##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed that autologin is broken when using a custom cookie name (#13335)....
Jean-Philippe Lang -
r11289:08ef201cec0c
parent child
Show More
Side by Side Unified
Context file:
r11289:08ef201cec0c Loading diff...:
Show file before | Show file after | Hide comments
@@ -230,7 +230,6 class AccountController < ApplicationController
230
230
231 def set_autologin_cookie(user)
231 def set_autologin_cookie(user)
232 token = Token.create(:user => user, :action => 'autologin')
232 token = Token.create(:user => user, :action => 'autologin')
233 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
234 cookie_options = {
233 cookie_options = {
235 :value => token.value,
234 :value => token.value,
236 :expires => 1.year.from_now,
235 :expires => 1.year.from_now,
@@ -238,7 +237,7 class AccountController < ApplicationController
238 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
237 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
239 :httponly => true
238 :httponly => true
240 }
239 }
241 cookies[cookie_name] = cookie_options
240 cookies[autologin_cookie_name] = cookie_options
242 end
241 end
243
242
244 # Onthefly creation failed, display the registration form to fill/fix attributes
243 # Onthefly creation failed, display the registration form to fill/fix attributes
Show file before | Show file after | Hide comments
@@ -35,7 +35,7 class ApplicationController < ActionController::Base
35 protect_from_forgery
35 protect_from_forgery
36 def handle_unverified_request
36 def handle_unverified_request
37 super
37 super
38 cookies.delete(:autologin)
38 cookies.delete(autologin_cookie_name)
39 end
39 end
40
40
41 before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
41 before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
@@ -127,10 +127,14 class ApplicationController < ActionController::Base
127 user
127 user
128 end
128 end
129
129
130 def autologin_cookie_name
131 Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
132 end
133
130 def try_to_autologin
134 def try_to_autologin
131 if cookies[:autologin] && Setting.autologin?
135 if cookies[autologin_cookie_name] && Setting.autologin?
132 # auto-login feature starts a new session
136 # auto-login feature starts a new session
133 user = User.try_to_autologin(cookies[:autologin])
137 user = User.try_to_autologin(cookies[autologin_cookie_name])
134 if user
138 if user
135 reset_session
139 reset_session
136 start_user_session(user)
140 start_user_session(user)
Show file before | Show file after | Hide comments
@@ -68,6 +68,28 class AccountTest < ActionController::IntegrationTest
68 assert_not_nil user.reload.last_login_on
68 assert_not_nil user.reload.last_login_on
69 end
69 end
70
70
71 def test_autologin_should_use_autologin_cookie_name
72 Token.delete_all
73 Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
74 Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
75 Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
76
77 with_settings :autologin => '7' do
78 assert_difference 'Token.count' do
79 post '/login', :username => 'admin', :password => 'admin', :autologin => 1
80 end
81 assert_response 302
82 assert cookies['custom_autologin'].present?
83 token = cookies['custom_autologin']
84
85 # Session is cleared
86 reset!
87 cookies['custom_autologin'] = token
88 get '/my/page'
89 assert_response :success
90 end
91 end
92
71 def test_lost_password
93 def test_lost_password
72 Token.delete_all
94 Token.delete_all
73
95
General Comments 0
You need to be logged in to leave comments. Login now