jro_apps/redmine Commit - r2120:72d0843c1fef

Makes User.find_by_mail case-insensitive (password reminder #2322, repo users mapping)....

Jean-Philippe Lang -

r2120:72d0843c1fef

parent child

Context file:

r2120:72d0843c1fef

Collapse all files

app/models/user.rb +5 0

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < ActiveRecord::Base
               # Account statuses
               STATUS_ANONYMOUS  = 0
               STATUS_ACTIVE     = 1
               STATUS_REGISTERED = 2
               STATUS_LOCKED     = 3
               USER_FORMATS = {
                 :firstname_lastname => '#{firstname} #{lastname}',
                 :firstname => '#{firstname}',
                 :lastname_firstname => '#{lastname} #{firstname}',
                 :lastname_coma_firstname => '#{lastname}, #{firstname}',
                 :username => '#{login}'
               }
               has_many :memberships, :class_name => 'Member', :include => [ :project, :role ], :conditions => "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}", :order => "#{Project.table_name}.name"
               has_many :members, :dependent => :delete_all
               has_many :projects, :through => :memberships
               has_many :issue_categories, :foreign_key => 'assigned_to_id', :dependent => :nullify
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
               belongs_to :auth_source
               # Active non-anonymous users scope
               named_scope :active, :conditions => "#{User.table_name}.status = #{STATUS_ACTIVE}"
               acts_as_customizable
               attr_accessor :password, :password_confirmation
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| !user.login.blank? }
               validates_uniqueness_of :mail, :if => Proc.new { |user| !user.mail.blank? }
               # Login must contain lettres, numbers, underscores only
               validates_format_of :login, :with => /^[a-z0-9_\-@\.]*$/i
               validates_length_of :login, :maximum => 30
               validates_format_of :firstname, :lastname, :with => /^[\w\s\'\-\.]*$/i
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :allow_nil => true
               validates_length_of :mail, :maximum => 60, :allow_nil => true
               validates_length_of :password, :minimum => 4, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               def before_create
                 self.mail_notification = false
                 true
               end
               def before_save
                 # update hashed_password if password was set
                 self.hashed_password = User.hash_password(self.password) if self.password
               end
               def reload(*args)
                 @name = nil
                 super
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password)
                 # Make sure no one can sign in with an empty password
                 return nil if password.to_s.empty?
                 user = find(:first, :conditions => ["login=?", login])
                 if user
                   # user is already in local database
                   return nil if !user.active?
                   if user.auth_source
                     # user has an external authentication method
                     return nil unless user.auth_source.authenticate(login, password)
                   else
                     # authentication with local password
                     return nil unless User.hash_password(password) == user.hashed_password
                   end
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     user = new(*attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
                       logger.info("User '#{user.login}' created from the LDAP") if logger
                     end
                   end
                 end
                 user.update_attribute(:last_login_on, Time.now) if user && !user.new_record?
                 user
               rescue => text
                 raise text
               end
               # Return user's full name for display
               def name(formatter = nil)
                 if formatter
                   eval('"' + (USER_FORMATS[formatter] || USER_FORMATS[:firstname_lastname]) + '"')
                 else
                   @name ||= eval('"' + (USER_FORMATS[Setting.user_format] || USER_FORMATS[:firstname_lastname]) + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def check_password?(clear_password)
                 User.hash_password(clear_password) == self.hashed_password
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : TimeZone[self.pref.time_zone])
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 token = self.rss_token || Token.create(:user => self, :action => 'feeds')
                 token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 Member.update_all("mail_notification = #{connection.quoted_false}", ['user_id = ?', id])
                 Member.update_all("mail_notification = #{connection.quoted_true}", ['user_id = ? AND project_id IN (?)', id, ids]) if ids && !ids.empty?
                 @notified_projects_ids = nil
                 notified_projects_ids
               end
               def self.find_by_rss_key(key)
                 token = Token.find_by_value(key)
                 token && token.user.active? ? token.user : nil
               end
               def self.find_by_autologin_key(key)
                 token = Token.find_by_action_and_value('autologin', key)
                 token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
               end
+              # Makes find_by_mail case-insensitive
+              def self.find_by_mail(mail)
+                find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
+              end
               # Sort users by their display names
               def <=>(user)
                 self.to_s.downcase <=> user.to_s.downcase
               end
               def to_s
                 name
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Return user's role for project
               def role_for_project(project)
                 # No role on archived projects
                 return nil unless project && project.active?
                 if logged?
                   # Find project membership
                   membership = memberships.detect {|m| m.project_id == project.id}
                   if membership
                     membership.role
                   else
                     @role_non_member ||= Role.non_member
                   end
                 else
                   @role_anonymous ||= Role.anonymous
                 end
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 role_for_project(project).member?
               end
               # Return true if the user is allowed to do the specified action on project
               # action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               def allowed_to?(action, project, options={})
                 if project
                   # No action allowed on archived projects
                   return false unless project.active?
                   # No action allowed on disabled modules
                   return false unless project.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   role = role_for_project(project)
                   return false unless role
                   role.allowed_to?(action) && (project.is_public? || role.member?)
                 elsif options[:global]
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.role}.uniq
                   roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
                 else
                   false
                 end
               end
               def self.current=(user)
                 @current_user = user
               end
               def self.current
                 @current_user ||= User.anonymous
               end
               def self.anonymous
                 anonymous_user = AnonymousUser.find(:first)
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
             private
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
             end
             class AnonymousUser < User
               def validate_on_create
                 # There should be only one AnonymousUser in the database
                 errors.add_to_base 'An anonymous user already exists.' if AnonymousUser.find(:first)
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name; 'Anonymous' end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
             end

