| @@ -37,11 +37,26 class Token < ActiveRecord::Base | |||
|
|
37 | 37 | Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time] |
|
|
38 | 38 | end |
|
|
39 | 39 | |
|
|
40 | private | |
|
|
40 | # Returns the active user who owns the key for the given action | |
|
|
41 | def self.find_active_user(action, key, validity_days=nil) | |
|
|
42 | action = action.to_s | |
|
|
43 | key = key.to_s | |
|
|
44 | return nil unless action.present? && key =~ /\A[a-f0-9]+\z/ | |
|
|
45 | ||
|
|
46 | token = find_by_action_and_value(action, key) | |
|
|
47 | if token && token.user && token.user.active? | |
|
|
48 | if validity_days.nil? || (token.created_on > validity_days.ago) | |
|
|
49 | token.user | |
|
|
50 | end | |
|
|
51 | end | |
|
|
52 | end | |
|
|
53 | ||
|
|
41 | 54 | def self.generate_token_value |
|
|
42 | 55 | Redmine::Utils.random_hex(20) |
|
|
43 | 56 | end |
|
|
44 | 57 | |
|
|
58 | private | |
|
|
59 | ||
|
|
45 | 60 | # Removes obsolete tokens (same user and action) |
|
|
46 | 61 | def delete_previous_tokens |
|
|
47 | 62 | if user |
| @@ -190,14 +190,10 class User < Principal | |||
|
|
190 | 190 | |
|
|
191 | 191 | # Returns the user who matches the given autologin +key+ or nil |
|
|
192 | 192 | def self.try_to_autologin(key) |
|
|
193 |
|
|
|
|
194 | # Make sure there's only 1 token that matches the key | |
|
|
195 | if tokens.size == 1 | |
|
|
196 | token = tokens.first | |
|
|
197 | if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active? | |
|
|
198 | token.user.update_column(:last_login_on, Time.now) | |
|
|
199 | token.user | |
|
|
200 | end | |
|
|
193 | user = Token.find_active_user('autologin', key, Setting.autologin.to_i) | |
|
|
194 | if user | |
|
|
195 | user.update_column(:last_login_on, Time.now) | |
|
|
196 | user | |
|
|
201 | 197 | end |
|
|
202 | 198 | end |
|
|
203 | 199 | |
| @@ -367,13 +363,11 class User < Principal | |||
|
|
367 | 363 | end |
|
|
368 | 364 | |
|
|
369 | 365 | def self.find_by_rss_key(key) |
|
|
370 |
|
|
|
|
371 | token && token.user.active? ? token.user : nil | |
|
|
366 | Token.find_active_user('feeds', key) | |
|
|
372 | 367 | end |
|
|
373 | 368 | |
|
|
374 | 369 | def self.find_by_api_key(key) |
|
|
375 |
|
|
|
|
376 | token && token.user.active? ? token.user : nil | |
|
|
370 | Token.find_active_user('api', key) | |
|
|
377 | 371 | end |
|
|
378 | 372 | |
|
|
379 | 373 | # Makes find_by_mail case-insensitive |
General Comments 0
You need to be logged in to leave comments.
Login now