| @@ -232,7 +232,6 class AccountController < ApplicationController | |||
|
|
232 | 232 | |
|
|
233 | 233 | def set_autologin_cookie(user) |
|
|
234 | 234 | token = Token.create(:user => user, :action => 'autologin') |
|
|
235 | cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' | |
|
|
236 | 235 | cookie_options = { |
|
|
237 | 236 | :value => token.value, |
|
|
238 | 237 | :expires => 1.year.from_now, |
| @@ -240,7 +239,7 class AccountController < ApplicationController | |||
|
|
240 | 239 | :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), |
|
|
241 | 240 | :httponly => true |
|
|
242 | 241 | } |
|
|
243 | cookies[cookie_name] = cookie_options | |
|
|
242 | cookies[autologin_cookie_name] = cookie_options | |
|
|
244 | 243 | end |
|
|
245 | 244 | |
|
|
246 | 245 | # Onthefly creation failed, display the registration form to fill/fix attributes |
| @@ -35,7 +35,7 class ApplicationController < ActionController::Base | |||
|
|
35 | 35 | protect_from_forgery |
|
|
36 | 36 | def handle_unverified_request |
|
|
37 | 37 | super |
|
|
38 |
cookies.delete( |
|
|
|
38 | cookies.delete(autologin_cookie_name) | |
|
|
39 | 39 | end |
|
|
40 | 40 | |
|
|
41 | 41 | before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization |
| @@ -127,10 +127,14 class ApplicationController < ActionController::Base | |||
|
|
127 | 127 | user |
|
|
128 | 128 | end |
|
|
129 | 129 | |
|
|
130 | def autologin_cookie_name | |
|
|
131 | Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' | |
|
|
132 | end | |
|
|
133 | ||
|
|
130 | 134 | def try_to_autologin |
|
|
131 |
if cookies[ |
|
|
|
135 | if cookies[autologin_cookie_name] && Setting.autologin? | |
|
|
132 | 136 | # auto-login feature starts a new session |
|
|
133 |
user = User.try_to_autologin(cookies[ |
|
|
|
137 | user = User.try_to_autologin(cookies[autologin_cookie_name]) | |
|
|
134 | 138 | if user |
|
|
135 | 139 | reset_session |
|
|
136 | 140 | start_user_session(user) |
| @@ -153,7 +157,7 class ApplicationController < ActionController::Base | |||
|
|
153 | 157 | # Logs out current user |
|
|
154 | 158 | def logout_user |
|
|
155 | 159 | if User.current.logged? |
|
|
156 |
cookies.delete |
|
|
|
160 | cookies.delete(autologin_cookie_name) | |
|
|
157 | 161 | Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) |
|
|
158 | 162 | self.logged_user = nil |
|
|
159 | 163 | end |
| @@ -68,6 +68,33 class AccountTest < ActionController::IntegrationTest | |||
|
|
68 | 68 | assert_not_nil user.reload.last_login_on |
|
|
69 | 69 | end |
|
|
70 | 70 | |
|
|
71 | def test_autologin_should_use_autologin_cookie_name | |
|
|
72 | Token.delete_all | |
|
|
73 | Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') | |
|
|
74 | Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') | |
|
|
75 | Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) | |
|
|
76 | ||
|
|
77 | with_settings :autologin => '7' do | |
|
|
78 | assert_difference 'Token.count' do | |
|
|
79 | post '/login', :username => 'admin', :password => 'admin', :autologin => 1 | |
|
|
80 | end | |
|
|
81 | assert_response 302 | |
|
|
82 | assert cookies['custom_autologin'].present? | |
|
|
83 | token = cookies['custom_autologin'] | |
|
|
84 | ||
|
|
85 | # Session is cleared | |
|
|
86 | reset! | |
|
|
87 | cookies['custom_autologin'] = token | |
|
|
88 | get '/my/page' | |
|
|
89 | assert_response :success | |
|
|
90 | ||
|
|
91 | assert_difference 'Token.count', -1 do | |
|
|
92 | post '/logout' | |
|
|
93 | end | |
|
|
94 | assert cookies['custom_autologin'].blank? | |
|
|
95 | end | |
|
|
96 | end | |
|
|
97 | ||
|
|
71 | 98 | def test_lost_password |
|
|
72 | 99 | Token.delete_all |
|
|
73 | 100 | |
General Comments 0
You need to be logged in to leave comments.
Login now