test/integration/account_test.rb +1 -1

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "#{File.dirname(__FILE__)}/../test_helper"
             begin
               require 'mocha'
             rescue
               # Won't run some tests
             end
             class AccountTest < ActionController::IntegrationTest
               fixtures :users
               # Replace this with your real tests.
               def test_login
                 get "my/page"
                 assert_redirected_to "account/login"
                 log_user('jsmith', 'jsmith')
                 get "my/account"
                 assert_response :success
                 assert_template "my/account"
               end
               def test_lost_password
                 Token.delete_all
                 get "account/lost_password"
                 assert_response :success
                 assert_template "account/lost_password"
-                post "account/lost_password", :mail => 'jsmith@somenet.foo'
+                post "account/lost_password", :mail => 'jSmith@somenet.foo'
                 assert_redirected_to "account/login"
                 token = Token.find(:first)
                 assert_equal 'recovery', token.action
                 assert_equal 'jsmith@somenet.foo', token.user.mail
                 assert !token.expired?
                 get "account/lost_password", :token => token.value
                 assert_response :success
                 assert_template "account/password_recovery"
                 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
                 assert_redirected_to "account/login"
                 assert_equal 'Password was successfully updated.', flash[:notice]
                 log_user('jsmith', 'newpass')
                 assert_equal 0, Token.count
               end
               def test_register_with_automatic_activation
                 Setting.self_registration = '3'
                 get 'account/register'
                 assert_response :success
                 assert_template 'account/register'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'my/account'
                 follow_redirect!
                 assert_response :success
                 assert_template 'my/account'
                 assert User.find_by_login('newuser').active?
               end
               def test_register_with_manual_activation
                 Setting.self_registration = '2'
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'account/login'
                 assert !User.find_by_login('newuser').active?
               end
               def test_register_with_email_activation
                 Setting.self_registration = '1'
                 Token.delete_all
                 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
                                          :password => "newpass", :password_confirmation => "newpass"
                 assert_redirected_to 'account/login'
                 assert !User.find_by_login('newuser').active?
                 token = Token.find(:first)
                 assert_equal 'register', token.action
                 assert_equal 'newuser@foo.bar', token.user.mail
                 assert !token.expired?
                 get 'account/activate', :token => token.value
                 assert_redirected_to 'account/login'
                 log_user('newuser', 'newpass')
               end
               if Object.const_defined?(:Mocha)
               def test_onthefly_registration
                 # disable registration
                 Setting.self_registration = '0'
                 AuthSource.expects(:authenticate).returns([:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66])
                 post 'account/login', :username => 'foo', :password => 'bar'
                 assert_redirected_to 'my/page'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               def test_onthefly_registration_with_invalid_attributes
                 # disable registration
                 Setting.self_registration = '0'
                 AuthSource.expects(:authenticate).returns([:login => 'foo', :lastname => 'Smith', :auth_source_id => 66])
                 post 'account/login', :username => 'foo', :password => 'bar'
                 assert_response :success
                 assert_template 'account/register'
                 assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
                 assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
                 assert_no_tag :input, :attributes => { :name => 'user[login]' }
                 assert_no_tag :input, :attributes => { :name => 'user[password]' }
                 post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
                 assert_redirected_to 'my/account'
                 user = User.find_by_login('foo')
                 assert user.is_a?(User)
                 assert_equal 66, user.auth_source_id
                 assert user.hashed_password.blank?
               end
               else
                 puts 'Mocha is missing. Skipping tests.'
               end
             end

test/unit/user_test.rb +6 0

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             class UserTest < Test::Unit::TestCase
               fixtures :users, :members, :projects
               def setup
                 @admin = User.find(1)
                 @jsmith = User.find(2)
                 @dlopper = User.find(3)
               end
               def test_truth
                 assert_kind_of User, @jsmith
               end
               def test_create
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "jsmith"
                 user.password, user.password_confirmation = "password", "password"
                 # login uniqueness
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.login = "newuser"
                 user.password, user.password_confirmation = "passwd", "password"
                 # password confirmation
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.password, user.password_confirmation = "password", "password"
                 assert user.save
               end
               def test_update
                 assert_equal "admin", @admin.login
                 @admin.login = "john"
                 assert @admin.save, @admin.errors.full_messages.join("; ")
                 @admin.reload
                 assert_equal "john", @admin.login
               end
               def test_destroy
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert Member.find_all_by_user_id(2).empty?
               end
               def test_validate
                 @admin.login = ""
                 assert !@admin.save
                 assert_equal 1, @admin.errors.count
               end
               def test_password
                 user = User.try_to_login("admin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 user.password = "hello"
                 assert user.save
                 user = User.try_to_login("admin", "hello")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 assert_equal User.hash_password("hello"), user.hashed_password
               end
               def test_name_format
                 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
                 Setting.user_format = :firstname_lastname
                 assert_equal 'John Smith', @jsmith.reload.name
                 Setting.user_format = :username
                 assert_equal 'jsmith', @jsmith.reload.name
               end
               def test_lock
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal @jsmith, user
                 @jsmith.status = User::STATUS_LOCKED
                 assert @jsmith.save
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal nil, user
               end
               def test_create_anonymous
                 AnonymousUser.delete_all
                 anon = User.anonymous
                 assert !anon.new_record?
                 assert_kind_of AnonymousUser, anon
               end
               def test_rss_key
                 assert_nil @jsmith.rss_token
                 key = @jsmith.rss_key
                 assert_equal 40, key.length
                 @jsmith.reload
                 assert_equal key, @jsmith.rss_key
               end
               def test_role_for_project
                 # user with a role
                 role = @jsmith.role_for_project(Project.find(1))
                 assert_kind_of Role, role
                 assert_equal "Manager", role.name
                 # user with no role
                 assert !@dlopper.role_for_project(Project.find(2)).member?
               end
               def test_mail_notification_all
                 @jsmith.mail_notification = true
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_selected
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = [1]
                 @jsmith.save
                 @jsmith.reload
                 assert Project.find(1).recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_none
                 @jsmith.mail_notification = false
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_comments_sorting_preference
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'asc'
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'desc'
                 assert @jsmith.wants_comments_in_reverse_order?
               end
+              def test_find_by_mail_should_be_case_insensitive
+                u = User.find_by_mail('JSmith@somenet.foo')
+                assert_not_nil u
+                assert_equal 'jsmith@somenet.foo', u.mail
+              end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages