##// END OF EJS Templates
jro_apps » redmine
RSS
Adds token finder methods....
Jean-Philippe Lang -
r11144:812da860b376
parent child
Show More
Side by Side Unified
Context file:
r11144:812da860b376 Loading diff...:
Show file before | Show file after | Hide comments
@@ -51,7 +51,7 class AccountController < ApplicationController
51 def lost_password
51 def lost_password
52 (redirect_to(home_url); return) unless Setting.lost_password?
52 (redirect_to(home_url); return) unless Setting.lost_password?
53 if params[:token]
53 if params[:token]
54 @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
54 @token = Token.find_token("recovery", params[:token].to_s)
55 if @token.nil? || @token.expired?
55 if @token.nil? || @token.expired?
56 redirect_to home_url
56 redirect_to home_url
57 return
57 return
@@ -140,7 +140,7 class AccountController < ApplicationController
140 # Token based account activation
140 # Token based account activation
141 def activate
141 def activate
142 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
142 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
143 token = Token.find_by_action_and_value('register', params[:token].to_s)
143 token = Token.find_token('register', params[:token].to_s)
144 (redirect_to(home_url); return) unless token and !token.expired?
144 (redirect_to(home_url); return) unless token and !token.expired?
145 user = token.user
145 user = token.user
146 (redirect_to(home_url); return) unless user.registered?
146 (redirect_to(home_url); return) unless user.registered?
Show file before | Show file after | Hide comments
@@ -39,14 +39,31 class Token < ActiveRecord::Base
39
39
40 # Returns the active user who owns the key for the given action
40 # Returns the active user who owns the key for the given action
41 def self.find_active_user(action, key, validity_days=nil)
41 def self.find_active_user(action, key, validity_days=nil)
42 user = find_user(action, key, validity_days)
43 if user && user.active?
44 user
45 end
46 end
47
48 # Returns the user who owns the key for the given action
49 def self.find_user(action, key, validity_days=nil)
50 token = find_token(action, key, validity_days)
51 if token
52 token.user
53 end
54 end
55
56 # Returns the token for action and key with an optional
57 # validity duration (in number of days)
58 def self.find_token(action, key, validity_days=nil)
42 action = action.to_s
59 action = action.to_s
43 key = key.to_s
60 key = key.to_s
44 return nil unless action.present? && key =~ /\A[a-f0-9]+\z/
61 return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i
45
62
46 token = find_by_action_and_value(action, key)
63 token = Token.where(:action => action, :value => key).first
47 if token && token.user && token.user.active?
64 if token && (token.action == action) && (token.value == key) && token.user
48 if validity_days.nil? || (token.created_on > validity_days.days.ago)
65 if validity_days.nil? || (token.created_on > validity_days.days.ago)
49 token.user
66 token
50 end
67 end
51 end
68 end
52 end
69 end
Show file before | Show file after | Hide comments
@@ -58,4 +58,56 class TokenTest < ActiveSupport::TestCase
58 assert_equal 2, Token.destroy_expired
58 assert_equal 2, Token.destroy_expired
59 end
59 end
60 end
60 end
61
62 def test_find_active_user_should_return_user
63 token = Token.create!(:user_id => 1, :action => 'api')
64 assert_equal User.find(1), Token.find_active_user('api', token.value)
65 end
66
67 def test_find_active_user_should_return_nil_for_locked_user
68 token = Token.create!(:user_id => 1, :action => 'api')
69 User.find(1).lock!
70 assert_nil Token.find_active_user('api', token.value)
71 end
72
73 def test_find_user_should_return_user
74 token = Token.create!(:user_id => 1, :action => 'api')
75 assert_equal User.find(1), Token.find_user('api', token.value)
76 end
77
78 def test_find_user_should_return_locked_user
79 token = Token.create!(:user_id => 1, :action => 'api')
80 User.find(1).lock!
81 assert_equal User.find(1), Token.find_user('api', token.value)
82 end
83
84 def test_find_token_should_return_the_token
85 token = Token.create!(:user_id => 1, :action => 'api')
86 assert_equal token, Token.find_token('api', token.value)
87 end
88
89 def test_find_token_should_return_the_token_with_validity
90 token = Token.create!(:user_id => 1, :action => 'api', :created_on => 1.hour.ago)
91 assert_equal token, Token.find_token('api', token.value, 1)
92 end
93
94 def test_find_token_should_return_nil_with_wrong_action
95 token = Token.create!(:user_id => 1, :action => 'feeds')
96 assert_nil Token.find_token('api', token.value)
97 end
98
99 def test_find_token_should_return_nil_with_wrong_action
100 token = Token.create!(:user_id => 1, :action => 'feeds')
101 assert_nil Token.find_token('api', Token.generate_token_value)
102 end
103
104 def test_find_token_should_return_nil_without_user
105 token = Token.create!(:user_id => 999, :action => 'api')
106 assert_nil Token.find_token('api', token.value)
107 end
108
109 def test_find_token_should_return_nil_with_validity_expired
110 token = Token.create!(:user_id => 999, :action => 'api', :created_on => 2.days.ago)
111 assert_nil Token.find_token('api', token.value, 1)
112 end
61 end
113 end
General Comments 0
You need to be logged in to leave comments. Login now