jro_apps/redmine Commit - r11339:4413e0e52e2c

Merged r11519 and r11520 from trunk (#13335)....

Jean-Philippe Lang -

r11339:4413e0e52e2c

parent child

Context file:

r11339:4413e0e52e2c

app/controllers/account_controller.rb +1 -2

               def set_autologin_cookie(user)
                 token = Token.create(:user => user, :action => 'autologin')
-                cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
                 cookie_options = {
                   :value => token.value,
                   :expires => 1.year.from_now,
                   :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
                   :httponly => true
                 }
-                cookies[cookie_name] = cookie_options
+                cookies[autologin_cookie_name] = cookie_options
               end
               # Onthefly creation failed, display the registration form to fill/fix attributes

app/controllers/application_controller.rb +8 -4

               protect_from_forgery
               def handle_unverified_request
                 super
-                cookies.delete(:autologin)
+                cookies.delete(autologin_cookie_name)
               end
               before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
                 user
               end
+              def autologin_cookie_name
+                Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
+              end
               def try_to_autologin
-                if cookies[:autologin] && Setting.autologin?
+                if cookies[autologin_cookie_name] && Setting.autologin?
                   # auto-login feature starts a new session
-                  user = User.try_to_autologin(cookies[:autologin])
+                  user = User.try_to_autologin(cookies[autologin_cookie_name])
                   if user
                     reset_session
                     start_user_session(user)
               # Logs out current user
               def logout_user
                 if User.current.logged?
-                  cookies.delete :autologin
+                  cookies.delete(autologin_cookie_name)
                   Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
                   self.logged_user = nil
                 end

test/integration/account_test.rb +27 0

@@ -68,6 +68,33 class AccountTest < ActionController::IntegrationTest
68	assert_not_nil user.reload.last_login_on	68	assert_not_nil user.reload.last_login_on
69	end	69	end
70		70
		71	def test_autologin_should_use_autologin_cookie_name
		72	Token.delete_all
		73	Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
		74	Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
		75	Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
		76
		77	with_settings :autologin => '7' do
		78	assert_difference 'Token.count' do
		79	post '/login', :username => 'admin', :password => 'admin', :autologin => 1
		80	end
		81	assert_response 302
		82	assert cookies['custom_autologin'].present?
		83	token = cookies['custom_autologin']
		84
		85	# Session is cleared
		86	reset!
		87	cookies['custom_autologin'] = token
		88	get '/my/page'
		89	assert_response :success
		90
		91	assert_difference 'Token.count', -1 do
		92	post '/logout'
		93	end
		94	assert cookies['custom_autologin'].blank?
		95	end
		96	end
		97
71	def test_lost_password	98	def test_lost_password
72	Token.delete_all	99	Token.delete_all
73		100

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages