| @@ -0,0 +1,14 | |||||
|
|
1 | <p><%= l(:mail_body_settings_updated) %></p> | |||
|
|
2 | ||||
|
|
3 | <ul> | |||
|
|
4 | <% @changes.each do |name| %> | |||
|
|
5 | <li><%= l("setting_#{name}") %></li> | |||
|
|
6 | <% end %> | |||
|
|
7 | </ul> | |||
|
|
8 | ||||
|
|
9 | <%= link_to @url, @url %> | |||
|
|
10 | ||||
|
|
11 | <p><%= l(:field_user) %>: <strong><%= User.current.login %></strong><br/> | |||
|
|
12 | <%= l(:field_remote_ip) %>: <strong><%= User.current.remote_ip %></strong><br/> | |||
|
|
13 | <%= l(:label_date) %>: <strong><%= format_time Time.now, true %></strong></p> | |||
|
|
14 | ||||
| @@ -0,0 +1,12 | |||||
|
|
1 | <%= l(:mail_body_settings_updated) %> | |||
|
|
2 | ||||
|
|
3 | <% @changes.each do |name| %> | |||
|
|
4 | * <%= l("setting_#{name}") %> | |||
|
|
5 | <% end %> | |||
|
|
6 | ||||
|
|
7 | <%= @url %> | |||
|
|
8 | ||||
|
|
9 | <%= l(:field_user) %>: <%= User.current.login %> | |||
|
|
10 | <%= l(:field_remote_ip) %>: <%= User.current.remote_ip %> | |||
|
|
11 | <%= l(:label_date) %>: <%= format_time Time.now, true %> | |||
|
|
12 | ||||
| @@ -33,10 +33,7 class SettingsController < ApplicationController | |||||
| 33 | def edit |
|
33 | def edit | |
| 34 | @notifiables = Redmine::Notifiable.all |
|
34 | @notifiables = Redmine::Notifiable.all | |
| 35 | if request.post? && params[:settings] && params[:settings].is_a?(Hash) |
|
35 | if request.post? && params[:settings] && params[:settings].is_a?(Hash) | |
| 36 | settings = (params[:settings] || {}).dup.symbolize_keys |
|
36 | Setting.set_all_from_params(params[:settings]) | |
| 37 | settings.each do |name, value| |
|
|||
| 38 | Setting.set_from_params name, value |
|
|||
| 39 | end |
|
|||
| 40 | flash[:notice] = l(:notice_successful_update) |
|
37 | flash[:notice] = l(:notice_successful_update) | |
| 41 | redirect_to settings_path(:tab => params[:tab]) |
|
38 | redirect_to settings_path(:tab => params[:tab]) | |
| 42 | else |
|
39 | else | |
| @@ -332,6 +332,22 class Mailer < ActionMailer::Base | |||||
| 332 | :subject => l(:mail_subject_security_notification) |
|
332 | :subject => l(:mail_subject_security_notification) | |
| 333 | end |
|
333 | end | |
| 334 |
|
334 | |||
|
|
335 | def settings_updated(recipients, changes) | |||
|
|
336 | redmine_headers 'Sender' => User.current.login | |||
|
|
337 | @changes = changes | |||
|
|
338 | @url = url_for(controller: 'settings', action: 'index') | |||
|
|
339 | mail :to => recipients, | |||
|
|
340 | :subject => l(:mail_subject_security_notification) | |||
|
|
341 | end | |||
|
|
342 | ||||
|
|
343 | # Notifies admins about settings changes | |||
|
|
344 | def self.security_settings_updated(changes) | |||
|
|
345 | return unless changes.present? | |||
|
|
346 | ||||
|
|
347 | users = User.active.where(admin: true).to_a | |||
|
|
348 | Mailer.settings_updated(users, changes).deliver | |||
|
|
349 | end | |||
|
|
350 | ||||
| 335 | def test_email(user) |
|
351 | def test_email(user) | |
| 336 | set_language_if_valid(user.language) |
|
352 | set_language_if_valid(user.language) | |
| 337 | @url = url_for(:controller => 'welcome') |
|
353 | @url = url_for(:controller => 'welcome') | |
| @@ -118,6 +118,23 class Setting < ActiveRecord::Base | |||||
| 118 | setting.value |
|
118 | setting.value | |
| 119 | end |
|
119 | end | |
| 120 |
|
120 | |||
|
|
121 | # Updates multiple settings from params and sends a security notification if needed | |||
|
|
122 | def self.set_all_from_params(settings) | |||
|
|
123 | settings = (settings || {}).dup.symbolize_keys | |||
|
|
124 | changes = [] | |||
|
|
125 | settings.each do |name, value| | |||
|
|
126 | previous_value = Setting[name] | |||
|
|
127 | set_from_params name, value | |||
|
|
128 | if available_settings[name.to_s]['security_notifications'] && Setting[name] != previous_value | |||
|
|
129 | changes << name | |||
|
|
130 | end | |||
|
|
131 | end | |||
|
|
132 | if changes.any? | |||
|
|
133 | Mailer.security_settings_updated(changes) | |||
|
|
134 | end | |||
|
|
135 | true | |||
|
|
136 | end | |||
|
|
137 | ||||
| 121 | # Sets a setting value from params |
|
138 | # Sets a setting value from params | |
| 122 | def self.set_from_params(name, params) |
|
139 | def self.set_from_params(name, params) | |
| 123 | params = params.dup |
|
140 | params = params.dup | |
| @@ -235,6 +235,7 en: | |||||
| 235 | mail_body_security_notification_remove: "%{field} %{value} was removed." |
|
235 | mail_body_security_notification_remove: "%{field} %{value} was removed." | |
| 236 | mail_body_security_notification_notify_enabled: "Email address %{value} now receives notifications." |
|
236 | mail_body_security_notification_notify_enabled: "Email address %{value} now receives notifications." | |
| 237 | mail_body_security_notification_notify_disabled: "Email address %{value} no longer receives notifications." |
|
237 | mail_body_security_notification_notify_disabled: "Email address %{value} no longer receives notifications." | |
|
|
238 | mail_body_settings_updated: "The following settings were changed:" | |||
| 238 |
|
239 | |||
| 239 | field_name: Name |
|
240 | field_name: Name | |
| 240 | field_description: Description |
|
241 | field_description: Description | |
| @@ -248,6 +248,7 fr: | |||||
| 248 | mail_body_wiki_content_added: "La page wiki '%{id}' a Γ©tΓ© ajoutΓ©e par %{author}." |
|
248 | mail_body_wiki_content_added: "La page wiki '%{id}' a Γ©tΓ© ajoutΓ©e par %{author}." | |
| 249 | mail_subject_wiki_content_updated: "Page wiki '%{id}' mise Γ jour" |
|
249 | mail_subject_wiki_content_updated: "Page wiki '%{id}' mise Γ jour" | |
| 250 | mail_body_wiki_content_updated: "La page wiki '%{id}' a Γ©tΓ© mise Γ jour par %{author}." |
|
250 | mail_body_wiki_content_updated: "La page wiki '%{id}' a Γ©tΓ© mise Γ jour par %{author}." | |
|
|
251 | mail_body_settings_updated: "Les paramètres suivants ont été modifiés :" | |||
| 251 |
|
252 | |||
| 252 | field_name: Nom |
|
253 | field_name: Nom | |
| 253 | field_description: Description |
|
254 | field_description: Description | |
| @@ -27,19 +27,24 welcome_text: | |||||
| 27 | default: |
|
27 | default: | |
| 28 | login_required: |
|
28 | login_required: | |
| 29 | default: 0 |
|
29 | default: 0 | |
|
|
30 | security_notifications: 1 | |||
| 30 | self_registration: |
|
31 | self_registration: | |
| 31 | default: '2' |
|
32 | default: '2' | |
|
|
33 | security_notifications: 1 | |||
| 32 | lost_password: |
|
34 | lost_password: | |
| 33 | default: 1 |
|
35 | default: 1 | |
|
|
36 | security_notifications: 1 | |||
| 34 | unsubscribe: |
|
37 | unsubscribe: | |
| 35 | default: 1 |
|
38 | default: 1 | |
| 36 | password_min_length: |
|
39 | password_min_length: | |
| 37 | format: int |
|
40 | format: int | |
| 38 | default: 8 |
|
41 | default: 8 | |
|
|
42 | security_notifications: 1 | |||
| 39 | # Maximum password age in days |
|
43 | # Maximum password age in days | |
| 40 | password_max_age: |
|
44 | password_max_age: | |
| 41 | format: int |
|
45 | format: int | |
| 42 | default: 0 |
|
46 | default: 0 | |
|
|
47 | security_notifications: 1 | |||
| 43 | # Maximum number of additional email addresses per user |
|
48 | # Maximum number of additional email addresses per user | |
| 44 | max_additional_emails: |
|
49 | max_additional_emails: | |
| 45 | format: int |
|
50 | format: int | |
| @@ -48,10 +53,12 max_additional_emails: | |||||
| 48 | session_lifetime: |
|
53 | session_lifetime: | |
| 49 | format: int |
|
54 | format: int | |
| 50 | default: 0 |
|
55 | default: 0 | |
|
|
56 | security_notifications: 1 | |||
| 51 | # User session timeout in minutes |
|
57 | # User session timeout in minutes | |
| 52 | session_timeout: |
|
58 | session_timeout: | |
| 53 | format: int |
|
59 | format: int | |
| 54 | default: 0 |
|
60 | default: 0 | |
|
|
61 | security_notifications: 1 | |||
| 55 | attachment_max_size: |
|
62 | attachment_max_size: | |
| 56 | format: int |
|
63 | format: int | |
| 57 | default: 5120 |
|
64 | default: 5120 | |
| @@ -91,6 +98,7 host_name: | |||||
| 91 | default: localhost:3000 |
|
98 | default: localhost:3000 | |
| 92 | protocol: |
|
99 | protocol: | |
| 93 | default: http |
|
100 | default: http | |
|
|
101 | security_notifications: 1 | |||
| 94 | feeds_limit: |
|
102 | feeds_limit: | |
| 95 | format: int |
|
103 | format: int | |
| 96 | default: 15 |
|
104 | default: 15 | |
| @@ -114,12 +122,15 enabled_scm: | |||||
| 114 | - Cvs |
|
122 | - Cvs | |
| 115 | - Bazaar |
|
123 | - Bazaar | |
| 116 | - Git |
|
124 | - Git | |
|
|
125 | security_notifications: 1 | |||
| 117 | autofetch_changesets: |
|
126 | autofetch_changesets: | |
| 118 | default: 1 |
|
127 | default: 1 | |
| 119 | sys_api_enabled: |
|
128 | sys_api_enabled: | |
| 120 | default: 0 |
|
129 | default: 0 | |
|
|
130 | security_notifications: 1 | |||
| 121 | sys_api_key: |
|
131 | sys_api_key: | |
| 122 | default: '' |
|
132 | default: '' | |
|
|
133 | security_notifications: 1 | |||
| 123 | commit_cross_project_ref: |
|
134 | commit_cross_project_ref: | |
| 124 | default: 0 |
|
135 | default: 0 | |
| 125 | commit_ref_keywords: |
|
136 | commit_ref_keywords: | |
| @@ -173,8 +184,10 mail_handler_excluded_filenames: | |||||
| 173 | default: '' |
|
184 | default: '' | |
| 174 | mail_handler_api_enabled: |
|
185 | mail_handler_api_enabled: | |
| 175 | default: 0 |
|
186 | default: 0 | |
|
|
187 | security_notifications: 1 | |||
| 176 | mail_handler_api_key: |
|
188 | mail_handler_api_key: | |
| 177 | default: |
|
189 | default: | |
|
|
190 | security_notifications: 1 | |||
| 178 | issue_list_default_columns: |
|
191 | issue_list_default_columns: | |
| 179 | serialized: true |
|
192 | serialized: true | |
| 180 | default: |
|
193 | default: | |
| @@ -237,14 +250,17 gravatar_enabled: | |||||
| 237 | default: 0 |
|
250 | default: 0 | |
| 238 | openid: |
|
251 | openid: | |
| 239 | default: 0 |
|
252 | default: 0 | |
|
|
253 | security_notifications: 1 | |||
| 240 | gravatar_default: |
|
254 | gravatar_default: | |
| 241 | default: '' |
|
255 | default: '' | |
| 242 | start_of_week: |
|
256 | start_of_week: | |
| 243 | default: '' |
|
257 | default: '' | |
| 244 | rest_api_enabled: |
|
258 | rest_api_enabled: | |
| 245 | default: 0 |
|
259 | default: 0 | |
|
|
260 | security_notifications: 1 | |||
| 246 | jsonp_enabled: |
|
261 | jsonp_enabled: | |
| 247 | default: 0 |
|
262 | default: 0 | |
|
|
263 | security_notifications: 1 | |||
| 248 | default_notification_option: |
|
264 | default_notification_option: | |
| 249 | default: 'only_my_events' |
|
265 | default: 'only_my_events' | |
| 250 | emails_header: |
|
266 | emails_header: | |
| @@ -136,6 +136,44 class SettingsControllerTest < ActionController::TestCase | |||||
| 136 | ], Setting.commit_update_keywords) |
|
136 | ], Setting.commit_update_keywords) | |
| 137 | end |
|
137 | end | |
| 138 |
|
138 | |||
|
|
139 | def test_post_edit_should_send_security_notification_for_notified_settings | |||
|
|
140 | ActionMailer::Base.deliveries.clear | |||
|
|
141 | post :edit, :settings => { | |||
|
|
142 | :login_required => 1 | |||
|
|
143 | } | |||
|
|
144 | ||||
|
|
145 | assert_not_nil (mail = ActionMailer::Base.deliveries.last) | |||
|
|
146 | assert_mail_body_match '0.0.0.0', mail | |||
|
|
147 | assert_mail_body_match I18n.t(:setting_login_required), mail | |||
|
|
148 | assert_select_email do | |||
|
|
149 | assert_select 'a[href^=?]', 'http://localhost:3000/settings' | |||
|
|
150 | end | |||
|
|
151 | # All admins should receive this | |||
|
|
152 | recipients = [mail.bcc, mail.cc].flatten | |||
|
|
153 | User.active.where(admin: true).each do |admin| | |||
|
|
154 | assert_include admin.mail, recipients | |||
|
|
155 | end | |||
|
|
156 | end | |||
|
|
157 | ||||
|
|
158 | def test_post_edit_should_not_send_security_notification_for_non_notified_settings | |||
|
|
159 | ActionMailer::Base.deliveries.clear | |||
|
|
160 | post :edit, :settings => { | |||
|
|
161 | :app_title => 'MineRed' | |||
|
|
162 | } | |||
|
|
163 | ||||
|
|
164 | assert_nil (mail = ActionMailer::Base.deliveries.last) | |||
|
|
165 | end | |||
|
|
166 | ||||
|
|
167 | def test_post_edit_should_not_send_security_notification_for_unchanged_settings | |||
|
|
168 | ActionMailer::Base.deliveries.clear | |||
|
|
169 | post :edit, :settings => { | |||
|
|
170 | :login_required => 0 | |||
|
|
171 | } | |||
|
|
172 | ||||
|
|
173 | assert_nil (mail = ActionMailer::Base.deliveries.last) | |||
|
|
174 | end | |||
|
|
175 | ||||
|
|
176 | ||||
| 139 | def test_get_plugin_settings |
|
177 | def test_get_plugin_settings | |
| 140 | ActionController::Base.append_view_path(File.join(Rails.root, "test/fixtures/plugins")) |
|
178 | ActionController::Base.append_view_path(File.join(Rails.root, "test/fixtures/plugins")) | |
| 141 | Redmine::Plugin.register :foo do |
|
179 | Redmine::Plugin.register :foo do | |
General Comments 0
You need to be logged in to leave comments.
Login now