From b7d954eac9af1ccc1d6e7889fa032011dfa7cd09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20V=C3=A1squez?= <juan@ombulabs.com>
Date: Thu, 5 Mar 2026 18:33:16 -0600
Subject: [PATCH] Skip check_session_expiry in SessionsController

SessionsController skipped check_user_token but not check_session_expiry,
so users with an expired session were shown the login page instead of
completing the OAuth callback flow.
---
 app/controllers/sessions_controller.rb       |  1 +
 test/controllers/sessions_controller_test.rb | 14 +++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 6b15682..be6ee37 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,5 +1,6 @@
 class SessionsController < ApplicationController
   skip_before_action :check_user_token
+  skip_before_action :check_session_expiry
 
   def create
     auth = request.env["omniauth.auth"]
diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
index e5da4b3..abd378b 100644
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -1,7 +1,15 @@
 require "test_helper"
 
 class SessionsControllerTest < ActionDispatch::IntegrationTest
-  # test "the truth" do
-  #   assert true
-  # end
+  test "completes OAuth even when session has expired" do
+    # Sign in so the session gets an expires_at timestamp.
+    sign_in
+
+    # Travel past the expiry window so check_session_expiry would fire.
+    # Without the fix, it renders puzzles/login and the OAuth callback never completes.
+    travel_to 2.hours.from_now do
+      sign_in
+      assert_redirected_to root_path
+    end
+  end
 end