@@ -51,7 +51,7 class AccountController < ApplicationController | |||
|
51 | 51 | def lost_password |
|
52 | 52 | (redirect_to(home_url); return) unless Setting.lost_password? |
|
53 | 53 | if params[:token] |
|
54 |
@token = Token.find_ |
|
|
54 | @token = Token.find_token("recovery", params[:token].to_s) | |
|
55 | 55 | if @token.nil? || @token.expired? |
|
56 | 56 | redirect_to home_url |
|
57 | 57 | return |
@@ -140,7 +140,7 class AccountController < ApplicationController | |||
|
140 | 140 | # Token based account activation |
|
141 | 141 | def activate |
|
142 | 142 | (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present? |
|
143 |
token = Token.find_ |
|
|
143 | token = Token.find_token('register', params[:token].to_s) | |
|
144 | 144 | (redirect_to(home_url); return) unless token and !token.expired? |
|
145 | 145 | user = token.user |
|
146 | 146 | (redirect_to(home_url); return) unless user.registered? |
@@ -39,14 +39,31 class Token < ActiveRecord::Base | |||
|
39 | 39 | |
|
40 | 40 | # Returns the active user who owns the key for the given action |
|
41 | 41 | def self.find_active_user(action, key, validity_days=nil) |
|
42 | user = find_user(action, key, validity_days) | |
|
43 | if user && user.active? | |
|
44 | user | |
|
45 | end | |
|
46 | end | |
|
47 | ||
|
48 | # Returns the user who owns the key for the given action | |
|
49 | def self.find_user(action, key, validity_days=nil) | |
|
50 | token = find_token(action, key, validity_days) | |
|
51 | if token | |
|
52 | token.user | |
|
53 | end | |
|
54 | end | |
|
55 | ||
|
56 | # Returns the token for action and key with an optional | |
|
57 | # validity duration (in number of days) | |
|
58 | def self.find_token(action, key, validity_days=nil) | |
|
42 | 59 | action = action.to_s |
|
43 | 60 | key = key.to_s |
|
44 |
return nil unless action.present? && key =~ /\A[a- |
|
|
61 | return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i | |
|
45 | 62 | |
|
46 | token = find_by_action_and_value(action, key) | |
|
47 |
if token && token. |
|
|
63 | token = Token.where(:action => action, :value => key).first | |
|
64 | if token && (token.action == action) && (token.value == key) && token.user | |
|
48 | 65 | if validity_days.nil? || (token.created_on > validity_days.days.ago) |
|
49 |
token |
|
|
66 | token | |
|
50 | 67 | end |
|
51 | 68 | end |
|
52 | 69 | end |
@@ -58,4 +58,56 class TokenTest < ActiveSupport::TestCase | |||
|
58 | 58 | assert_equal 2, Token.destroy_expired |
|
59 | 59 | end |
|
60 | 60 | end |
|
61 | ||
|
62 | def test_find_active_user_should_return_user | |
|
63 | token = Token.create!(:user_id => 1, :action => 'api') | |
|
64 | assert_equal User.find(1), Token.find_active_user('api', token.value) | |
|
65 | end | |
|
66 | ||
|
67 | def test_find_active_user_should_return_nil_for_locked_user | |
|
68 | token = Token.create!(:user_id => 1, :action => 'api') | |
|
69 | User.find(1).lock! | |
|
70 | assert_nil Token.find_active_user('api', token.value) | |
|
71 | end | |
|
72 | ||
|
73 | def test_find_user_should_return_user | |
|
74 | token = Token.create!(:user_id => 1, :action => 'api') | |
|
75 | assert_equal User.find(1), Token.find_user('api', token.value) | |
|
76 | end | |
|
77 | ||
|
78 | def test_find_user_should_return_locked_user | |
|
79 | token = Token.create!(:user_id => 1, :action => 'api') | |
|
80 | User.find(1).lock! | |
|
81 | assert_equal User.find(1), Token.find_user('api', token.value) | |
|
82 | end | |
|
83 | ||
|
84 | def test_find_token_should_return_the_token | |
|
85 | token = Token.create!(:user_id => 1, :action => 'api') | |
|
86 | assert_equal token, Token.find_token('api', token.value) | |
|
87 | end | |
|
88 | ||
|
89 | def test_find_token_should_return_the_token_with_validity | |
|
90 | token = Token.create!(:user_id => 1, :action => 'api', :created_on => 1.hour.ago) | |
|
91 | assert_equal token, Token.find_token('api', token.value, 1) | |
|
92 | end | |
|
93 | ||
|
94 | def test_find_token_should_return_nil_with_wrong_action | |
|
95 | token = Token.create!(:user_id => 1, :action => 'feeds') | |
|
96 | assert_nil Token.find_token('api', token.value) | |
|
97 | end | |
|
98 | ||
|
99 | def test_find_token_should_return_nil_with_wrong_action | |
|
100 | token = Token.create!(:user_id => 1, :action => 'feeds') | |
|
101 | assert_nil Token.find_token('api', Token.generate_token_value) | |
|
102 | end | |
|
103 | ||
|
104 | def test_find_token_should_return_nil_without_user | |
|
105 | token = Token.create!(:user_id => 999, :action => 'api') | |
|
106 | assert_nil Token.find_token('api', token.value) | |
|
107 | end | |
|
108 | ||
|
109 | def test_find_token_should_return_nil_with_validity_expired | |
|
110 | token = Token.create!(:user_id => 999, :action => 'api', :created_on => 2.days.ago) | |
|
111 | assert_nil Token.find_token('api', token.value, 1) | |
|
112 | end | |
|
61 | 113 | end |
General Comments 0
You need to be logged in to leave comments.
Login now