jro_apps/redmine Commit - r2526:4181f859623c

Fixes that user's last_login_on was not set when using registration with automatic activation....

Jean-Philippe Lang -

r2526:4181f859623c

parent child

Context file:

r2526:4181f859623c

Collapse all files

app/controllers/account_controller.rb +1 0

             # Redmine - project management software
             # Copyright (C) 2006-2008  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class AccountController < ApplicationController
               helper :custom_fields
               include CustomFieldsHelper
               # prevents login action to be filtered by check_if_login_required application scope filter
               skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
               # Show user's account
               def show
                 @user = User.active.find(params[:id])
                 @custom_values = @user.custom_values
                 # show only public projects and private projects that the logged in user is also a member of
                 @memberships = @user.memberships.select do |membership|
                   membership.project.is_public? || (User.current.member_of?(membership.project))
                 end
                 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
                 @events_by_day = events.group_by(&:event_date)
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               # Login request and validation
               def login
                 if request.get?
                   # Logout user
                   self.logged_user = nil
                 else
                   # Authenticate user
                   if Setting.openid? && using_open_id?
                     open_id_authenticate(params[:openid_url])
                   else
                     password_authentication
                   end
                 end
               end
               # Log out current user and redirect to welcome page
               def logout
                 cookies.delete :autologin
                 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
                 self.logged_user = nil
                 redirect_to home_url
               end
               # Enable user to choose a new password
               def lost_password
                 redirect_to(home_url) && return unless Setting.lost_password?
                 if params[:token]
                   @token = Token.find_by_action_and_value("recovery", params[:token])
                   redirect_to(home_url) && return unless @token and !@token.expired?
                   @user = @token.user
                   if request.post?
                     @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
                     if @user.save
                       @token.destroy
                       flash[:notice] = l(:notice_account_password_updated)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                   render :template => "account/password_recovery"
                   return
                 else
                   if request.post?
                     user = User.find_by_mail(params[:mail])
                     # user not found in db
                     flash.now[:error] = l(:notice_account_unknown_email) and return unless user
                     # user uses an external authentification
                     flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
                     # create a new token for password recovery
                     token = Token.new(:user => user, :action => "recovery")
                     if token.save
                       Mailer.deliver_lost_password(token)
                       flash[:notice] = l(:notice_account_lost_email_sent)
                       redirect_to :action => 'login'
                       return
                     end
                   end
                 end
               end
               # User self-registration
               def register
                 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
                 if request.get?
                   session[:auth_source_registration] = nil
                   @user = User.new(:language => Setting.default_language)
                 else
                   @user = User.new(params[:user])
                   @user.admin = false
                   @user.status = User::STATUS_REGISTERED
                   if session[:auth_source_registration]
                     @user.status = User::STATUS_ACTIVE
                     @user.login = session[:auth_source_registration][:login]
                     @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
                     if @user.save
                       session[:auth_source_registration] = nil
                       self.logged_user = @user
                       flash[:notice] = l(:notice_account_activated)
                       redirect_to :controller => 'my', :action => 'account'
                     end
                   else
                     @user.login = params[:user][:login]
                     @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
                     case Setting.self_registration
                     when '1'
                       register_by_email_activation(@user)
                     when '3'
                       register_automatically(@user)
                     else
                       register_manually_by_administrator(@user)
                     end
                   end
                 end
               end
               # Token based account activation
               def activate
                 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
                 token = Token.find_by_action_and_value('register', params[:token])
                 redirect_to(home_url) && return unless token and !token.expired?
                 user = token.user
                 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
                 user.status = User::STATUS_ACTIVE
                 if user.save
                   token.destroy
                   flash[:notice] = l(:notice_account_activated)
                 end
                 redirect_to :action => 'login'
               end
               private
               def password_authentication
                 user = User.try_to_login(params[:username], params[:password])
                 if user.nil?
                   # Invalid credentials
                   flash.now[:error] = l(:notice_account_invalid_creditentials)
                 elsif user.new_record?
                   # Onthefly creation failed, display the registration form to fill/fix attributes
                   @user = user
                   session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
                   render :action => 'register'
                 else
                   # Valid user
                   successful_authentication(user)
                 end
               end
               def open_id_authenticate(openid_url)
                 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
                   if result.successful?
                     user = User.find_or_initialize_by_identity_url(identity_url)
                     if user.new_record?
                       # Self-registration off
                       redirect_to(home_url) && return unless Setting.self_registration?
                       # Create on the fly
                       user.login = registration['nickname'] unless registration['nickname'].nil?
                       user.mail = registration['email'] unless registration['email'].nil?
                       user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
                       user.random_password
                       user.status = User::STATUS_REGISTERED
                       case Setting.self_registration
                       when '1'
                         register_by_email_activation(user) do
                           onthefly_creation_failed(user)
                         end
                       when '3'
                         register_automatically(user) do
                           onthefly_creation_failed(user)
                         end
                       else
                         register_manually_by_administrator(user) do
                           onthefly_creation_failed(user)
                         end
                       end
                     else
                       # Existing record
                       if user.active?
                         successful_authentication(user)
                       else
                         account_pending
                       end
                     end
                   end
                 end
               end
               def successful_authentication(user)
                 # Valid user
                 self.logged_user = user
                 # generate a key and set cookie if autologin
                 if params[:autologin] && Setting.autologin?
                   token = Token.create(:user => user, :action => 'autologin')
                   cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
                 end
                 redirect_back_or_default :controller => 'my', :action => 'page'
               end
               # Onthefly creation failed, display the registration form to fill/fix attributes
               def onthefly_creation_failed(user, auth_source_options = { })
                 @user = user
                 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
                 render :action => 'register'
               end
               # Register a user for email activation.
               #
               # Pass a block for behavior when a user fails to save
               def register_by_email_activation(user, &block)
                 token = Token.new(:user => user, :action => "register")
                 if user.save and token.save
                   Mailer.deliver_register(token)
                   flash[:notice] = l(:notice_account_register_done)
                   redirect_to :action => 'login'
                 else
                   yield if block_given?
                 end
               end
               # Automatically register a user
               #
               # Pass a block for behavior when a user fails to save
               def register_automatically(user, &block)
                 # Automatic activation
                 user.status = User::STATUS_ACTIVE
+                user.last_login_on = Time.now
                 if user.save
                   self.logged_user = user
                   flash[:notice] = l(:notice_account_activated)
                   redirect_to :controller => 'my', :action => 'account'
                 else
                   yield if block_given?
                 end
               end
               # Manual activation by the administrator
               #
               # Pass a block for behavior when a user fails to save
               def register_manually_by_administrator(user, &block)
                 if user.save
                   # Sends an email to the administrators
                   Mailer.deliver_account_activation_request(user)
                   account_pending
                 else
                   yield if block_given?
                 end
               end
               def account_pending
                 flash[:notice] = l(:notice_account_pending)
                 redirect_to :action => 'login'
               end
             end

