'auth/result', to: 'sessions#result'
   resource 'session', only: [:new, :create, :destroy]
-  post 'session/renew', to: 'sessions#renew'
+  post 'sessions/renew', to: 'sessions#renew'
 
   get '/', to: "dashboard#index"
   get '/dashboard', to: "dashboard#index"

From 745a19353ac440385fb13b01d4b3a5a17d83f5ff Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Sat, 10 Aug 2024 14:01:07 -0400
Subject: [PATCH 03/12] 34 Fix failing session request spec

---
 spec/requests/sessions_request_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/requests/sessions_request_spec.rb b/spec/requests/sessions_request_spec.rb
index d740716f..8b56d319 100644
--- a/spec/requests/sessions_request_spec.rb
+++ b/spec/requests/sessions_request_spec.rb
@@ -55,7 +55,7 @@
     expect(session[:userinfo]).not_to be_nil
     expect(session[:session_timeout_at]).not_to be_nil
 
-    travel_to session_timeout_in_minutes.to_i.minutes.from_now do
+    travel_to (session_timeout_in_minutes.to_i + 1).minutes.from_now do
       get dashboard_path
 
       expect(session[:userinfo]).to be_nil

From f806d149ef2f2b9246cf11eef55f42e9a43881c7 Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Fri, 16 Aug 2024 14:31:55 -0400
Subject: [PATCH 04/12] 34 Timeout redirect, user activity, and countdown

---
 app/controllers/sessions_controller.rb   |   7 ++
 app/javascript/application.js            |  36 -------
 app/javascript/session_timeout.js        | 128 +++++++++++++++++++++++
 app/javascript/time_helpers.js           |   6 ++
 app/views/layouts/application.html.erb   |  14 ++-
 app/views/modals/_renew_session.html.erb |   5 +-
 config/routes.rb                         |   1 +
 7 files changed, 154 insertions(+), 43 deletions(-)
 create mode 100644 app/javascript/session_timeout.js
 create mode 100644 app/javascript/time_helpers.js

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index a35fd7d0..c5e8f589 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -26,6 +26,13 @@ def result
 
   def renew
     renew_session
+    head(:ok)
+  end
+
+  def timeout
+    sign_out
+    flash[:alert] = I18n.t("session_expired_alert")
+    head(:ok)
   end
 
   private
diff --git a/app/javascript/application.js b/app/javascript/application.js
index afd4aa8e..e69de29b 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -1,36 +0,0 @@
-document.addEventListener("DOMContentLoaded", function () {
-  var sessionTimeoutMinutes = window.appConfig.sessionTimeoutMinutes;
-  var sessionTimeoutMs = sessionTimeoutMinutes * 60 * 1000;
-  var warningTimeoutMs = (sessionTimeoutMinutes - 2) * 60 * 1000;
-
-  function showTimeoutWarning() {
-    document.getElementById("renew-modal-button").click();
-  }
-
-  document
-    .getElementById("extend-session-button")
-    .addEventListener("click", function () {
-      renewSession();
-    });
-
-  function renewSession() {
-    fetch("/sessions/renew", {
-      method: "POST",
-      headers: {
-        "X-CSRF-Token": document
-          .querySelector('meta[name="csrf-token"]')
-          .getAttribute("content"),
-      },
-    }).then(function (response) {
-      if (response.ok) {
-        document.getElementById("renew-modal").style.display = "none";
-        clearTimeout(timeoutWarning);
-        timeoutWarning = setTimeout(showTimeoutWarning, warningTimeoutMs);
-      }
-    });
-  }
-
-  var timeoutWarning = setTimeout(() => {
-    showTimeoutWarning();
-  }, warningTimeoutMs);
-});
diff --git a/app/javascript/session_timeout.js b/app/javascript/session_timeout.js
new file mode 100644
index 00000000..29076626
--- /dev/null
+++ b/app/javascript/session_timeout.js
@@ -0,0 +1,128 @@
+import { formatMilliseconds } from "./time_helpers";
+
+document.addEventListener("DOMContentLoaded", function () {
+  var sessionStartTime = Date.now();
+
+  const sessionTimeoutMinutes = window.appConfig.sessionTimeoutMinutes;
+  const warningTimeoutMinutes = 2;
+  const sessionTimeoutMs = sessionTimeoutMinutes * 60 * 1000;
+  const warningTimeoutMs =
+    (sessionTimeoutMinutes - warningTimeoutMinutes) * 60 * 1000;
+  // Debug overrides
+  // const sessionTimeoutMs = 10000;
+  // const warningTimeoutMs = 5000;
+
+  const renewalModal = document.getElementById("renew-modal");
+  const renewalModalOpenButton = document.getElementById(
+    "renew-modal-open-button"
+  );
+  const renewalModalCloseButton = document.getElementById(
+    "renew-modal-close-button"
+  );
+  const countdownDiv = document.querySelector("#renew-modal .countdown");
+  countdownDiv.textContent = formatMilliseconds(warningTimeoutMs);
+
+  const activityRenewalInterval = 1000;
+  var doRenewSession = false;
+  var ignoreNextActivity = false;
+
+  const showTimeoutWarning = () => {
+    ignoreNextActivity = true;
+    renewalModalOpenButton.click();
+    ignoreNextActivity = false;
+  };
+
+  const updateCountdown = () => {
+    var timeRemaining = sessionTimeoutMs - (Date.now() - sessionStartTime);
+    countdownDiv.textContent = formatMilliseconds(timeRemaining);
+  };
+
+  const logoutSession = () => {
+    fetch("/sessions/timeout", {
+      method: "DELETE",
+      headers: {
+        "X-CSRF-Token": document.querySelector('meta[name="csrf-token"]')
+          .content,
+        "Content-Type": "application/json",
+      },
+    }).then((response) => {
+      if (response.ok) {
+        window.location.href = "/";
+      }
+    });
+  };
+
+  const handleUserActivity = (event) => {
+    // Don't count the modal showing and hiding as user activity
+    if (ignoreNextActivity) {
+      return;
+    }
+
+    ignoreNextActivity = true;
+    renewalModalCloseButton.click();
+    ignoreNextActivity = false;
+
+    doRenewSession = true;
+  };
+
+  document.addEventListener("click", handleUserActivity);
+  document.addEventListener("keydown", handleUserActivity);
+  document.addEventListener("scroll", handleUserActivity);
+
+  setInterval(() => {
+    if (doRenewSession) {
+      renewSession();
+    }
+  }, activityRenewalInterval);
+
+  document
+    .getElementById("extend-session-button")
+    .addEventListener("click", () => {
+      renewSession();
+    });
+
+  var renewSession = () => {
+    fetch("/sessions/renew", {
+      method: "POST",
+      headers: {
+        "X-CSRF-Token": document
+          .querySelector('meta[name="csrf-token"]')
+          .getAttribute("content"),
+      },
+    }).then((response) => {
+      if (response.ok) {
+        clearTimeout(timeoutWarning);
+        clearTimeout(sessionTimeout);
+
+        sessionStartTime = Date.now();
+
+        timeoutWarning = setTimeout(() => {
+          showTimeoutWarning();
+        }, warningTimeoutMs);
+
+        sessionTimeout = setTimeout(() => {
+          logoutSession();
+        }, sessionTimeoutMs);
+
+        doRenewSession = false;
+      }
+    });
+  };
+
+  var timeoutWarning = setTimeout(() => {
+    showTimeoutWarning();
+  }, warningTimeoutMs);
+
+  var sessionTimeout = setTimeout(() => {
+    logoutSession();
+  }, sessionTimeoutMs);
+
+  var countdownInterval;
+
+  var startCountdown = () => {
+    clearInterval(countdownInterval);
+    countdownInterval = setInterval(updateCountdown, 1000);
+  };
+
+  startCountdown();
+});
diff --git a/app/javascript/time_helpers.js b/app/javascript/time_helpers.js
new file mode 100644
index 00000000..70998134
--- /dev/null
+++ b/app/javascript/time_helpers.js
@@ -0,0 +1,6 @@
+export function formatMilliseconds(ms) {
+  const totalSeconds = Math.round(ms / 1000);
+  const minutes = Math.round(totalSeconds / 60);
+  const seconds = totalSeconds % 60;
+  return `${minutes}:${seconds < 10 ? "0" : ""}${seconds}`;
+}
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 34feee40..a6775d40 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -12,11 +12,15 @@
     <%= javascript_include_tag 'uswds', async: true %>
     <%= javascript_include_tag 'uswds-init', async: true %>
 
-    <script>
-      window.appConfig = {
-        sessionTimeoutMinutes: <%= ENV.fetch('SESSION_TIMEOUT_IN_MINUTES', 15).to_i.minutes %>
-      }
-    </script>
+    <% if logged_in? %>
+      <script>
+        window.appConfig = {
+          sessionTimeoutMinutes: <%= ENV.fetch('SESSION_TIMEOUT_IN_MINUTES', 15).to_i.minutes %>
+        }
+      </script>
+
+      <%= javascript_include_tag 'session_timeout' %>
+    <% end %>
   </head>
 
   <body>
diff --git a/app/views/modals/_renew_session.html.erb b/app/views/modals/_renew_session.html.erb
index 2911d488..4de17e2d 100644
--- a/app/views/modals/_renew_session.html.erb
+++ b/app/views/modals/_renew_session.html.erb
@@ -1,4 +1,4 @@
-<a href="#renew-modal" style="display:none;" id="renew-modal-button" class="usa-button" aria-controls="renew-modal" data-open-modal></a>
+<a href="#renew-modal" style="display:none;" id="renew-modal-open-button" class="usa-button" aria-controls="renew-modal" data-open-modal></a>
 
 <div
   class="usa-modal"
@@ -13,7 +13,7 @@
       </h2>
       <div class="usa-prose">
         <p id="modal-1-description">
-            Your session will expire in <span id="countdown"></span><br>
+            Your session will expire in <span class="countdown"></span><br>
             Please click below if you would like to continue.
         </p>
       </div>
@@ -21,5 +21,6 @@
           <button class="usa-button modal-btn" id="extend-session-button" data-close-modal type="button">Renew Session</button>
       </div>
     </div>
+    <a href="#renew-modal" style="display:none;" id="renew-modal-close-button" class="usa-button" data-close-modal></a>
   </div>
 </div>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 6f23acb9..50a929cc 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -5,6 +5,7 @@
   get 'auth/result', to: 'sessions#result'
   resource 'session', only: [:new, :create, :destroy]
   post 'sessions/renew', to: 'sessions#renew'
+  delete 'sessions/timeout', to: 'sessions#timeout'
 
   get '/', to: "dashboard#index"
   get '/dashboard', to: "dashboard#index"

From c198e1e18139c97148481c69fabfeec5b711ef26 Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Sun, 18 Aug 2024 14:34:00 -0400
Subject: [PATCH 05/12] 34 Revert tool-versions file

---
 .tool-versions | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.tool-versions b/.tool-versions
index 70b96cf5..2d1aa210 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,3 +1,3 @@
-ruby system
-nodejs system
-yarn system
+ruby 3.2.4  
+nodejs 20.15.1
+yarn 1.22.22
\ No newline at end of file

From 30c8b5783ff68a33b87d8fdc16f2458d68a1f48d Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Thu, 22 Aug 2024 15:01:50 -0400
Subject: [PATCH 06/12] 34 Fix session expiration condition and countdown

---
 app/controllers/application_controller.rb | 2 +-
 app/javascript/time_helpers.js            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b895df11..54e9980b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -35,7 +35,7 @@ def renew_session
   end
 
   def check_session_expiration
-    if session[:session_timeout_at].present? && session[:session_timeout_at] < Time.current
+    if logged_in? && (session[:session_timeout_at].blank? || session[:session_timeout_at] < Time.current)
       sign_out
       redirect_to dashboard_path, alert: I18n.t("session_expired_alert")
     else
diff --git a/app/javascript/time_helpers.js b/app/javascript/time_helpers.js
index 70998134..8d09c80c 100644
--- a/app/javascript/time_helpers.js
+++ b/app/javascript/time_helpers.js
@@ -1,6 +1,6 @@
 export function formatMilliseconds(ms) {
   const totalSeconds = Math.round(ms / 1000);
-  const minutes = Math.round(totalSeconds / 60);
+  const minutes = Math.floor(totalSeconds / 60);
   const seconds = totalSeconds % 60;
   return `${minutes}:${seconds < 10 ? "0" : ""}${seconds}`;
 }

From f7ba233e8e1433cb82df7d863f9ca5d42b20f44f Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Thu, 22 Aug 2024 15:27:39 -0400
Subject: [PATCH 07/12] 34 Fix failing session timeout test

---
 spec/requests/sessions_request_spec.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/spec/requests/sessions_request_spec.rb b/spec/requests/sessions_request_spec.rb
index 8b56d319..b4f486ec 100644
--- a/spec/requests/sessions_request_spec.rb
+++ b/spec/requests/sessions_request_spec.rb
@@ -44,11 +44,16 @@
   it "times out the session" do
     session_timeout_in_minutes = ENV.fetch("SESSION_TIMEOUT_IN_MINUTES", 15)
 
+    email = "test@example.gov"
+    token = SecureRandom.uuid
+
+    puts User.create!({email:, token:})
+
     code = "ABC123"
     login_gov = instance_double(LoginGov)
     allow(LoginGov).to receive(:new).and_return(login_gov)
     allow(login_gov).to receive(:exchange_token_from_auth_result).with(code).and_return(
-      [{ email: "test@example.com", sub: "sub" }]
+      [{ email:, sub: token }]
     )
     get "/auth/result", params: { code: }
 

From a18c619421abe24795255a6d2f1a961ad2b04c24 Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Thu, 22 Aug 2024 20:51:01 -0400
Subject: [PATCH 08/12] 34 Change session timeout env var to a constant

---
 app/controllers/application_controller.rb | 2 +-
 app/controllers/sessions_controller.rb    | 2 ++
 app/views/layouts/application.html.erb    | 2 +-
 spec/requests/sessions_request_spec.rb    | 4 ++--
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 54e9980b..6042a872 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -31,7 +31,7 @@ def sign_out
   end
 
   def renew_session
-    session[:session_timeout_at] = Time.current + ENV.fetch("SESSION_TIMEOUT_IN_MINUTES", 15).to_i.minutes
+    session[:session_timeout_at] = Time.current + SessionsController::SESSION_TIMEOUT_IN_MINUTES.minutes
   end
 
   def check_session_expiration
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index c5e8f589..936f9b9d 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -3,6 +3,8 @@
 class SessionsController < ApplicationController
   before_action :check_error_result, :require_code_param, :exchange_token, only: [:result]
 
+  SESSION_TIMEOUT_IN_MINUTES = 15
+
   def new
     # TODO: handle redirect to login page due to inactivity
   end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 7d5acad3..1b4aabbf 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -15,7 +15,7 @@
     <% if logged_in? %>
       <script>
         window.appConfig = {
-          sessionTimeoutMinutes: <%= ENV.fetch('SESSION_TIMEOUT_IN_MINUTES', 15).to_i.minutes %>
+          sessionTimeoutMinutes: <%= SessionsController::SESSION_TIMEOUT_IN_MINUTES %>
         }
       </script>
 
diff --git a/spec/requests/sessions_request_spec.rb b/spec/requests/sessions_request_spec.rb
index b4f486ec..073d53e7 100644
--- a/spec/requests/sessions_request_spec.rb
+++ b/spec/requests/sessions_request_spec.rb
@@ -42,12 +42,12 @@
   end
 
   it "times out the session" do
-    session_timeout_in_minutes = ENV.fetch("SESSION_TIMEOUT_IN_MINUTES", 15)
+    session_timeout_in_minutes = SessionsController::SESSION_TIMEOUT_IN_MINUTES
 
     email = "test@example.gov"
     token = SecureRandom.uuid
 
-    puts User.create!({email:, token:})
+    User.create!({ email:, token: })
 
     code = "ABC123"
     login_gov = instance_double(LoginGov)

From d50cefc0715f3fafa112d0ceb0fe9977cc9633ca Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Fri, 23 Aug 2024 12:16:18 -0400
Subject: [PATCH 09/12] 34 Remove session timeout from .envrc

Co-authored-by: Stephen Chudleigh <stepchud@users.noreply.github.com>
---
 .envrc | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.envrc b/.envrc
index 87faf917..4fbb075a 100644
--- a/.envrc
+++ b/.envrc
@@ -5,7 +5,5 @@ use nix
 mkdir -p .nix-bundler
 export BUNDLE_PATH=./.nix-bundler
 
-export SESSION_TIMEOUT_IN_MINUTES=15
-
 # Login Env Vars
 source .env_login

From 946afaa59a4168e40ddd8cb9bf30d7bc287c3f8e Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Mon, 26 Aug 2024 19:26:15 -0400
Subject: [PATCH 10/12] 34 Fix for timeout not redirecting properly

---
 app/controllers/sessions_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 936f9b9d..79d5764e 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -2,6 +2,7 @@
 
 class SessionsController < ApplicationController
   before_action :check_error_result, :require_code_param, :exchange_token, only: [:result]
+  before_action :check_session_expiration, except: [:timeout]
 
   SESSION_TIMEOUT_IN_MINUTES = 15
 

From b13590678575a8ced6e9e6cafb5020bbf3746b33 Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Tue, 27 Aug 2024 13:48:46 -0400
Subject: [PATCH 11/12] 34 Readability fix for check_session_expiration

---
 app/controllers/application_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6042a872..88d1fe77 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -35,7 +35,9 @@ def renew_session
   end
 
   def check_session_expiration
-    if logged_in? && (session[:session_timeout_at].blank? || session[:session_timeout_at] < Time.current)
+    return unless logged_in?
+
+    if session[:session_timeout_at].blank? || session[:session_timeout_at] < Time.current
       sign_out
       redirect_to dashboard_path, alert: I18n.t("session_expired_alert")
     else

From 96e444a86175286c2084362e7592192c73ac8de6 Mon Sep 17 00:00:00 2001
From: Chris Preisinger <cpreisinger@gmail.com>
Date: Tue, 27 Aug 2024 14:10:50 -0400
Subject: [PATCH 12/12] 34 Use skip before action instead of except for timeout

Co-authored-by: Stephen Chudleigh <stepchud@users.noreply.github.com>
---
 app/controllers/sessions_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 79d5764e..963d9064 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -2,7 +2,7 @@
 
 class SessionsController < ApplicationController
   before_action :check_error_result, :require_code_param, :exchange_token, only: [:result]
-  before_action :check_session_expiration, except: [:timeout]
+  skip_before_action :check_session_expiration, only: [:timeout]
 
   SESSION_TIMEOUT_IN_MINUTES = 15