| @@ -37,11 +37,26 class Token < ActiveRecord::Base | |||||
| 37 | Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time] |
|
37 | Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time] | |
| 38 | end |
|
38 | end | |
| 39 |
|
39 | |||
| 40 | private |
|
40 | # Returns the active user who owns the key for the given action | |
|
|
41 | def self.find_active_user(action, key, validity_days=nil) | |||
|
|
42 | action = action.to_s | |||
|
|
43 | key = key.to_s | |||
|
|
44 | return nil unless action.present? && key =~ /\A[a-f0-9]+\z/ | |||
|
|
45 | ||||
|
|
46 | token = find_by_action_and_value(action, key) | |||
|
|
47 | if token && token.user && token.user.active? | |||
|
|
48 | if validity_days.nil? || (token.created_on > validity_days.ago) | |||
|
|
49 | token.user | |||
|
|
50 | end | |||
|
|
51 | end | |||
|
|
52 | end | |||
|
|
53 | ||||
| 41 | def self.generate_token_value |
|
54 | def self.generate_token_value | |
| 42 | Redmine::Utils.random_hex(20) |
|
55 | Redmine::Utils.random_hex(20) | |
| 43 | end |
|
56 | end | |
| 44 |
|
57 | |||
|
|
58 | private | |||
|
|
59 | ||||
| 45 | # Removes obsolete tokens (same user and action) |
|
60 | # Removes obsolete tokens (same user and action) | |
| 46 | def delete_previous_tokens |
|
61 | def delete_previous_tokens | |
| 47 | if user |
|
62 | if user | |
| @@ -190,14 +190,10 class User < Principal | |||||
| 190 |
|
190 | |||
| 191 | # Returns the user who matches the given autologin +key+ or nil |
|
191 | # Returns the user who matches the given autologin +key+ or nil | |
| 192 | def self.try_to_autologin(key) |
|
192 | def self.try_to_autologin(key) | |
| 193 |
|
|
193 | user = Token.find_active_user('autologin', key, Setting.autologin.to_i) | |
| 194 | # Make sure there's only 1 token that matches the key |
|
194 | if user | |
| 195 | if tokens.size == 1 |
|
195 | user.update_column(:last_login_on, Time.now) | |
| 196 | token = tokens.first |
|
196 | user | |
| 197 | if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active? |
|
|||
| 198 | token.user.update_column(:last_login_on, Time.now) |
|
|||
| 199 | token.user |
|
|||
| 200 | end |
|
|||
| 201 | end |
|
197 | end | |
| 202 | end |
|
198 | end | |
| 203 |
|
199 | |||
| @@ -367,13 +363,11 class User < Principal | |||||
| 367 | end |
|
363 | end | |
| 368 |
|
364 | |||
| 369 | def self.find_by_rss_key(key) |
|
365 | def self.find_by_rss_key(key) | |
| 370 |
|
|
366 | Token.find_active_user('feeds', key) | |
| 371 | token && token.user.active? ? token.user : nil |
|
|||
| 372 | end |
|
367 | end | |
| 373 |
|
368 | |||
| 374 | def self.find_by_api_key(key) |
|
369 | def self.find_by_api_key(key) | |
| 375 |
|
|
370 | Token.find_active_user('api', key) | |
| 376 | token && token.user.active? ? token.user : nil |
|
|||
| 377 | end |
|
371 | end | |
| 378 |
|
372 | |||
| 379 | # Makes find_by_mail case-insensitive |
|
373 | # Makes find_by_mail case-insensitive | |
General Comments 0
You need to be logged in to leave comments.
Login now