| @@ -1,84 +1,85 | |||
|
|
1 | 1 | # Redmine - project management software |
|
|
2 | 2 | # Copyright (C) 2006-2014 Jean-Philippe Lang |
|
|
3 | 3 | # |
|
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
|
7 | 7 | # of the License, or (at your option) any later version. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class Token < ActiveRecord::Base |
|
|
19 | 19 | belongs_to :user |
|
|
20 | 20 | validates_uniqueness_of :value |
|
|
21 | 21 | attr_protected :id |
|
|
22 | 22 | |
|
|
23 | 23 | before_create :delete_previous_tokens, :generate_new_token |
|
|
24 | 24 | |
|
|
25 | @@validity_time = 1.day | |
|
|
25 | cattr_accessor :validity_time | |
|
|
26 | self.validity_time = 1.day | |
|
|
26 | 27 | |
|
|
27 | 28 | def generate_new_token |
|
|
28 | 29 | self.value = Token.generate_token_value |
|
|
29 | 30 | end |
|
|
30 | 31 | |
|
|
31 | 32 | # Return true if token has expired |
|
|
32 | 33 | def expired? |
|
|
33 |
return Time.now > self.created_on + |
|
|
|
34 | return Time.now > self.created_on + self.class.validity_time | |
|
|
34 | 35 | end |
|
|
35 | 36 | |
|
|
36 | 37 | # Delete all expired tokens |
|
|
37 | 38 | def self.destroy_expired |
|
|
38 |
Token. |
|
|
|
39 | Token.where("action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - validity_time).delete_all | |
|
|
39 | 40 | end |
|
|
40 | 41 | |
|
|
41 | 42 | # Returns the active user who owns the key for the given action |
|
|
42 | 43 | def self.find_active_user(action, key, validity_days=nil) |
|
|
43 | 44 | user = find_user(action, key, validity_days) |
|
|
44 | 45 | if user && user.active? |
|
|
45 | 46 | user |
|
|
46 | 47 | end |
|
|
47 | 48 | end |
|
|
48 | 49 | |
|
|
49 | 50 | # Returns the user who owns the key for the given action |
|
|
50 | 51 | def self.find_user(action, key, validity_days=nil) |
|
|
51 | 52 | token = find_token(action, key, validity_days) |
|
|
52 | 53 | if token |
|
|
53 | 54 | token.user |
|
|
54 | 55 | end |
|
|
55 | 56 | end |
|
|
56 | 57 | |
|
|
57 | 58 | # Returns the token for action and key with an optional |
|
|
58 | 59 | # validity duration (in number of days) |
|
|
59 | 60 | def self.find_token(action, key, validity_days=nil) |
|
|
60 | 61 | action = action.to_s |
|
|
61 | 62 | key = key.to_s |
|
|
62 | 63 | return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i |
|
|
63 | 64 | |
|
|
64 | 65 | token = Token.where(:action => action, :value => key).first |
|
|
65 | 66 | if token && (token.action == action) && (token.value == key) && token.user |
|
|
66 | 67 | if validity_days.nil? || (token.created_on > validity_days.days.ago) |
|
|
67 | 68 | token |
|
|
68 | 69 | end |
|
|
69 | 70 | end |
|
|
70 | 71 | end |
|
|
71 | 72 | |
|
|
72 | 73 | def self.generate_token_value |
|
|
73 | 74 | Redmine::Utils.random_hex(20) |
|
|
74 | 75 | end |
|
|
75 | 76 | |
|
|
76 | 77 | private |
|
|
77 | 78 | |
|
|
78 | 79 | # Removes obsolete tokens (same user and action) |
|
|
79 | 80 | def delete_previous_tokens |
|
|
80 | 81 | if user |
|
|
81 | Token.delete_all(['user_id = ? AND action = ?', user.id, action]) | |
|
|
82 | Token.where(:user_id => user.id, :action => action).delete_all | |
|
|
82 | 83 | end |
|
|
83 | 84 | end |
|
|
84 | 85 | end |
General Comments 0
You need to be logged in to leave comments.
Login now