jro_apps/redmine Commit - r2643:b87753c90d2b

Do not autologin if more that one token is found (#3351)....

Jean-Philippe Lang -

r2643:b87753c90d2b

parent child

Context file:

r2643:b87753c90d2b

app/models/user.rb +6 -2

                # Returns the user who matches the given autologin +key+ or nil
                def self.try_to_autologin(key)
-                 token = Token.find_by_action_and_value('autologin', key)
-                 if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
+                 tokens = Token.find_all_by_action_and_value('autologin', key)
+                 # Make sure there's only 1 token that matches the key
+                 if tokens.size == 1
+                   token = tokens.first
+                   if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
                    token.user.update_attribute(:last_login_on, Time.now)
                    token.user
                  end
                end
+               end
                # Return user's full name for display
                def name(formatter = nil)

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages