##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed: When logging in via an autologin cookie the user's last_login_on should be updated (#2820)....
Jean-Philippe Lang -
r2460:21eb3c089d08
parent child
Show More
Side by Side Unified
Context file:
r2460:21eb3c089d08 Loading diff...:
Show file before | Show file after | Hide comments
@@ -151,15 +151,6 class AccountController < ApplicationController
151 end
151 end
152
152
153 private
153 private
154 def logged_user=(user)
155 if user && user.is_a?(User)
156 User.current = user
157 session[:user_id] = user.id
158 else
159 User.current = User.anonymous
160 session[:user_id] = nil
161 end
162 end
163
154
164 def password_authentication
155 def password_authentication
165 user = User.try_to_login(params[:username], params[:password])
156 user = User.try_to_login(params[:username], params[:password])
Show file before | Show file after | Hide comments
@@ -46,7 +46,7 class ApplicationController < ActionController::Base
46 # Check the settings cache for each request
46 # Check the settings cache for each request
47 Setting.check_cache
47 Setting.check_cache
48 # Find the current user
48 # Find the current user
49 User.current = find_current_user
49 self.logged_user = find_current_user
50 end
50 end
51
51
52 # Returns the current user or nil if no user is logged in
52 # Returns the current user or nil if no user is logged in
@@ -56,13 +56,24 class ApplicationController < ActionController::Base
56 (User.active.find(session[:user_id]) rescue nil)
56 (User.active.find(session[:user_id]) rescue nil)
57 elsif cookies[:autologin] && Setting.autologin?
57 elsif cookies[:autologin] && Setting.autologin?
58 # auto-login feature
58 # auto-login feature
59 User.find_by_autologin_key(cookies[:autologin])
59 User.try_to_autologin(cookies[:autologin])
60 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
60 elsif params[:key] && accept_key_auth_actions.include?(params[:action])
61 # RSS key authentication
61 # RSS key authentication
62 User.find_by_rss_key(params[:key])
62 User.find_by_rss_key(params[:key])
63 end
63 end
64 end
64 end
65
65
66 # Sets the logged in user
67 def logged_user=(user)
68 if user && user.is_a?(User)
69 User.current = user
70 session[:user_id] = user.id
71 else
72 User.current = User.anonymous
73 session[:user_id] = nil
74 end
75 end
76
66 # check if login is globally required to access the application
77 # check if login is globally required to access the application
67 def check_if_login_required
78 def check_if_login_required
68 # no check needed if user is already logged in
79 # no check needed if user is already logged in
Show file before | Show file after | Hide comments
@@ -127,6 +127,15 class User < ActiveRecord::Base
127 raise text
127 raise text
128 end
128 end
129
129
130 # Returns the user who matches the given autologin +key+ or nil
131 def self.try_to_autologin(key)
132 token = Token.find_by_action_and_value('autologin', key)
133 if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
134 token.user.update_attribute(:last_login_on, Time.now)
135 token.user
136 end
137 end
138
130 # Return user's full name for display
139 # Return user's full name for display
131 def name(formatter = nil)
140 def name(formatter = nil)
132 if formatter
141 if formatter
@@ -199,11 +208,6 class User < ActiveRecord::Base
199 token && token.user.active? ? token.user : nil
208 token && token.user.active? ? token.user : nil
200 end
209 end
201
210
202 def self.find_by_autologin_key(key)
203 token = Token.find_by_action_and_value('autologin', key)
204 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
205 end
206
207 # Makes find_by_mail case-insensitive
211 # Makes find_by_mail case-insensitive
208 def self.find_by_mail(mail)
212 def self.find_by_mail(mail)
209 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
213 find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
Show file before | Show file after | Hide comments
@@ -160,18 +160,6 class AccountControllerTest < Test::Unit::TestCase
160 puts "Skipping openid tests."
160 puts "Skipping openid tests."
161 end
161 end
162
162
163
164 def test_autologin
165 Setting.autologin = "7"
166 Token.delete_all
167 post :login, :username => 'admin', :password => 'admin', :autologin => 1
168 assert_redirected_to 'my/page'
169 token = Token.find :first
170 assert_not_nil token
171 assert_equal User.find_by_login('admin'), token.user
172 assert_equal 'autologin', token.action
173 end
174
175 def test_logout
163 def test_logout
176 @request.session[:user_id] = 2
164 @request.session[:user_id] = 2
177 get :logout
165 get :logout
Show file before | Show file after | Hide comments
@@ -37,6 +37,38 class AccountTest < ActionController::IntegrationTest
37 assert_template "my/account"
37 assert_template "my/account"
38 end
38 end
39
39
40 def test_autologin
41 user = User.find(1)
42 Setting.autologin = "7"
43 Token.delete_all
44
45 # User logs in with 'autologin' checked
46 post '/login', :username => user.login, :password => 'admin', :autologin => 1
47 assert_redirected_to 'my/page'
48 token = Token.find :first
49 assert_not_nil token
50 assert_equal user, token.user
51 assert_equal 'autologin', token.action
52 assert_equal user.id, session[:user_id]
53 assert_equal token.value, cookies['autologin']
54
55 # Session is cleared
56 reset!
57 User.current = nil
58 # Clears user's last login timestamp
59 user.update_attribute :last_login_on, nil
60 assert_nil user.reload.last_login_on
61
62 # User comes back with his autologin cookie
63 cookies[:autologin] = token.value
64 get '/my/page'
65 assert_response :success
66 assert_template 'my/page'
67 assert_equal user.id, session[:user_id]
68 assert_not_nil user.reload.last_login_on
69 assert user.last_login_on > 2.second.ago
70 end
71
40 def test_lost_password
72 def test_lost_password
41 Token.delete_all
73 Token.delete_all
42
74
General Comments 0
You need to be logged in to leave comments. Login now