##// END OF EJS Templates
jro_apps » redmine
RSS
Fixes that user's last_login_on was not set when using registration with automatic activation....
Jean-Philippe Lang -
r2526:4181f859623c
parent child
Show More
Side by Side Unified
Context file:
r2526:4181f859623c Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,277 +1,278
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2008 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
24 24
25 25 # Show user's account
26 26 def show
27 27 @user = User.active.find(params[:id])
28 28 @custom_values = @user.custom_values
29 29
30 30 # show only public projects and private projects that the logged in user is also a member of
31 31 @memberships = @user.memberships.select do |membership|
32 32 membership.project.is_public? || (User.current.member_of?(membership.project))
33 33 end
34 34
35 35 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
36 36 @events_by_day = events.group_by(&:event_date)
37 37
38 38 rescue ActiveRecord::RecordNotFound
39 39 render_404
40 40 end
41 41
42 42 # Login request and validation
43 43 def login
44 44 if request.get?
45 45 # Logout user
46 46 self.logged_user = nil
47 47 else
48 48 # Authenticate user
49 49 if Setting.openid? && using_open_id?
50 50 open_id_authenticate(params[:openid_url])
51 51 else
52 52 password_authentication
53 53 end
54 54 end
55 55 end
56 56
57 57 # Log out current user and redirect to welcome page
58 58 def logout
59 59 cookies.delete :autologin
60 60 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
61 61 self.logged_user = nil
62 62 redirect_to home_url
63 63 end
64 64
65 65 # Enable user to choose a new password
66 66 def lost_password
67 67 redirect_to(home_url) && return unless Setting.lost_password?
68 68 if params[:token]
69 69 @token = Token.find_by_action_and_value("recovery", params[:token])
70 70 redirect_to(home_url) && return unless @token and !@token.expired?
71 71 @user = @token.user
72 72 if request.post?
73 73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
74 74 if @user.save
75 75 @token.destroy
76 76 flash[:notice] = l(:notice_account_password_updated)
77 77 redirect_to :action => 'login'
78 78 return
79 79 end
80 80 end
81 81 render :template => "account/password_recovery"
82 82 return
83 83 else
84 84 if request.post?
85 85 user = User.find_by_mail(params[:mail])
86 86 # user not found in db
87 87 flash.now[:error] = l(:notice_account_unknown_email) and return unless user
88 88 # user uses an external authentification
89 89 flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
90 90 # create a new token for password recovery
91 91 token = Token.new(:user => user, :action => "recovery")
92 92 if token.save
93 93 Mailer.deliver_lost_password(token)
94 94 flash[:notice] = l(:notice_account_lost_email_sent)
95 95 redirect_to :action => 'login'
96 96 return
97 97 end
98 98 end
99 99 end
100 100 end
101 101
102 102 # User self-registration
103 103 def register
104 104 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
105 105 if request.get?
106 106 session[:auth_source_registration] = nil
107 107 @user = User.new(:language => Setting.default_language)
108 108 else
109 109 @user = User.new(params[:user])
110 110 @user.admin = false
111 111 @user.status = User::STATUS_REGISTERED
112 112 if session[:auth_source_registration]
113 113 @user.status = User::STATUS_ACTIVE
114 114 @user.login = session[:auth_source_registration][:login]
115 115 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
116 116 if @user.save
117 117 session[:auth_source_registration] = nil
118 118 self.logged_user = @user
119 119 flash[:notice] = l(:notice_account_activated)
120 120 redirect_to :controller => 'my', :action => 'account'
121 121 end
122 122 else
123 123 @user.login = params[:user][:login]
124 124 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
125 125
126 126 case Setting.self_registration
127 127 when '1'
128 128 register_by_email_activation(@user)
129 129 when '3'
130 130 register_automatically(@user)
131 131 else
132 132 register_manually_by_administrator(@user)
133 133 end
134 134 end
135 135 end
136 136 end
137 137
138 138 # Token based account activation
139 139 def activate
140 140 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
141 141 token = Token.find_by_action_and_value('register', params[:token])
142 142 redirect_to(home_url) && return unless token and !token.expired?
143 143 user = token.user
144 144 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
145 145 user.status = User::STATUS_ACTIVE
146 146 if user.save
147 147 token.destroy
148 148 flash[:notice] = l(:notice_account_activated)
149 149 end
150 150 redirect_to :action => 'login'
151 151 end
152 152
153 153 private
154 154
155 155 def password_authentication
156 156 user = User.try_to_login(params[:username], params[:password])
157 157 if user.nil?
158 158 # Invalid credentials
159 159 flash.now[:error] = l(:notice_account_invalid_creditentials)
160 160 elsif user.new_record?
161 161 # Onthefly creation failed, display the registration form to fill/fix attributes
162 162 @user = user
163 163 session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
164 164 render :action => 'register'
165 165 else
166 166 # Valid user
167 167 successful_authentication(user)
168 168 end
169 169 end
170 170
171 171
172 172 def open_id_authenticate(openid_url)
173 173 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
174 174 if result.successful?
175 175 user = User.find_or_initialize_by_identity_url(identity_url)
176 176 if user.new_record?
177 177 # Self-registration off
178 178 redirect_to(home_url) && return unless Setting.self_registration?
179 179
180 180 # Create on the fly
181 181 user.login = registration['nickname'] unless registration['nickname'].nil?
182 182 user.mail = registration['email'] unless registration['email'].nil?
183 183 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
184 184 user.random_password
185 185 user.status = User::STATUS_REGISTERED
186 186
187 187 case Setting.self_registration
188 188 when '1'
189 189 register_by_email_activation(user) do
190 190 onthefly_creation_failed(user)
191 191 end
192 192 when '3'
193 193 register_automatically(user) do
194 194 onthefly_creation_failed(user)
195 195 end
196 196 else
197 197 register_manually_by_administrator(user) do
198 198 onthefly_creation_failed(user)
199 199 end
200 200 end
201 201 else
202 202 # Existing record
203 203 if user.active?
204 204 successful_authentication(user)
205 205 else
206 206 account_pending
207 207 end
208 208 end
209 209 end
210 210 end
211 211 end
212 212
213 213 def successful_authentication(user)
214 214 # Valid user
215 215 self.logged_user = user
216 216 # generate a key and set cookie if autologin
217 217 if params[:autologin] && Setting.autologin?
218 218 token = Token.create(:user => user, :action => 'autologin')
219 219 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
220 220 end
221 221 redirect_back_or_default :controller => 'my', :action => 'page'
222 222 end
223 223
224 224 # Onthefly creation failed, display the registration form to fill/fix attributes
225 225 def onthefly_creation_failed(user, auth_source_options = { })
226 226 @user = user
227 227 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
228 228 render :action => 'register'
229 229 end
230 230
231 231 # Register a user for email activation.
232 232 #
233 233 # Pass a block for behavior when a user fails to save
234 234 def register_by_email_activation(user, &block)
235 235 token = Token.new(:user => user, :action => "register")
236 236 if user.save and token.save
237 237 Mailer.deliver_register(token)
238 238 flash[:notice] = l(:notice_account_register_done)
239 239 redirect_to :action => 'login'
240 240 else
241 241 yield if block_given?
242 242 end
243 243 end
244 244
245 245 # Automatically register a user
246 246 #
247 247 # Pass a block for behavior when a user fails to save
248 248 def register_automatically(user, &block)
249 249 # Automatic activation
250 250 user.status = User::STATUS_ACTIVE
251 user.last_login_on = Time.now
251 252 if user.save
252 253 self.logged_user = user
253 254 flash[:notice] = l(:notice_account_activated)
254 255 redirect_to :controller => 'my', :action => 'account'
255 256 else
256 257 yield if block_given?
257 258 end
258 259 end
259 260
260 261 # Manual activation by the administrator
261 262 #
262 263 # Pass a block for behavior when a user fails to save
263 264 def register_manually_by_administrator(user, &block)
264 265 if user.save
265 266 # Sends an email to the administrators
266 267 Mailer.deliver_account_activation_request(user)
267 268 account_pending
268 269 else
269 270 yield if block_given?
270 271 end
271 272 end
272 273
273 274 def account_pending
274 275 flash[:notice] = l(:notice_account_pending)
275 276 redirect_to :action => 'login'
276 277 end
277 278 end
Show file before | Show file after | Hide comments
@@ -1,185 +1,188
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require "#{File.dirname(__FILE__)}/../test_helper"
19 19
20 20 begin
21 21 require 'mocha'
22 22 rescue
23 23 # Won't run some tests
24 24 end
25 25
26 26 class AccountTest < ActionController::IntegrationTest
27 27 fixtures :users
28 28
29 29 # Replace this with your real tests.
30 30 def test_login
31 31 get "my/page"
32 32 assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fmy%2Fpage"
33 33 log_user('jsmith', 'jsmith')
34 34
35 35 get "my/account"
36 36 assert_response :success
37 37 assert_template "my/account"
38 38 end
39 39
40 40 def test_autologin
41 41 user = User.find(1)
42 42 Setting.autologin = "7"
43 43 Token.delete_all
44 44
45 45 # User logs in with 'autologin' checked
46 46 post '/login', :username => user.login, :password => 'admin', :autologin => 1
47 47 assert_redirected_to 'my/page'
48 48 token = Token.find :first
49 49 assert_not_nil token
50 50 assert_equal user, token.user
51 51 assert_equal 'autologin', token.action
52 52 assert_equal user.id, session[:user_id]
53 53 assert_equal token.value, cookies['autologin']
54 54
55 55 # Session is cleared
56 56 reset!
57 57 User.current = nil
58 58 # Clears user's last login timestamp
59 59 user.update_attribute :last_login_on, nil
60 60 assert_nil user.reload.last_login_on
61 61
62 62 # User comes back with his autologin cookie
63 63 cookies[:autologin] = token.value
64 64 get '/my/page'
65 65 assert_response :success
66 66 assert_template 'my/page'
67 67 assert_equal user.id, session[:user_id]
68 68 assert_not_nil user.reload.last_login_on
69 69 assert user.last_login_on > 2.second.ago
70 70 end
71 71
72 72 def test_lost_password
73 73 Token.delete_all
74 74
75 75 get "account/lost_password"
76 76 assert_response :success
77 77 assert_template "account/lost_password"
78 78
79 79 post "account/lost_password", :mail => 'jSmith@somenet.foo'
80 80 assert_redirected_to "/login"
81 81
82 82 token = Token.find(:first)
83 83 assert_equal 'recovery', token.action
84 84 assert_equal 'jsmith@somenet.foo', token.user.mail
85 85 assert !token.expired?
86 86
87 87 get "account/lost_password", :token => token.value
88 88 assert_response :success
89 89 assert_template "account/password_recovery"
90 90
91 91 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
92 92 assert_redirected_to "/login"
93 93 assert_equal 'Password was successfully updated.', flash[:notice]
94 94
95 95 log_user('jsmith', 'newpass')
96 96 assert_equal 0, Token.count
97 97 end
98 98
99 99 def test_register_with_automatic_activation
100 100 Setting.self_registration = '3'
101 101
102 102 get 'account/register'
103 103 assert_response :success
104 104 assert_template 'account/register'
105 105
106 106 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
107 107 :password => "newpass", :password_confirmation => "newpass"
108 108 assert_redirected_to 'my/account'
109 109 follow_redirect!
110 110 assert_response :success
111 111 assert_template 'my/account'
112 112
113 assert User.find_by_login('newuser').active?
113 user = User.find_by_login('newuser')
114 assert_not_nil user
115 assert user.active?
116 assert_not_nil user.last_login_on
114 117 end
115 118
116 119 def test_register_with_manual_activation
117 120 Setting.self_registration = '2'
118 121
119 122 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
120 123 :password => "newpass", :password_confirmation => "newpass"
121 124 assert_redirected_to '/login'
122 125 assert !User.find_by_login('newuser').active?
123 126 end
124 127
125 128 def test_register_with_email_activation
126 129 Setting.self_registration = '1'
127 130 Token.delete_all
128 131
129 132 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
130 133 :password => "newpass", :password_confirmation => "newpass"
131 134 assert_redirected_to '/login'
132 135 assert !User.find_by_login('newuser').active?
133 136
134 137 token = Token.find(:first)
135 138 assert_equal 'register', token.action
136 139 assert_equal 'newuser@foo.bar', token.user.mail
137 140 assert !token.expired?
138 141
139 142 get 'account/activate', :token => token.value
140 143 assert_redirected_to '/login'
141 144 log_user('newuser', 'newpass')
142 145 end
143 146
144 147 if Object.const_defined?(:Mocha)
145 148
146 149 def test_onthefly_registration
147 150 # disable registration
148 151 Setting.self_registration = '0'
149 152 AuthSource.expects(:authenticate).returns([:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66])
150 153
151 154 post 'account/login', :username => 'foo', :password => 'bar'
152 155 assert_redirected_to 'my/page'
153 156
154 157 user = User.find_by_login('foo')
155 158 assert user.is_a?(User)
156 159 assert_equal 66, user.auth_source_id
157 160 assert user.hashed_password.blank?
158 161 end
159 162
160 163 def test_onthefly_registration_with_invalid_attributes
161 164 # disable registration
162 165 Setting.self_registration = '0'
163 166 AuthSource.expects(:authenticate).returns([:login => 'foo', :lastname => 'Smith', :auth_source_id => 66])
164 167
165 168 post 'account/login', :username => 'foo', :password => 'bar'
166 169 assert_response :success
167 170 assert_template 'account/register'
168 171 assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
169 172 assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
170 173 assert_no_tag :input, :attributes => { :name => 'user[login]' }
171 174 assert_no_tag :input, :attributes => { :name => 'user[password]' }
172 175
173 176 post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
174 177 assert_redirected_to '/my/account'
175 178
176 179 user = User.find_by_login('foo')
177 180 assert user.is_a?(User)
178 181 assert_equal 66, user.auth_source_id
179 182 assert user.hashed_password.blank?
180 183 end
181 184
182 185 else
183 186 puts 'Mocha is missing. Skipping tests.'
184 187 end
185 188 end
General Comments 0
You need to be logged in to leave comments. Login now