##// END OF EJS Templates
jro_apps » redmine
RSS
Code cleanup....
Jean-Philippe Lang -
r9760:193b571e67c1
parent child
Show More
Side by Side Unified
Context file:
r9760:193b571e67c1 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,285 +1,291
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required
24 24
25 25 # Login request and validation
26 26 def login
27 27 if request.get?
28 28 logout_user
29 29 else
30 30 authenticate_user
31 31 end
32 32 rescue AuthSourceException => e
33 33 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
34 34 render_error :message => e.message
35 35 end
36 36
37 37 # Log out current user and redirect to welcome page
38 38 def logout
39 39 logout_user
40 40 redirect_to home_url
41 41 end
42 42
43 43 # Lets user choose a new password
44 44 def lost_password
45 45 redirect_to(home_url) && return unless Setting.lost_password?
46 46 if params[:token]
47 47 @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
48 48 if @token.nil? || @token.expired?
49 49 redirect_to home_url
50 50 return
51 51 end
52 52 @user = @token.user
53 53 if request.post?
54 54 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
55 55 if @user.save
56 56 @token.destroy
57 57 flash[:notice] = l(:notice_account_password_updated)
58 58 redirect_to signin_path
59 59 return
60 60 end
61 61 end
62 62 render :template => "account/password_recovery"
63 63 return
64 64 else
65 65 if request.post?
66 user = User.find_by_mail(params[:mail])
67 # user not found in db
68 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
69 # user uses an external authentification
70 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
66 user = User.find_by_mail(params[:mail].to_s)
67 # user not found or not active
68 unless user && user.active?
69 flash.now[:error] = l(:notice_account_unknown_email)
70 return
71 end
72 # user cannot change its password
73 unless user.change_password_allowed?
74 flash.now[:error] = l(:notice_can_t_change_password)
75 return
76 end
71 77 # create a new token for password recovery
72 78 token = Token.new(:user => user, :action => "recovery")
73 79 if token.save
74 80 Mailer.lost_password(token).deliver
75 81 flash[:notice] = l(:notice_account_lost_email_sent)
76 82 redirect_to signin_path
77 83 return
78 84 end
79 85 end
80 86 end
81 87 end
82 88
83 89 # User self-registration
84 90 def register
85 91 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
86 92 if request.get?
87 93 session[:auth_source_registration] = nil
88 94 @user = User.new(:language => Setting.default_language)
89 95 else
90 96 user_params = params[:user] || {}
91 97 @user = User.new
92 98 @user.safe_attributes = user_params
93 99 @user.admin = false
94 100 @user.register
95 101 if session[:auth_source_registration]
96 102 @user.activate
97 103 @user.login = session[:auth_source_registration][:login]
98 104 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
99 105 if @user.save
100 106 session[:auth_source_registration] = nil
101 107 self.logged_user = @user
102 108 flash[:notice] = l(:notice_account_activated)
103 109 redirect_to :controller => 'my', :action => 'account'
104 110 end
105 111 else
106 112 @user.login = params[:user][:login]
107 113 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
108 114 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
109 115 end
110 116
111 117 case Setting.self_registration
112 118 when '1'
113 119 register_by_email_activation(@user)
114 120 when '3'
115 121 register_automatically(@user)
116 122 else
117 123 register_manually_by_administrator(@user)
118 124 end
119 125 end
120 126 end
121 127 end
122 128
123 129 # Token based account activation
124 130 def activate
125 131 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
126 132 token = Token.find_by_action_and_value('register', params[:token])
127 133 redirect_to(home_url) && return unless token and !token.expired?
128 134 user = token.user
129 135 redirect_to(home_url) && return unless user.registered?
130 136 user.activate
131 137 if user.save
132 138 token.destroy
133 139 flash[:notice] = l(:notice_account_activated)
134 140 end
135 141 redirect_to signin_path
136 142 end
137 143
138 144 private
139 145
140 146 def authenticate_user
141 147 if Setting.openid? && using_open_id?
142 148 open_id_authenticate(params[:openid_url])
143 149 else
144 150 password_authentication
145 151 end
146 152 end
147 153
148 154 def password_authentication
149 155 user = User.try_to_login(params[:username], params[:password])
150 156
151 157 if user.nil?
152 158 invalid_credentials
153 159 elsif user.new_record?
154 160 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
155 161 else
156 162 # Valid user
157 163 successful_authentication(user)
158 164 end
159 165 end
160 166
161 167 def open_id_authenticate(openid_url)
162 168 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
163 169 if result.successful?
164 170 user = User.find_or_initialize_by_identity_url(identity_url)
165 171 if user.new_record?
166 172 # Self-registration off
167 173 redirect_to(home_url) && return unless Setting.self_registration?
168 174
169 175 # Create on the fly
170 176 user.login = registration['nickname'] unless registration['nickname'].nil?
171 177 user.mail = registration['email'] unless registration['email'].nil?
172 178 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
173 179 user.random_password
174 180 user.register
175 181
176 182 case Setting.self_registration
177 183 when '1'
178 184 register_by_email_activation(user) do
179 185 onthefly_creation_failed(user)
180 186 end
181 187 when '3'
182 188 register_automatically(user) do
183 189 onthefly_creation_failed(user)
184 190 end
185 191 else
186 192 register_manually_by_administrator(user) do
187 193 onthefly_creation_failed(user)
188 194 end
189 195 end
190 196 else
191 197 # Existing record
192 198 if user.active?
193 199 successful_authentication(user)
194 200 else
195 201 account_pending
196 202 end
197 203 end
198 204 end
199 205 end
200 206 end
201 207
202 208 def successful_authentication(user)
203 209 # Valid user
204 210 self.logged_user = user
205 211 # generate a key and set cookie if autologin
206 212 if params[:autologin] && Setting.autologin?
207 213 set_autologin_cookie(user)
208 214 end
209 215 call_hook(:controller_account_success_authentication_after, {:user => user })
210 216 redirect_back_or_default :controller => 'my', :action => 'page'
211 217 end
212 218
213 219 def set_autologin_cookie(user)
214 220 token = Token.create(:user => user, :action => 'autologin')
215 221 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
216 222 cookie_options = {
217 223 :value => token.value,
218 224 :expires => 1.year.from_now,
219 225 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
220 226 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
221 227 :httponly => true
222 228 }
223 229 cookies[cookie_name] = cookie_options
224 230 end
225 231
226 232 # Onthefly creation failed, display the registration form to fill/fix attributes
227 233 def onthefly_creation_failed(user, auth_source_options = { })
228 234 @user = user
229 235 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
230 236 render register_path
231 237 end
232 238
233 239 def invalid_credentials
234 240 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
235 241 flash.now[:error] = l(:notice_account_invalid_creditentials)
236 242 end
237 243
238 244 # Register a user for email activation.
239 245 #
240 246 # Pass a block for behavior when a user fails to save
241 247 def register_by_email_activation(user, &block)
242 248 token = Token.new(:user => user, :action => "register")
243 249 if user.save and token.save
244 250 Mailer.register(token).deliver
245 251 flash[:notice] = l(:notice_account_register_done)
246 252 redirect_to signin_path
247 253 else
248 254 yield if block_given?
249 255 end
250 256 end
251 257
252 258 # Automatically register a user
253 259 #
254 260 # Pass a block for behavior when a user fails to save
255 261 def register_automatically(user, &block)
256 262 # Automatic activation
257 263 user.activate
258 264 user.last_login_on = Time.now
259 265 if user.save
260 266 self.logged_user = user
261 267 flash[:notice] = l(:notice_account_activated)
262 268 redirect_to :controller => 'my', :action => 'account'
263 269 else
264 270 yield if block_given?
265 271 end
266 272 end
267 273
268 274 # Manual activation by the administrator
269 275 #
270 276 # Pass a block for behavior when a user fails to save
271 277 def register_manually_by_administrator(user, &block)
272 278 if user.save
273 279 # Sends an email to the administrators
274 280 Mailer.account_activation_request(user).deliver
275 281 account_pending
276 282 else
277 283 yield if block_given?
278 284 end
279 285 end
280 286
281 287 def account_pending
282 288 flash[:notice] = l(:notice_account_pending)
283 289 redirect_to signin_path
284 290 end
285 291 end
Show file before | Show file after | Hide comments
@@ -1,144 +1,185
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19 require 'account_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class AccountController; def rescue_action(e) raise e end; end
23 23
24 24 class AccountControllerTest < ActionController::TestCase
25 25 fixtures :users, :roles
26 26
27 27 def setup
28 28 @controller = AccountController.new
29 29 @request = ActionController::TestRequest.new
30 30 @response = ActionController::TestResponse.new
31 31 User.current = nil
32 32 end
33 33
34 34 def test_login_should_redirect_to_back_url_param
35 35 # request.uri is "test.host" in test environment
36 36 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
37 37 assert_redirected_to '/issues/show/1'
38 38 end
39 39
40 40 def test_login_should_not_redirect_to_another_host
41 41 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
42 42 assert_redirected_to '/my/page'
43 43 end
44 44
45 45 def test_login_with_wrong_password
46 46 post :login, :username => 'admin', :password => 'bad'
47 47 assert_response :success
48 48 assert_template 'login'
49 49 assert_tag 'div',
50 50 :attributes => { :class => "flash error" },
51 51 :content => /Invalid user or password/
52 52 end
53 53
54 54 def test_login_should_rescue_auth_source_exception
55 55 source = AuthSource.create!(:name => 'Test')
56 56 User.find(2).update_attribute :auth_source_id, source.id
57 57 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
58 58
59 59 post :login, :username => 'jsmith', :password => 'jsmith'
60 60 assert_response 500
61 61 assert_error_tag :content => /Something wrong/
62 62 end
63 63
64 64 def test_login_should_reset_session
65 65 @controller.expects(:reset_session).once
66 66
67 67 post :login, :username => 'jsmith', :password => 'jsmith'
68 68 assert_response 302
69 69 end
70 70
71 71 def test_logout
72 72 @request.session[:user_id] = 2
73 73 get :logout
74 74 assert_redirected_to '/'
75 75 assert_nil @request.session[:user_id]
76 76 end
77 77
78 78 def test_logout_should_reset_session
79 79 @controller.expects(:reset_session).once
80 80
81 81 @request.session[:user_id] = 2
82 82 get :logout
83 83 assert_response 302
84 84 end
85 85
86 86 def test_get_register_with_registration_on
87 87 with_settings :self_registration => '3' do
88 88 get :register
89 89 assert_response :success
90 90 assert_template 'register'
91 91 assert_not_nil assigns(:user)
92 92
93 93 assert_tag 'input', :attributes => {:name => 'user[password]'}
94 94 assert_tag 'input', :attributes => {:name => 'user[password_confirmation]'}
95 95 end
96 96 end
97 97
98 98 def test_get_register_with_registration_off_should_redirect
99 99 with_settings :self_registration => '0' do
100 100 get :register
101 101 assert_redirected_to '/'
102 102 end
103 103 end
104 104
105 105 # See integration/account_test.rb for the full test
106 106 def test_post_register_with_registration_on
107 107 with_settings :self_registration => '3' do
108 108 assert_difference 'User.count' do
109 109 post :register, :user => {
110 110 :login => 'register',
111 111 :password => 'test',
112 112 :password_confirmation => 'test',
113 113 :firstname => 'John',
114 114 :lastname => 'Doe',
115 115 :mail => 'register@example.com'
116 116 }
117 117 assert_redirected_to '/my/account'
118 118 end
119 119 user = User.first(:order => 'id DESC')
120 120 assert_equal 'register', user.login
121 121 assert_equal 'John', user.firstname
122 122 assert_equal 'Doe', user.lastname
123 123 assert_equal 'register@example.com', user.mail
124 124 assert user.check_password?('test')
125 125 assert user.active?
126 126 end
127 127 end
128 128
129 129 def test_post_register_with_registration_off_should_redirect
130 130 with_settings :self_registration => '0' do
131 131 assert_no_difference 'User.count' do
132 132 post :register, :user => {
133 133 :login => 'register',
134 134 :password => 'test',
135 135 :password_confirmation => 'test',
136 136 :firstname => 'John',
137 137 :lastname => 'Doe',
138 138 :mail => 'register@example.com'
139 139 }
140 140 assert_redirected_to '/'
141 141 end
142 142 end
143 143 end
144
145 def test_get_lost_password_should_display_lost_password_form
146 get :lost_password
147 assert_response :success
148 assert_select 'input[name=mail]'
149 end
150
151 def test_lost_password_for_active_user_should_create_a_token
152 assert_difference 'ActionMailer::Base.deliveries.size' do
153 assert_difference 'Token.count' do
154 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
155 post :lost_password, :mail => 'JSmith@somenet.foo'
156 assert_redirected_to '/login'
157 end
158 end
159 end
160
161 token = Token.order('id DESC').first
162 assert_equal User.find(2), token.user
163 assert_equal 'recovery', token.action
164
165 assert_select_email do
166 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
167 end
168 end
169
170 def test_lost_password_for_unknown_user_should_fail
171 assert_no_difference 'Token.count' do
172 post :lost_password, :mail => 'invalid@somenet.foo'
173 assert_response :success
174 end
175 end
176
177 def test_lost_password_for_non_active_user_should_fail
178 assert User.find(2).lock!
179
180 assert_no_difference 'Token.count' do
181 post :lost_password, :mail => 'JSmith@somenet.foo'
182 assert_response :success
183 end
184 end
144 185 end
General Comments 0
You need to be logged in to leave comments. Login now