test/integration/account_test.rb +4 -1

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "#{File.dirname(__FILE__)}/../test_helper"
             begin
               require 'mocha'
             rescue
               # Won't run some tests
             end
             class AccountTest < ActionController::IntegrationTest
               fixtures :users
               # Replace this with your real tests.
               def test_login
                 get "my/page"
                 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
                 log_user('jsmith', 'jsmith')
                 get "my/account"
                 assert_response :success
                 assert_template "my/account"
               end
               def test_autologin
                 user = User.find(1)
                 Setting.autologin = "7"
                 Token.delete_all
                 # User logs in with 'autologin' checked
                 post '/login', :username => user.login, :password => 'admin', :autologin => 1
                 assert_redirected_to 'my/page'
                 token = Token.find :first
                 assert_not_nil token
                 assert_equal user, token.user
                 assert_equal 'autologin', token.action
                 assert_equal user.id, session[:user_id]
                 assert_equal token.value, cookies['autologin']
                 # Session is cleared
                 reset!
                 User.current = nil
                 # Clears user's last login timestamp
                 user.update_attribute :last_login_on, nil
                 assert_nil user.reload.last_login_on
                 # User comes back with his autologin cookie
                 cookies[:autologin] = token.value
                 get '/my/page'
                 assert_response :success
                 assert_template 'my/page'
                 assert_equal user.id, session[:user_id]
                 assert_not_nil user.reload.last_login_on
                 assert user.last_login_on > 2.second.ago
               end
               def test_lost_password
                 Token.delete_all
                 get "account/lost_password"
                 assert_response :success
                 assert_template "account/lost_password"
                 post "account/lost_password", :mail => 'jSmith@somenet.foo'
                 assert_redirected_to "/login"
                 token = Token.find(:first)
                 assert_equal 'recovery', token.action
                 assert_equal 'jsmith@somenet.foo', token.user.mail
                 assert !token.expired?
                 get "account/lost_password", :token => token.value
                 assert_response :success
                 assert_template "account/password_recovery"
                 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
                 assert_redirected_to "/login"
                 assert_equal 'Password was successfully updated.', flash[:notice]
                 log_user('jsmith', 'newpass')
                 assert_equal 0, Token.count
               end
               def test_register_with_automatic_activation
                 Setting.self_registration = '3'
                 get 'account/register'
                 assert_response :success
                 assert_template 'account/register'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'my/account'
                 follow_redirect!
                 assert_response :success
                 assert_template 'my/account'
-                assert User.find_by_login('newuser').active?
+                user = User.find_by_login('newuser')
+                assert_not_nil user
+                assert user.active?
+                assert_not_nil user.last_login_on
               end
               def test_register_with_manual_activation
                 Setting.self_registration = '2'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to '/login'
                 assert !User.find_by_login('newuser').active?
               end
               def test_register_with_email_activation
                 Setting.self_registration = '1'
                 Token.delete_all
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to '/login'
                 assert !User.find_by_login('newuser').active?
                 token = Token.find(:first)
                 assert_equal 'register', token.action
                 assert_equal 'newuser@foo.bar', token.user.mail
                 assert !token.expired?
                 get 'account/activate', :token => token.value
                 assert_redirected_to '/login'
                 log_user('newuser', 'newpass')
               end
               if Object.const_defined?(:Mocha)
               def test_onthefly_registration
                 # disable registration
                 Setting.self_registration = '0'
                 AuthSource.expects(:authenticate).returns([:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66])
                 post 'account/login', :username => 'foo', :password => 'bar'
                 assert_redirected_to 'my/page'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               def test_onthefly_registration_with_invalid_attributes
                 # disable registration
                 Setting.self_registration = '0'
                 AuthSource.expects(:authenticate).returns([:login => 'foo', :lastname => 'Smith', :auth_source_id => 66])
                 post 'account/login', :username => 'foo', :password => 'bar'
                 assert_response :success
                 assert_template 'account/register'
                 assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
                 assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
                 assert_no_tag :input, :attributes => { :name => 'user[login]' }
                 assert_no_tag :input, :attributes => { :name => 'user[password]' }
                 post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
                 assert_redirected_to '/my/account'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               else
                 puts 'Mocha is missing. Skipping tests.'
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages