##// END OF EJS Templates
jro_apps » redmine
RSS
Makes the autologin cookie configurable (#1763)....
Jean-Philippe Lang -
r4636:55acbcb560cc
parent child
Show More
Side by Side Unified
Context file:
r4636:55acbcb560cc Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,272 +1,283
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2009 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required
24 24
25 25 # Login request and validation
26 26 def login
27 27 if request.get?
28 28 logout_user
29 29 else
30 30 authenticate_user
31 31 end
32 32 end
33 33
34 34 # Log out current user and redirect to welcome page
35 35 def logout
36 36 logout_user
37 37 redirect_to home_url
38 38 end
39 39
40 40 # Enable user to choose a new password
41 41 def lost_password
42 42 redirect_to(home_url) && return unless Setting.lost_password?
43 43 if params[:token]
44 44 @token = Token.find_by_action_and_value("recovery", params[:token])
45 45 redirect_to(home_url) && return unless @token and !@token.expired?
46 46 @user = @token.user
47 47 if request.post?
48 48 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
49 49 if @user.save
50 50 @token.destroy
51 51 flash[:notice] = l(:notice_account_password_updated)
52 52 redirect_to :action => 'login'
53 53 return
54 54 end
55 55 end
56 56 render :template => "account/password_recovery"
57 57 return
58 58 else
59 59 if request.post?
60 60 user = User.find_by_mail(params[:mail])
61 61 # user not found in db
62 62 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
63 63 # user uses an external authentification
64 64 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
65 65 # create a new token for password recovery
66 66 token = Token.new(:user => user, :action => "recovery")
67 67 if token.save
68 68 Mailer.deliver_lost_password(token)
69 69 flash[:notice] = l(:notice_account_lost_email_sent)
70 70 redirect_to :action => 'login'
71 71 return
72 72 end
73 73 end
74 74 end
75 75 end
76 76
77 77 # User self-registration
78 78 def register
79 79 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
80 80 if request.get?
81 81 session[:auth_source_registration] = nil
82 82 @user = User.new(:language => Setting.default_language)
83 83 else
84 84 @user = User.new(params[:user])
85 85 @user.admin = false
86 86 @user.register
87 87 if session[:auth_source_registration]
88 88 @user.activate
89 89 @user.login = session[:auth_source_registration][:login]
90 90 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
91 91 if @user.save
92 92 session[:auth_source_registration] = nil
93 93 self.logged_user = @user
94 94 flash[:notice] = l(:notice_account_activated)
95 95 redirect_to :controller => 'my', :action => 'account'
96 96 end
97 97 else
98 98 @user.login = params[:user][:login]
99 99 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
100 100
101 101 case Setting.self_registration
102 102 when '1'
103 103 register_by_email_activation(@user)
104 104 when '3'
105 105 register_automatically(@user)
106 106 else
107 107 register_manually_by_administrator(@user)
108 108 end
109 109 end
110 110 end
111 111 end
112 112
113 113 # Token based account activation
114 114 def activate
115 115 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
116 116 token = Token.find_by_action_and_value('register', params[:token])
117 117 redirect_to(home_url) && return unless token and !token.expired?
118 118 user = token.user
119 119 redirect_to(home_url) && return unless user.registered?
120 120 user.activate
121 121 if user.save
122 122 token.destroy
123 123 flash[:notice] = l(:notice_account_activated)
124 124 end
125 125 redirect_to :action => 'login'
126 126 end
127 127
128 128 private
129 129
130 130 def logout_user
131 131 if User.current.logged?
132 132 cookies.delete :autologin
133 133 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
134 134 self.logged_user = nil
135 135 end
136 136 end
137 137
138 138 def authenticate_user
139 139 if Setting.openid? && using_open_id?
140 140 open_id_authenticate(params[:openid_url])
141 141 else
142 142 password_authentication
143 143 end
144 144 end
145 145
146 146 def password_authentication
147 147 user = User.try_to_login(params[:username], params[:password])
148 148
149 149 if user.nil?
150 150 invalid_credentials
151 151 elsif user.new_record?
152 152 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
153 153 else
154 154 # Valid user
155 155 successful_authentication(user)
156 156 end
157 157 end
158 158
159 159
160 160 def open_id_authenticate(openid_url)
161 161 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
162 162 if result.successful?
163 163 user = User.find_or_initialize_by_identity_url(identity_url)
164 164 if user.new_record?
165 165 # Self-registration off
166 166 redirect_to(home_url) && return unless Setting.self_registration?
167 167
168 168 # Create on the fly
169 169 user.login = registration['nickname'] unless registration['nickname'].nil?
170 170 user.mail = registration['email'] unless registration['email'].nil?
171 171 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
172 172 user.random_password
173 173 user.register
174 174
175 175 case Setting.self_registration
176 176 when '1'
177 177 register_by_email_activation(user) do
178 178 onthefly_creation_failed(user)
179 179 end
180 180 when '3'
181 181 register_automatically(user) do
182 182 onthefly_creation_failed(user)
183 183 end
184 184 else
185 185 register_manually_by_administrator(user) do
186 186 onthefly_creation_failed(user)
187 187 end
188 188 end
189 189 else
190 190 # Existing record
191 191 if user.active?
192 192 successful_authentication(user)
193 193 else
194 194 account_pending
195 195 end
196 196 end
197 197 end
198 198 end
199 199 end
200 200
201 201 def successful_authentication(user)
202 202 # Valid user
203 203 self.logged_user = user
204 204 # generate a key and set cookie if autologin
205 205 if params[:autologin] && Setting.autologin?
206 token = Token.create(:user => user, :action => 'autologin')
207 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
206 set_autologin_cookie(user)
208 207 end
209 208 call_hook(:controller_account_success_authentication_after, {:user => user })
210 209 redirect_back_or_default :controller => 'my', :action => 'page'
211 210 end
212 211
212 def set_autologin_cookie(user)
213 token = Token.create(:user => user, :action => 'autologin')
214 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
215 cookie_options = {
216 :value => token.value,
217 :expires => 1.year.from_now,
218 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
219 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false)
220 }
221 cookies[cookie_name] = cookie_options
222 end
223
213 224 # Onthefly creation failed, display the registration form to fill/fix attributes
214 225 def onthefly_creation_failed(user, auth_source_options = { })
215 226 @user = user
216 227 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
217 228 render :action => 'register'
218 229 end
219 230
220 231 def invalid_credentials
221 232 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
222 233 flash.now[:error] = l(:notice_account_invalid_creditentials)
223 234 end
224 235
225 236 # Register a user for email activation.
226 237 #
227 238 # Pass a block for behavior when a user fails to save
228 239 def register_by_email_activation(user, &block)
229 240 token = Token.new(:user => user, :action => "register")
230 241 if user.save and token.save
231 242 Mailer.deliver_register(token)
232 243 flash[:notice] = l(:notice_account_register_done)
233 244 redirect_to :action => 'login'
234 245 else
235 246 yield if block_given?
236 247 end
237 248 end
238 249
239 250 # Automatically register a user
240 251 #
241 252 # Pass a block for behavior when a user fails to save
242 253 def register_automatically(user, &block)
243 254 # Automatic activation
244 255 user.activate
245 256 user.last_login_on = Time.now
246 257 if user.save
247 258 self.logged_user = user
248 259 flash[:notice] = l(:notice_account_activated)
249 260 redirect_to :controller => 'my', :action => 'account'
250 261 else
251 262 yield if block_given?
252 263 end
253 264 end
254 265
255 266 # Manual activation by the administrator
256 267 #
257 268 # Pass a block for behavior when a user fails to save
258 269 def register_manually_by_administrator(user, &block)
259 270 if user.save
260 271 # Sends an email to the administrators
261 272 Mailer.deliver_account_activation_request(user)
262 273 account_pending
263 274 else
264 275 yield if block_given?
265 276 end
266 277 end
267 278
268 279 def account_pending
269 280 flash[:notice] = l(:notice_account_pending)
270 281 redirect_to :action => 'login'
271 282 end
272 283 end
Show file before | Show file after | Hide comments
@@ -1,108 +1,116
1 1 # = Redmine configuration file
2 2 #
3 3 # Each environment has it's own configuration options. If you are only
4 4 # running in production, only the production block needs to be configured.
5 5 # Environment specific configuration options override the default ones.
6 6 #
7 7 # Note that this file needs to be a valid YAML file.
8 8 #
9 9 # == Outgoing email settings (email_delivery setting)
10 10 #
11 11 # === Common configurations
12 12 #
13 13 # ==== Sendmail command
14 14 #
15 15 # production:
16 16 # email_delivery:
17 17 # delivery_method: :sendmail
18 18 #
19 19 # ==== Simple SMTP server at localhost
20 20 #
21 21 # production:
22 22 # email_delivery:
23 23 # delivery_method: :smtp
24 24 # smtp_settings:
25 25 # address: "localhost"
26 26 # port: 25
27 27 #
28 28 # ==== SMTP server at example.com using LOGIN authentication and checking HELO for foo.com
29 29 #
30 30 # production:
31 31 # email_delivery:
32 32 # delivery_method: :smtp
33 33 # smtp_settings:
34 34 # address: "example.com"
35 35 # port: 25
36 36 # authentication: :login
37 37 # domain: 'foo.com'
38 38 # user_name: 'myaccount'
39 39 # password: 'password'
40 40 #
41 41 # ==== SMTP server at example.com using PLAIN authentication
42 42 #
43 43 # production:
44 44 # email_delivery:
45 45 # delivery_method: :smtp
46 46 # smtp_settings:
47 47 # address: "example.com"
48 48 # port: 25
49 49 # authentication: :plain
50 50 # domain: 'example.com'
51 51 # user_name: 'myaccount'
52 52 # password: 'password'
53 53 #
54 54 # ==== SMTP server at using TLS (GMail)
55 55 #
56 56 # This requires some additional configuration. See the article at:
57 57 # http://redmineblog.com/articles/setup-redmine-to-send-email-using-gmail/
58 58 #
59 59 # production:
60 60 # email_delivery:
61 61 # delivery_method: :smtp
62 62 # smtp_settings:
63 63 # tls: true
64 64 # address: "smtp.gmail.com"
65 65 # port: 587
66 66 # domain: "smtp.gmail.com" # 'your.domain.com' for GoogleApps
67 67 # authentication: :plain
68 68 # user_name: "your_email@gmail.com"
69 69 # password: "your_password"
70 70 #
71 71 #
72 72 # === More configuration options
73 73 #
74 74 # See the "Configuration options" at the following website for a list of the
75 75 # full options allowed:
76 76 #
77 77 # http://wiki.rubyonrails.org/rails/pages/HowToSendEmailsWithActionMailer
78 78
79 79
80 80 # default configuration options for all environments
81 81 default:
82 82 # Outgoing emails configuration (see examples above)
83 83 email_delivery:
84 84 delivery_method: :smtp
85 85 smtp_settings:
86 86 address: smtp.example.net
87 87 port: 25
88 88 domain: example.net
89 89 authentication: :login
90 90 user_name: "redmine@example.net"
91 91 password: "redmine"
92 92
93 93 # Absolute path to the directory where attachments are stored.
94 94 # The default is the 'files' directory in your Redmine instance.
95 95 # Your Redmine instance needs to have write permission on this
96 96 # directory.
97 97 # Examples:
98 98 # attachments_storage_path: /var/redmine/files
99 99 # attachments_storage_path: D:/redmine/files
100 100 attachments_storage_path:
101 101
102 # Configuration of the autologin cookie.
103 # autologin_cookie_name: the name of the cookie (default: autologin)
104 # autologin_cookie_path: the cookie path (default: /)
105 # autologin_cookie_secure: true sets the cookie secure flag (default: false)
106 autologin_cookie_name:
107 autologin_cookie_path:
108 autologin_cookie_secure:
109
102 110 # specific configuration options for production environment
103 111 # that overrides the default ones
104 112 production:
105 113
106 114 # specific configuration options for development environment
107 115 # that overrides the default ones
108 116 development:
General Comments 0
You need to be logged in to leave comments. Login now