jro_apps/redmine Commit - r2643:b87753c90d2b

Do not autologin if more that one token is found (#3351)....

Jean-Philippe Lang -

r2643:b87753c90d2b

parent child

Context file:

r2643:b87753c90d2b

app/models/user.rb +8 -4

               # Returns the user who matches the given autologin +key+ or nil
               def self.try_to_autologin(key)
-                token = Token.find_by_action_and_value('autologin', key)
+                tokens = Token.find_all_by_action_and_value('autologin', key)
-                if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
+                # Make sure there's only 1 token that matches the key
-                  token.user.update_attribute(:last_login_on, Time.now)
+                if tokens.size == 1
-                  token.user
+                  token = tokens.first
+                  if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
+                    token.user.update_attribute(:last_login_on, Time.now)
+                    token.user
+                  end
                 end
               end

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages