From 4e73d6c557c7b95e02b286c0420ab7220892cd66 Mon Sep 17 00:00:00 2001 From: Alexander Brandon Coles Date: Thu, 30 Oct 2025 17:58:26 +0000 Subject: [PATCH] Fix wording (docs, UI): change "expiry" to "expiration" --- app/models/user_password.rb | 2 +- app/services/users/change_password_service.rb | 4 ++-- app/services/users/login_service.rb | 2 +- config/constants/settings/definition.rb | 2 +- config/locales/en.yml | 2 +- docs/development/concepts/secure-coding/README.md | 2 +- .../configuration/README.md | 4 ++-- .../configuration/environment/README.md | 4 ++-- .../packaged/openproject-apache-example.conf | 2 +- docs/release-notes/13/13-2-0/README.md | 2 +- docs/release-notes/6/6-1-6/README.md | 2 +- docs/release-notes/7/7-0-3/README.md | 2 +- .../processing-of-personal-data/README.md | 2 +- .../login-registration-settings/README.md | 2 +- docs/user-guide/account-settings/README.md | 4 ++-- .../admin/enterprise_tokens/table_component_spec.rb | 6 +++--- .../admin/settings/authentication_settings_spec.rb | 10 +++++----- spec/features/auth/login_spec.rb | 2 +- .../settings/authentication_settings_form_spec.rb | 4 ++-- spec/models/attachment_spec.rb | 6 +++--- spec/models/user_password_spec.rb | 10 +++++----- 21 files changed, 38 insertions(+), 38 deletions(-) diff --git a/app/models/user_password.rb b/app/models/user_password.rb index 239499d4e1f..35f027946d9 100644 --- a/app/models/user_password.rb +++ b/app/models/user_password.rb @@ -61,7 +61,7 @@ class UserPassword < ApplicationRecord ## # Rehash the password using the currently active strategy. - # This replaces the password and keeps expiry date identical. + # This replaces the password and keeps expiration date identical. def rehash_as_active(plain) active_class = UserPassword.active_type diff --git a/app/services/users/change_password_service.rb b/app/services/users/change_password_service.rb index 6668eb77b4d..ad09ec8ec4d 100644 --- a/app/services/users/change_password_service.rb +++ b/app/services/users/change_password_service.rb @@ -75,8 +75,8 @@ module Users def update_message update_message = I18n.t(:notice_account_password_updated) - expiry_message = I18n.t(:notice_account_other_session_expired) - { message_type: :info, message: "#{update_message} #{expiry_message}" } + expiration_message = I18n.t(:notice_account_other_session_expired) + { message_type: :info, message: "#{update_message} #{expiration_message}" } end def log_success diff --git a/app/services/users/login_service.rb b/app/services/users/login_service.rb index 2461aaee8f0..1c922da0c7a 100644 --- a/app/services/users/login_service.rb +++ b/app/services/users/login_service.rb @@ -66,7 +66,7 @@ module Users token = Token::AutoLogin.create!(user:, data: token_session_information) cookie_options = { value: token.plain_value, - # The autologin expiry is checked on validating the token + # The autologin expiration is checked on validating the token # but still expire the cookie to avoid unnecessary retries expires: token.expires_on, path: OpenProject::Configuration["autologin_cookie_path"], diff --git a/config/constants/settings/definition.rb b/config/constants/settings/definition.rb index 7ed56a78a48..48cd8afaf3a 100644 --- a/config/constants/settings/definition.rb +++ b/config/constants/settings/definition.rb @@ -216,7 +216,7 @@ module Settings default: 20 }, cache_expires_in_seconds: { - description: "Expiration time for memcache entries, empty for no expiry be default", + description: "Expiration time for memcache entries, empty for no expiration be default", format: :integer, default: nil, writable: false diff --git a/config/locales/en.yml b/config/locales/en.yml index 6815371c903..e2d6fdb537e 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -4428,7 +4428,7 @@ en: setting_self_registration_manual_activation_caption: > Users can register on their own. Their accounts are in a pending state until an administrator or user with the global permission to create or manage users activates them. - setting_session_ttl: "Session expiry time after inactivity" + setting_session_ttl: "Session expiration time after inactivity" setting_session_ttl_hint: "Value below 5 works like disabled" setting_session_ttl_enabled: "Session expires" setting_start_of_week: "Week starts on" diff --git a/docs/development/concepts/secure-coding/README.md b/docs/development/concepts/secure-coding/README.md index 8f5ca6b1c8a..3436742fa2c 100644 --- a/docs/development/concepts/secure-coding/README.md +++ b/docs/development/concepts/secure-coding/README.md @@ -99,7 +99,7 @@ As OpenProject is a web application, the web session is the central mechanism of **Guidelines** - Use Rails' built-in secure session cookies for