Skip check_session_expiry in SessionsController

SessionsController skipped check_user_token but not check_session_expiry,
so users with an expired session were shown the login page instead of
completing the OAuth callback flow.

Author: JuanVqz

app/controllers/sessions_controller.rb

@@ -1,5 +1,6 @@
 class SessionsController < ApplicationController
   skip_before_action :check_user_token
+  skip_before_action :check_session_expiry
 
   def create
     auth = request.env["omniauth.auth"]

test/controllers/sessions_controller_test.rb

@@ -1,7 +1,15 @@
 require "test_helper"
 
 class SessionsControllerTest < ActionDispatch::IntegrationTest
-  # test "the truth" do
-  #   assert true
-  # end
+  test "completes OAuth even when session has expired" do
+    # Sign in so the session gets an expires_at timestamp.
+    sign_in
+
+    # Travel past the expiry window so check_session_expiry would fire.
+    # Without the fix, it renders puzzles/login and the OAuth callback never completes.
+    travel_to 2.hours.from_now do
+      sign_in
+      assert_redirected_to root_path
+    end
+  end
 end