jro_apps/redmine Commit - r2460:21eb3c089d08

Fixed: When logging in via an autologin cookie the user's last_login_on should be updated (#2820)....

Jean-Philippe Lang -

r2460:21eb3c089d08

parent child

Context file:

r2460:21eb3c089d08

app/controllers/account_controller.rb +2 -11

                  redirect_to :action => 'login'
                end
-             private
-               def logged_user=(user)
-                 if user && user.is_a?(User)
-                   User.current = user
-                   session[:user_id] = user.id
-                 else
-                   User.current = User.anonymous
-                   session[:user_id] = nil
-                 end
-               end
+               private
                def password_authentication
                  user = User.try_to_login(params[:username], params[:password])
                  if user.nil?

app/controllers/application.rb +13 -2

                  # Check the settings cache for each request
                  Setting.check_cache
                  # Find the current user
-                 User.current = find_current_user
+                 self.logged_user = find_current_user
                end
                # Returns the current user or nil if no user is logged in
                    (User.active.find(session[:user_id]) rescue nil)
                  elsif cookies[:autologin] && Setting.autologin?
                    # auto-login feature
-                   User.find_by_autologin_key(cookies[:autologin])
+                   User.try_to_autologin(cookies[:autologin])
                  elsif params[:key] && accept_key_auth_actions.include?(params[:action])
                    # RSS key authentication
                    User.find_by_rss_key(params[:key])
                  end
                end
+               # Sets the logged in user
+               def logged_user=(user)
+                 if user && user.is_a?(User)
+                   User.current = user
+                   session[:user_id] = user.id
+                 else
+                   User.current = User.anonymous
+                   session[:user_id] = nil
+                 end
+               end
                # check if login is globally required to access the application
                def check_if_login_required
                  # no check needed if user is already logged in

app/models/user.rb +9 -5

                rescue => text
                  raise text
                end
+               # Returns the user who matches the given autologin +key+ or nil
+               def self.try_to_autologin(key)
+                 token = Token.find_by_action_and_value('autologin', key)
+                 if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
+                   token.user.update_attribute(:last_login_on, Time.now)
+                   token.user
+                 end
+               end
                # Return user's full name for display
                def name(formatter = nil)
                  token && token.user.active? ? token.user : nil
                end
-               def self.find_by_autologin_key(key)
-                 token = Token.find_by_action_and_value('autologin', key)
-                 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
-               end
                # Makes find_by_mail case-insensitive
                def self.find_by_mail(mail)
                  find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])

test/functional/account_controller_test.rb 0 -12

                  puts "Skipping openid tests."
                end
-               def test_autologin
-                 Setting.autologin = "7"
-                 Token.delete_all
-                 post :login, :username => 'admin', :password => 'admin', :autologin => 1
-                 assert_redirected_to 'my/page'
-                 token = Token.find :first
-                 assert_not_nil token
-                 assert_equal User.find_by_login('admin'), token.user
-                 assert_equal 'autologin', token.action
-               end
                def test_logout
                  @request.session[:user_id] = 2
                  get :logout

test/integration/account_test.rb +32 0

		@@ -37,6 +37,38 class AccountTest < ActionController::IntegrationTest
37	37	assert_template "my/account"
38	38	end
39	39
	40	def test_autologin
	41	user = User.find(1)
	42	Setting.autologin = "7"
	43	Token.delete_all
	44
	45	# User logs in with 'autologin' checked
	46	post '/login', :username => user.login, :password => 'admin', :autologin => 1
	47	assert_redirected_to 'my/page'
	48	token = Token.find :first
	49	assert_not_nil token
	50	assert_equal user, token.user
	51	assert_equal 'autologin', token.action
	52	assert_equal user.id, session[:user_id]
	53	assert_equal token.value, cookies['autologin']
	54
	55	# Session is cleared
	56	reset!
	57	User.current = nil
	58	# Clears user's last login timestamp
	59	user.update_attribute :last_login_on, nil
	60	assert_nil user.reload.last_login_on
	61
	62	# User comes back with his autologin cookie
	63	cookies[:autologin] = token.value
	64	get '/my/page'
	65	assert_response :success
	66	assert_template 'my/page'
	67	assert_equal user.id, session[:user_id]
	68	assert_not_nil user.reload.last_login_on
	69	assert user.last_login_on > 2.second.ago
	70	end
	71
40	72	def test_lost_password
41	73	Token.delete_all
42	74

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages