jro_apps/redmine Commit - r2382:0310f43126ac

Hooked up on the fly OpenID user creation....

Eric Davis -

r2382:0310f43126ac

parent child

Context file:

r2382:0310f43126ac

Collapse all files

app/controllers/account_controller.rb +11 -11

             # Redmine - project management software
             # Copyright (C) 2006-2008  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class AccountController < ApplicationController
               helper :custom_fields
               include CustomFieldsHelper
               # prevents login action to be filtered by check_if_login_required application scope filter
               skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
               # Show user's account
               def show
                 @user = User.active.find(params[:id])
                 @custom_values = @user.custom_values
                 # show only public projects and private projects that the logged in user is also a member of
                 @memberships = @user.memberships.select do |membership|
                   membership.project.is_public? || (User.current.member_of?(membership.project))
                 end
                 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
                 @events_by_day = events.group_by(&:event_date)
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               # Login request and validation
               def login
                 if request.get?
                   # Logout user
                   self.logged_user = nil
                 else
                   # Authenticate user
                   unless using_open_id?
                     password_authentication
                   else
                     open_id_authenticate(params[:openid_url])
                   end
                 end
               end
               # Log out current user and redirect to welcome page
               def logout
                 cookies.delete :autologin
                 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
                 self.logged_user = nil
                 redirect_to home_url
               end
               # Enable user to choose a new password
               def lost_password
                 redirect_to(home_url) && return unless Setting.lost_password?
                 if params[:token]
                   @token = Token.find_by_action_and_value("recovery", params[:token])
                   redirect_to(home_url) && return unless @token and !@token.expired?
                   @user = @token.user
                   if request.post?
                     @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
                     if @user.save
                       @token.destroy
                       flash[:notice] = l(:notice_account_password_updated)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                   render :template => "account/password_recovery"
                   return
                 else
                   if request.post?
                     user = User.find_by_mail(params[:mail])
                     # user not found in db
                     flash.now[:error] = l(:notice_account_unknown_email) and return unless user
                     # user uses an external authentification
                     flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
                     # create a new token for password recovery
                     token = Token.new(:user => user, :action => "recovery")
                     if token.save
                       Mailer.deliver_lost_password(token)
                       flash[:notice] = l(:notice_account_lost_email_sent)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                 end
               end
               # User self-registration
               def register
                 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
                 if request.get?
                   session[:auth_source_registration] = nil
                   @user = User.new(:language => Setting.default_language)
                 else
                   @user = User.new(params[:user])
                   @user.admin = false
                   @user.status = User::STATUS_REGISTERED
                   if session[:auth_source_registration]
                     @user.status = User::STATUS_ACTIVE
                     @user.login = session[:auth_source_registration][:login]
                     @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
                     if @user.save
                       session[:auth_source_registration] = nil
                       self.logged_user = @user
                       flash[:notice] = l(:notice_account_activated)
                       redirect_to :controller => 'my', :action => 'account'
                     end
                   else
                     @user.login = params[:user][:login]
                     @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
                     case Setting.self_registration
                     when '1'
                       # Email activation
                       token = Token.new(:user => @user, :action => "register")
                       if @user.save and token.save
                         Mailer.deliver_register(token)
                         flash[:notice] = l(:notice_account_register_done)
                         redirect_to :action => 'login'
                       end
                     when '3'
                       # Automatic activation
                       @user.status = User::STATUS_ACTIVE
                       if @user.save
                         self.logged_user = @user
                         flash[:notice] = l(:notice_account_activated)
                         redirect_to :controller => 'my', :action => 'account'
                       end
                     else
                       # Manual activation by the administrator
                       if @user.save
                         # Sends an email to the administrators
                         Mailer.deliver_account_activation_request(@user)
                         flash[:notice] = l(:notice_account_pending)
                         redirect_to :action => 'login'
                       end
                     end
                   end
                 end
               end
               # Token based account activation
               def activate
                 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
                 token = Token.find_by_action_and_value('register', params[:token])
                 redirect_to(home_url) && return unless token and !token.expired?
                 user = token.user
                 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
                 user.status = User::STATUS_ACTIVE
                 if user.save
                   token.destroy
                   flash[:notice] = l(:notice_account_activated)
                 end
                 redirect_to :action => 'login'
               end
             private
               def logged_user=(user)
                 if user && user.is_a?(User)
                   User.current = user
                   session[:user_id] = user.id
                 else
                   User.current = User.anonymous
                   session[:user_id] = nil
                 end
               end
               def password_authentication
                 user = User.try_to_login(params[:username], params[:password])
                 if user.nil?
                   # Invalid credentials
                   flash.now[:error] = l(:notice_account_invalid_creditentials)
                 elsif user.new_record?
                   # Onthefly creation failed, display the registration form to fill/fix attributes
                   @user = user
                   session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
                   render :action => 'register'
                 else
                   # Valid user
                   successful_authentication(user)
                 end
               end
               def open_id_authenticate(openid_url)
-                user = nil
                 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
                   if result.successful?
                     user = User.find_or_initialize_by_identity_url(identity_url)
                     if user.new_record?
                       # Create on the fly
-                      # TODO: name
                       user.login = registration['nickname']
                       user.mail = registration['email']
-                      user.save
+                      user.firstname, user.lastname = registration['fullname'].split(' ')
-                    end
+                      user.random_password
+                      if user.save
-                    user.reload
+                        successful_authentication(user)
-                    if user.new_record?
+                      else
-                      # Onthefly creation failed, display the registration form to fill/fix attributes
+                        # Onthefly creation failed, display the registration form to fill/fix attributes
-                      @user = user
+                        @user = user
-                      session[:auth_source_registration] = {:login => user.login, :identity_url => identity_url }
+                        session[:auth_source_registration] = {:login => user.login, :identity_url => identity_url }
-                      render :action => 'register'
+                        render :action => 'register'
+                      end
                     else
+                      # Existing record
                       successful_authentication(user)
                     end
                   end
                 end
               end
               def successful_authentication(user)
                 # Valid user
                 self.logged_user = user
                 # generate a key and set cookie if autologin
                 if params[:autologin] && Setting.autologin?
                   token = Token.create(:user => user, :action => 'autologin')
                   cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
                 end
                 redirect_back_or_default :controller => 'my', :action => 'page'
               end
             end

app/models/user.rb +12 0

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < ActiveRecord::Base
               # Account statuses
               STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               USER_FORMATS = {
                 :firstname_lastname => '#{firstname} #{lastname}',
                 :firstname => '#{firstname}',
                 :lastname_firstname => '#{lastname} #{firstname}',
                 :lastname_coma_firstname => '#{lastname}, #{firstname}',
                 :username => '#{login}'
               }
               has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name"
               has_many :members, :dependent => :delete_all
               has_many :projects, :through => :memberships
               has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
               belongs_to :auth_source
               # Active non-anonymous users scope
               named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
               acts_as_customizable
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
               validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }, :case_sensitive => false
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => 30
               validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
               validates_length_of :mail, :maximum => 60, :allow_nil => true
               validates_length_of :password, :minimum => 4, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               def before_create
                 self.mail_notification = false
                 true
               end
               def before_save
                 # update hashed_password if password was set
                 self.hashed_password = User.hash_password(self.password) if self.password
               end
               def reload(*args)
                 @name = nil
                 super
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 # Make sure no one can sign in with an empty password
                 return nil if password.to_s.empty?
                 user = find(:first, :conditions => ["login=?", login])
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless User.hash_password(password) == user.hashed_password
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     user = new(*attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
                       logger.info("User '#{user.login}' created from the LDAP") if logger
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
                 user
               rescue => text
                 raise text
               end
               # Return user's full name for display
               def name(formatter = nil)
                 if formatter
                   eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"')
                 else
                   @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def check_password?(clear_password)
                 User.hash_password(clear_password) == self.hashed_password
               end
+              # Generate and set a random password.  Useful for automated user creation
+              # Based on Token#generate_token_value
+              #
+              def random_password
+                chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+                password = ''
+.times { |i| password << chars[rand(chars.size-1)] }
+                self.password = password
+                self.password_confirmation = password
+                self
+              end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
                 token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_autologin_key(key)
                 token = Token.find_by_action_and_value('autologin', key)
                 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
               end
               # Makes find_by_mail case-insensitive
               def self.find_by_mail(mail)
                 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
               end
               # Sort users by their display names
               def <=>(user)
                 self.to_s.downcase <=> user.to_s.downcase
               end
               def to_s
                 name
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Return user's role for project
               def role_for_project(project)
                 # No role on archived projects
                 return nil unless project && project.active?
                 if logged?
                   # Find project membership
                   membership = memberships.detect {|m| m.project_id == project.id}
                   if membership
                     membership.role
                   else
                     @role_non_member ||= Role.non_member
                   end
                 else
                   @role_anonymous ||= Role.anonymous
                 end
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 role_for_project(project).member?
               end
               # Return true if the user is allowed to do the specified action on project
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allowed_to?(action, project, options={})
                 if project
                   # No action allowed on archived projects
                   return false unless project.active?
                   # No action allowed on disabled modules
                   return false unless project.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   role = role_for_project(project)
                   return false unless role
                   role.allowed_to?(action) && (project.is_public? || role.member?)
                 elsif options[:global]
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.role}.uniq
                   roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
                 else
                   false
                 end
               end
               def self.current=(user)
                 @current_user = user
               end
               def self.current
                 @current_user ||= User.anonymous
               end
               def self.anonymous
                 anonymous_user = AnonymousUser.find(:first)
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
             private
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
             end
             class AnonymousUser < User
               def validate_on_create
                 # There should be only one AnonymousUser in the database
                 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name; 'Anonymous' end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
             end

test/unit/user_test.rb +7 0

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             class UserTest < Test::Unit::TestCase
               fixtures :users, :members, :projects
               def setup
                 @admin = User.find(1)
                 @jsmith = User.find(2)
                 @dlopper = User.find(3)
               end
               def test_truth
                 assert_kind_of User, @jsmith
               end
               def test_create
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "jsmith"
                 user.password, user.password_confirmation = "password", "password"
                 # login uniqueness
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.login = "newuser"
                 user.password, user.password_confirmation = "passwd", "password"
                 # password confirmation
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.password, user.password_confirmation = "password", "password"
                 assert user.save
               end
               def test_mail_uniqueness_should_not_be_case_sensitive
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 u.login = 'newuser1'
                 u.password, u.password_confirmation = "password", "password"
                 assert u.save
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
                 u.login = 'newuser2'
                 u.password, u.password_confirmation = "password", "password"
                 assert !u.save
                 assert_equal 'activerecord_error_taken', u.errors.on(:mail)
               end
               def test_update
                 assert_equal "admin", @admin.login
                 @admin.login = "john"
                 assert @admin.save, @admin.errors.full_messages.join("; ")
                 @admin.reload
                 assert_equal "john", @admin.login
               end
               def test_destroy
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert Member.find_all_by_user_id(2).empty?
               end
               def test_validate
                 @admin.login = ""
                 assert !@admin.save
                 assert_equal 1, @admin.errors.count
               end
               def test_password
                 user = User.try_to_login("admin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 user.password = "hello"
                 assert user.save
                 user = User.try_to_login("admin", "hello")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 assert_equal User.hash_password("hello"), user.hashed_password
               end
               def test_name_format
                 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
                 Setting.user_format = :firstname_lastname
                 assert_equal 'John Smith', @jsmith.reload.name
                 Setting.user_format = :username
                 assert_equal 'jsmith', @jsmith.reload.name
               end
               def test_lock
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal @jsmith, user
                 @jsmith.status = User::STATUS_LOCKED
                 assert @jsmith.save
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal nil, user
               end
               def test_create_anonymous
                 AnonymousUser.delete_all
                 anon = User.anonymous
                 assert !anon.new_record?
                 assert_kind_of AnonymousUser, anon
               end
               def test_rss_key
                 assert_nil @jsmith.rss_token
                 key = @jsmith.rss_key
                 assert_equal 40, key.length
                 @jsmith.reload
                 assert_equal key, @jsmith.rss_key
               end
               def test_role_for_project
                 # user with a role
                 role = @jsmith.role_for_project(Project.find(1))
                 assert_kind_of Role, role
                 assert_equal "Manager", role.name
                 # user with no role
                 assert !@dlopper.role_for_project(Project.find(2)).member?
               end
               def test_mail_notification_all
                 @jsmith.mail_notification = true
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_selected
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = [1]
                 @jsmith.save
                 @jsmith.reload
                 assert Project.find(1).recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_none
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_comments_sorting_preference
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'asc'
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'desc'
                 assert @jsmith.wants_comments_in_reverse_order?
               end
               def test_find_by_mail_should_be_case_insensitive
                 u = User.find_by_mail('JSmith@somenet.foo')
                 assert_not_nil u
                 assert_equal 'jsmith@somenet.foo', u.mail
               end
+              def test_random_password
+                u = User.new
+                u.random_password
+                assert !u.password.blank?
+                assert !u.password_confirmation.blank?
+              end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages