| @@ -230,7 +230,6 class AccountController < ApplicationController | |||
|
|
230 | 230 | |
|
|
231 | 231 | def set_autologin_cookie(user) |
|
|
232 | 232 | token = Token.create(:user => user, :action => 'autologin') |
|
|
233 | cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' | |
|
|
234 | 233 | cookie_options = { |
|
|
235 | 234 | :value => token.value, |
|
|
236 | 235 | :expires => 1.year.from_now, |
| @@ -238,7 +237,7 class AccountController < ApplicationController | |||
|
|
238 | 237 | :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), |
|
|
239 | 238 | :httponly => true |
|
|
240 | 239 | } |
|
|
241 | cookies[cookie_name] = cookie_options | |
|
|
240 | cookies[autologin_cookie_name] = cookie_options | |
|
|
242 | 241 | end |
|
|
243 | 242 | |
|
|
244 | 243 | # Onthefly creation failed, display the registration form to fill/fix attributes |
| @@ -35,7 +35,7 class ApplicationController < ActionController::Base | |||
|
|
35 | 35 | protect_from_forgery |
|
|
36 | 36 | def handle_unverified_request |
|
|
37 | 37 | super |
|
|
38 |
cookies.delete( |
|
|
|
38 | cookies.delete(autologin_cookie_name) | |
|
|
39 | 39 | end |
|
|
40 | 40 | |
|
|
41 | 41 | before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization |
| @@ -127,10 +127,14 class ApplicationController < ActionController::Base | |||
|
|
127 | 127 | user |
|
|
128 | 128 | end |
|
|
129 | 129 | |
|
|
130 | def autologin_cookie_name | |
|
|
131 | Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' | |
|
|
132 | end | |
|
|
133 | ||
|
|
130 | 134 | def try_to_autologin |
|
|
131 |
if cookies[ |
|
|
|
135 | if cookies[autologin_cookie_name] && Setting.autologin? | |
|
|
132 | 136 | # auto-login feature starts a new session |
|
|
133 |
user = User.try_to_autologin(cookies[ |
|
|
|
137 | user = User.try_to_autologin(cookies[autologin_cookie_name]) | |
|
|
134 | 138 | if user |
|
|
135 | 139 | reset_session |
|
|
136 | 140 | start_user_session(user) |
| @@ -68,6 +68,28 class AccountTest < ActionController::IntegrationTest | |||
|
|
68 | 68 | assert_not_nil user.reload.last_login_on |
|
|
69 | 69 | end |
|
|
70 | 70 | |
|
|
71 | def test_autologin_should_use_autologin_cookie_name | |
|
|
72 | Token.delete_all | |
|
|
73 | Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') | |
|
|
74 | Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') | |
|
|
75 | Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) | |
|
|
76 | ||
|
|
77 | with_settings :autologin => '7' do | |
|
|
78 | assert_difference 'Token.count' do | |
|
|
79 | post '/login', :username => 'admin', :password => 'admin', :autologin => 1 | |
|
|
80 | end | |
|
|
81 | assert_response 302 | |
|
|
82 | assert cookies['custom_autologin'].present? | |
|
|
83 | token = cookies['custom_autologin'] | |
|
|
84 | ||
|
|
85 | # Session is cleared | |
|
|
86 | reset! | |
|
|
87 | cookies['custom_autologin'] = token | |
|
|
88 | get '/my/page' | |
|
|
89 | assert_response :success | |
|
|
90 | end | |
|
|
91 | end | |
|
|
92 | ||
|
|
71 | 93 | def test_lost_password |
|
|
72 | 94 | Token.delete_all |
|
|
73 | 95 | |
General Comments 0
You need to be logged in to leave comments.
Login now