| @@ -58,12 +58,20 class AccountController < ApplicationController | |||||
| 58 | # Lets user choose a new password |
|
58 | # Lets user choose a new password | |
| 59 | def lost_password |
|
59 | def lost_password | |
| 60 | (redirect_to(home_url); return) unless Setting.lost_password? |
|
60 | (redirect_to(home_url); return) unless Setting.lost_password? | |
| 61 | if params[:token] |
|
61 | if prt = (params[:token] || session[:password_recovery_token]) | |
| 62 |
@token = Token.find_token("recovery", p |
|
62 | @token = Token.find_token("recovery", prt.to_s) | |
| 63 | if @token.nil? || @token.expired? |
|
63 | if @token.nil? || @token.expired? | |
| 64 | redirect_to home_url |
|
64 | redirect_to home_url | |
| 65 | return |
|
65 | return | |
| 66 | end |
|
66 | end | |
|
|
67 | ||||
|
|
68 | # redirect to remove the token query parameter from the URL and add it to the session | |||
|
|
69 | if request.query_parameters[:token].present? | |||
|
|
70 | session[:password_recovery_token] = @token.value | |||
|
|
71 | redirect_to lost_password_url | |||
|
|
72 | return | |||
|
|
73 | end | |||
|
|
74 | ||||
| 67 | @user = @token.user |
|
75 | @user = @token.user | |
| 68 | unless @user && @user.active? |
|
76 | unless @user && @user.active? | |
| 69 | redirect_to home_url |
|
77 | redirect_to home_url | |
| @@ -355,11 +355,22 class AccountControllerTest < ActionController::TestCase | |||||
| 355 | end |
|
355 | end | |
| 356 | end |
|
356 | end | |
| 357 |
|
357 | |||
| 358 |
def test_get_lost_password_with_token_should_ |
|
358 | def test_get_lost_password_with_token_should_redirect_with_token_in_session | |
| 359 | user = User.find(2) |
|
359 | user = User.find(2) | |
| 360 | token = Token.create!(:action => 'recovery', :user => user) |
|
360 | token = Token.create!(:action => 'recovery', :user => user) | |
| 361 |
|
361 | |||
| 362 | get :lost_password, :token => token.value |
|
362 | get :lost_password, :token => token.value | |
|
|
363 | assert_redirected_to '/account/lost_password' | |||
|
|
364 | ||||
|
|
365 | assert_equal token.value, request.session[:password_recovery_token] | |||
|
|
366 | end | |||
|
|
367 | ||||
|
|
368 | def test_get_lost_password_with_token_in_session_should_display_the_password_recovery_form | |||
|
|
369 | user = User.find(2) | |||
|
|
370 | token = Token.create!(:action => 'recovery', :user => user) | |||
|
|
371 | request.session[:password_recovery_token] = token.value | |||
|
|
372 | ||||
|
|
373 | get :lost_password | |||
| 363 | assert_response :success |
|
374 | assert_response :success | |
| 364 | assert_template 'password_recovery' |
|
375 | assert_template 'password_recovery' | |
| 365 |
|
376 | |||
| @@ -118,6 +118,9 class AccountTest < Redmine::IntegrationTest | |||||
| 118 | assert !token.expired? |
|
118 | assert !token.expired? | |
| 119 |
|
119 | |||
| 120 | get "/account/lost_password", :token => token.value |
|
120 | get "/account/lost_password", :token => token.value | |
|
|
121 | assert_redirected_to '/account/lost_password' | |||
|
|
122 | ||||
|
|
123 | follow_redirect! | |||
| 121 | assert_response :success |
|
124 | assert_response :success | |
| 122 | assert_template "account/password_recovery" |
|
125 | assert_template "account/password_recovery" | |
| 123 | assert_select 'input[type=hidden][name=token][value=?]', token.value |
|
126 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |
General Comments 0
You need to be logged in to leave comments.
Login now