maintaining the users' session. It incorporates best-practices to ensure strong session tokens, tamper resistance, and proper expiration. -- Ensure session cookies are marked `secure` and `httponly`, as well as providing the appropriate `SameSite` and expiry flags according to the instance's configuration. +- Ensure session cookies are marked `secure` and `httponly`, as well as providing the appropriate `SameSite` and expiration flags according to the instance's configuration. - Provide a secure logout mechanism that invalidates the session and clears session cookies. Ensure that users are logged out after a period of inactivity. - Implement session fixation protection mechanisms to prevent attackers from fixing a user's session to a known value. - Prevent storing sensitive unencrypted session information on the client device diff --git a/docs/installation-and-operations/configuration/README.md b/docs/installation-and-operations/configuration/README.md index 868b2cff449..e87959fade1 100644 --- a/docs/installation-and-operations/configuration/README.md +++ b/docs/installation-and-operations/configuration/README.md @@ -547,7 +547,7 @@ OPENPROJECT_REMOTE__STORAGE__DOWNLOAD__HOST=mybucket.s3.eu-west.amazonaws.com" When using remote storage for attachments via fog - usually S3 (see [`attachments_storage`](#attachments-storage) option) - each attachment download will generate a temporary URL. This option determines how long these links will be valid. -The default is 21600 seconds, that is 6 hours, which is the maximum expiry time allowed by S3 when using IAM roles for authentication. +The default is 21600 seconds, that is 6 hours, which is the maximum expiration time allowed by S3 when using IAM roles for authentication. *default: 21600* @@ -698,7 +698,7 @@ OPENPROJECT_SECURITY__BADGE__DISPLAYED="false" * When using `redis`, the following configuration option is relevant: * `cache_redis_url`: The URL of the Redis host (e.g., `redis://host:6379`) -* `cache_expires_in`: Expiration time for memcache entries (default: `nil`, no expiry) +* `cache_expires_in`: Expiration time for memcache entries (default: `nil`, no expiration) * `cache_namespace`: Namespace for cache keys, useful when multiple applications use a single memcache server (default: `nil`) ### Rails asset host diff --git a/docs/installation-and-operations/configuration/environment/README.md b/docs/installation-and-operations/configuration/environment/README.md index f6bb780e149..247afa33639 100644 --- a/docs/installation-and-operations/configuration/environment/README.md +++ b/docs/installation-and-operations/configuration/environment/README.md @@ -153,7 +153,7 @@ OPENPROJECT_BLACKLISTED__ROUTES (default=[]) Blocked routes to prevent access to OPENPROJECT_BOARDS__DEMO__DATA__AVAILABLE (default=false) Internal setting determining availability of demo seed data OPENPROJECT_BRUTE__FORCE__BLOCK__AFTER__FAILED__LOGINS (default=20) Number of login attempts per user before assuming brute force attack OPENPROJECT_BRUTE__FORCE__BLOCK__MINUTES (default=30) Number of minutes to block users after presumed brute force attack -OPENPROJECT_CACHE__EXPIRES__IN__SECONDS (default=nil) Expiration time for memcache entries, empty for no expiry be default +OPENPROJECT_CACHE__EXPIRES__IN__SECONDS (default=nil) Expiration time for memcache entries, empty for no expiration be default OPENPROJECT_CACHE__FORMATTED__TEXT (default=true) Cache formatted text OPENPROJECT_CACHE__MEMCACHE__SERVER (default=nil) The memcache server host and IP OPENPROJECT_CACHE__NAMESPACE (default=nil) Namespace for cache keys, useful when multiple applications use a single memcache server @@ -344,7 +344,7 @@ OPENPROJECT_SELF__REGISTRATION (default=2) Self-registration OPENPROJECT_SENDMAIL__ARGUMENTS (default="-i") Arguments to call sendmail with in case it is configured as outgoing email setup OPENPROJECT_SENDMAIL__LOCATION (default="/usr/sbin/sendmail") Location of sendmail to call if it is configured as outgoing email setup OPENPROJECT_SESSION__COOKIE__NAME (default="_open_project_session") Set session cookie name -OPENPROJECT_SESSION__TTL (default=120) Session expiry time after inactivity +OPENPROJECT_SESSION__TTL (default=120) Session expiration time after inactivity OPENPROJECT_SESSION__TTL__ENABLED (default=false) Session expires OPENPROJECT_SHOW__COMMUNITY__LINKS (default=true) Enable or disable links to OpenProject community instances OPENPROJECT_SHOW__PENDING__MIGRATIONS__WARNING (default=true) Enable or disable warning bar in case of pending migrations diff --git a/docs/installation-and-operations/installation/packaged/openproject-apache-example.conf b/docs/installation-and-operations/installation/packaged/openproject-apache-example.conf index 5125302cf3e..fe5702c2d91 100644 --- a/docs/installation-and-operations/installation/packaged/openproject-apache-example.conf +++ b/docs/installation-and-operations/installation/packaged/openproject-apache-example.conf @@ -70,7 +70,7 @@ - # Send expiry headers for assets, that carry an asset id. Assuming, an asset + # Send expiration headers for assets, that carry an asset id. Assuming, an asset # id is a unix timestamp, which is currently a 10 digit integer. This might # change in the far future. diff --git a/docs/release-notes/13/13-2-0/README.md b/docs/release-notes/13/13-2-0/README.md index 89b34bb51d6..21b8d4e41ba 100644 --- a/docs/release-notes/13/13-2-0/README.md +++ b/docs/release-notes/13/13-2-0/README.md @@ -99,7 +99,7 @@ Please note that **% Complete** does not adjust automatically when the values of - Bugfix: Can not add invited users to existing groups \[[#51679](https://community.openproject.org/wp/51679)\] - Bugfix: Project.visible scope slower than it should be \[[#51706](https://community.openproject.org/wp/51706)\] - Bugfix: Ongoing meetings are not visible via the Meetings tab in work packages \[[#51715](https://community.openproject.org/wp/51715)\] -- Bugfix: The Access Token expiry date not updated on refresh for FileStorage tokens \[[#51749](https://community.openproject.org/wp/51749)\] +- Bugfix: The Access Token expiration date not updated on refresh for FileStorage tokens \[[#51749](https://community.openproject.org/wp/51749)\] - Bugfix: Work package share permissions not in Work package permission group \[[#52086](https://community.openproject.org/wp/52086)\] - Bugfix: lockVersion missing in payload for API WP form when only having change_work_package_status permission \[[#52089](https://community.openproject.org/wp/52089)\] - Bugfix: Status cannot be changed in backlogs when only having change_work_package_status permission \[[#52090](https://community.openproject.org/wp/52090)\] diff --git a/docs/release-notes/6/6-1-6/README.md b/docs/release-notes/6/6-1-6/README.md index 6afe01dc5b7..9286e74c000 100644 --- a/docs/release-notes/6/6-1-6/README.md +++ b/docs/release-notes/6/6-1-6/README.md @@ -8,7 +8,7 @@ release_date: 2017-03-20 # OpenProject 6.1.6 -The release contains an important security fix regarding session expiry. +The release contains an important security fix regarding session expiration. For details on the security fix, take a look at the [release news](https://www.openproject.org/blog/openproject-6-1-6-released-security-fix/). diff --git a/docs/release-notes/7/7-0-3/README.md b/docs/release-notes/7/7-0-3/README.md index 19551c5385d..5f3938e0e76 100644 --- a/docs/release-notes/7/7-0-3/README.md +++ b/docs/release-notes/7/7-0-3/README.md @@ -9,7 +9,7 @@ release_date: 2017-06-29 # OpenProject 7.0.3 -The release contains an important security fix regarding session expiry +The release contains an important security fix regarding session expiration and several bug fixes. For details on the security fix, take a look at the [release diff --git a/docs/security-and-privacy/processing-of-personal-data/README.md b/docs/security-and-privacy/processing-of-personal-data/README.md index 4b6b6a7641d..dfb5e013737 100644 --- a/docs/security-and-privacy/processing-of-personal-data/README.md +++ b/docs/security-and-privacy/processing-of-personal-data/README.md @@ -686,7 +686,7 @@ flowchart LR OpenProject makes use of technical cookies to identity the browser client and/or remember information such as 2FA login state. The core application makes use of these cookies: -| **Cookie name** | **Description** | **Expiry** | **Security flags** | **Implementation** | +| **Cookie name** | **Description** | **Expiration** | **Security flags** | **Implementation** | | ---------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ----------------------------------------------------- | ------------------------------------------------------------ | | `_open_project_session` (name is configurable) | contains the information about the logged in user as well as information stored between requests on the user's choices (e.g. the filters for costs are in part stored there) | Session
+ configurable server-sideTTL | secure
httponly
Samesite=Lax
encrypted | [Code ref](https://github.com/opf/openproject/blob/release/16.0/config/initializers/session_store.rb#L34-L39) | | `autologin` (name is configurable) | (Optional feature, requires opt-in under Administration > Authentication settings)
enables the user to automatically log in again after the session expired (e.g. because the browser was closed). It is set when the user checks the '*Stay logged in*' box in the login form.
| Cookie 1 year
+ server-side token N days (configurable) | secure
httponly
Samesite=Lax
encrypted | [Code ref](https://github.com/opf/openproject/blob/release/16.0/app/services/users/login_service.rb#L58-L74) | diff --git a/docs/system-admin-guide/authentication/login-registration-settings/README.md b/docs/system-admin-guide/authentication/login-registration-settings/README.md index f64fe212c55..7672976591e 100644 --- a/docs/system-admin-guide/authentication/login-registration-settings/README.md +++ b/docs/system-admin-guide/authentication/login-registration-settings/README.md @@ -29,7 +29,7 @@ Under the *Login* tab you can adjust following settings: 2. Activate the **session expiration option**. -3. Set the **duration for inactivity time**, after which a session will expire. Note that any value below 5 will be treated as disabling the session expiry setting. +3. Set the **duration for inactivity time**, after which a session will expire. Note that any value below 5 will be treated as disabling the session expiration setting. 4. Define whether **user login, name, and mail address** should be logged for all requests. diff --git a/docs/user-guide/account-settings/README.md b/docs/user-guide/account-settings/README.md index 887a715c6a2..60e62adae86 100644 --- a/docs/user-guide/account-settings/README.md +++ b/docs/user-guide/account-settings/README.md @@ -270,11 +270,11 @@ To view and manage your OpenProject sessions navigate to **Account settings** an ![Sessions management in OpenProject account settings](openproject_account_settings_sessions_management.png) -Here you can view and manage all of your active and remembered sessions in one place. Each row shows the browser, device, expiry date and last connection timestamp. For your current session the “Last connection” column displays **“Current (this device)”**. +Here you can view and manage all of your active and remembered sessions in one place. Each row shows the browser, device, expiration date and last connection timestamp. For your current session the “Last connection” column displays **“Current (this device)”**. You can revoke a session at any time by clicking the **×** icon at the end of the row. Hover over the icon to see the **“Revoke”** tooltip. When you click, a confirmation message appears. -Sessions expire automatically according to your instance’s authentication settings. Remembered sessions show their expiry in relative time (for example “in 5 days”). +Sessions expire automatically according to your instance’s authentication settings. Remembered sessions show their expiration in relative time (for example “in 5 days”). > [!NOTE] > Closing a browser does not necessarily terminate the session. It might still be displayed in the list and will be reactivated if you open the browser. This depends on both your browser's and the OpenProject instance's settings. diff --git a/spec/components/admin/enterprise_tokens/table_component_spec.rb b/spec/components/admin/enterprise_tokens/table_component_spec.rb index e8839f96646..83205758a19 100644 --- a/spec/components/admin/enterprise_tokens/table_component_spec.rb +++ b/spec/components/admin/enterprise_tokens/table_component_spec.rb @@ -127,7 +127,7 @@ RSpec.describe Admin::EnterpriseTokens::TableComponent, type: :component do expect(subscription_cells).to all(have_primer_label("Expiring soon", scheme: "attention")) end - it "has expiry date in :attention color in the dates column" do + it "has expiration date in :attention color in the dates column" do render_inline(component) expect(dates_cells[0]).to have_primer_text(format_date(tokens.first.starts_at), color: "subtle") @@ -152,7 +152,7 @@ RSpec.describe Admin::EnterpriseTokens::TableComponent, type: :component do expect(subscription_cells).to all(have_primer_label("In grace period", scheme: "attention")) end - it "has expiry date in :attention color in the dates column" do + it "has expiration date in :attention color in the dates column" do render_inline(component) expect(dates_cells[0]).to have_primer_text(format_date(tokens.first.starts_at), color: "subtle") @@ -178,7 +178,7 @@ RSpec.describe Admin::EnterpriseTokens::TableComponent, type: :component do expect(subscription_cells).to all(have_primer_label("Expired", scheme: "danger")) end - it "has expiry date in :danger color in the dates column" do + it "has expiration date in :danger color in the dates column" do render_inline(component) expect(dates_cells[0]).to have_primer_text(format_date(tokens.first.starts_at), color: "subtle") diff --git a/spec/features/admin/settings/authentication_settings_spec.rb b/spec/features/admin/settings/authentication_settings_spec.rb index 4ef95493e07..e1dbcb2bae8 100644 --- a/spec/features/admin/settings/authentication_settings_spec.rb +++ b/spec/features/admin/settings/authentication_settings_spec.rb @@ -64,19 +64,19 @@ RSpec.describe "Authentication Settings", :js do it "allows changing session expiration options" do expect(login_page).to have_unchecked_field "Session expires" - expect(login_page).to have_no_field "Session expiry time after inactivity" + expect(login_page).to have_no_field "Session expiration time after inactivity" check "Session expires" - expect(login_page).to have_field "Session expiry time after inactivity" + expect(login_page).to have_field "Session expiration time after inactivity" - fill_in "Session expiry time after inactivity", with: "30" + fill_in "Session expiration time after inactivity", with: "30" login_page.save Setting.clear_cache login_page.reload! expect(login_page).to have_checked_field "Session expires" - expect(login_page).to have_field "Session expiry time after inactivity", with: "30", described_by: "minutes" + expect(login_page).to have_field "Session expiration time after inactivity", with: "30", described_by: "minutes" uncheck "Session expires" @@ -85,7 +85,7 @@ RSpec.describe "Authentication Settings", :js do login_page.reload! expect(login_page).to have_unchecked_field "Session expires" - expect(login_page).to have_no_field "Session expiry time after inactivity" + expect(login_page).to have_no_field "Session expiration time after inactivity" end it "allows changing logging options" do diff --git a/spec/features/auth/login_spec.rb b/spec/features/auth/login_spec.rb index 8aeede71ca4..bdb7f18f6a1 100644 --- a/spec/features/auth/login_spec.rb +++ b/spec/features/auth/login_spec.rb @@ -186,7 +186,7 @@ RSpec.describe "Login" do end end - context "with password expiry", :js do + context "with password expiration", :js do before do user.passwords.update_all(created_at: 31.days.ago, updated_at: 31.days.ago) diff --git a/spec/forms/settings/authentication_settings_form_spec.rb b/spec/forms/settings/authentication_settings_form_spec.rb index fe3cc581ee0..20623106cd2 100644 --- a/spec/forms/settings/authentication_settings_form_spec.rb +++ b/spec/forms/settings/authentication_settings_form_spec.rb @@ -53,8 +53,8 @@ RSpec.describe Settings::AuthenticationSettingsForm, type: :forms do expect(page).to have_unchecked_field "Session expires" end - it "renders 'Session expiry time after inactivity' number field" do - expect(page).to have_field "Session expiry time after inactivity", type: "number" + it "renders 'Session expiration time after inactivity' number field" do + expect(page).to have_field "Session expiration time after inactivity", type: "number" end it "renders 'Log user login, name, and mail address for all requests' checkbox" do diff --git a/spec/models/attachment_spec.rb b/spec/models/attachment_spec.rb index 6b6b2064b8e..92c99f8a8e2 100644 --- a/spec/models/attachment_spec.rb +++ b/spec/models/attachment_spec.rb @@ -227,12 +227,12 @@ RSpec.describe Attachment do let(:url_options) { {} } let(:query) { attachment.external_url(**url_options).to_s.split("?").last } - it "has a default expiry time" do + it "has a default expiration time" do expect(query).to include "X-Amz-Expires=" expect(query).not_to include "X-Amz-Expires=3600" end - context "with a custom expiry time" do + context "with a custom expiration time" do let(:url_options) { { expires_in: 1.hour } } it "uses that time" do @@ -240,7 +240,7 @@ RSpec.describe Attachment do end end - context "with expiry time exceeding maximum" do + context "with expiration time exceeding maximum" do let(:url_options) { { expires_in: 1.year } } it "uses the allowed max" do diff --git a/spec/models/user_password_spec.rb b/spec/models/user_password_spec.rb index a27aab84f14..6f1bb70ada9 100644 --- a/spec/models/user_password_spec.rb +++ b/spec/models/user_password_spec.rb @@ -36,20 +36,20 @@ RSpec.describe UserPassword do let(:password) { create(:user_password, user:, plain_password: "adminAdmin!") } describe "#expired?" do - context "with expiry value set", + context "with expiration value set", with_settings: { password_days_valid: 30 } do - it "is true for an old password when password expiry is activated" do + it "is true for an old password when password expiration is activated" do expect(old_password.expired?).to be_truthy end - it "is false when password expiry is enabled and the password was changed recently" do + it "is false when password expiration is enabled and the password was changed recently" do expect(password.expired?).to be_falsey end end - context "with expiry value disabled", + context "with expiration value disabled", with_settings: { password_days_valid: 0 } do - it "is false for an old password when password expiry is disabled" do + it "is false for an old password when password expiration is disabled" do expect(old_password.expired?).to be_falsey end end