##// END OF EJS Templates
Backported r3080 from trunk (#4248)....
Jean-Philippe Lang -
r2967:be146d492a23
parent child
Show More
@@ -1,199 +1,199
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2008 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
24 24
25 25 # Show user's account
26 26 def show
27 27 @user = User.active.find(params[:id])
28 28 @custom_values = @user.custom_values
29 29
30 30 # show only public projects and private projects that the logged in user is also a member of
31 31 @memberships = @user.memberships.select do |membership|
32 32 membership.project.is_public? || (User.current.member_of?(membership.project))
33 33 end
34 34
35 35 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
36 36 @events_by_day = events.group_by(&:event_date)
37 37
38 38 if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
39 39 render_404 and return
40 40 end
41 41
42 42 rescue ActiveRecord::RecordNotFound
43 43 render_404
44 44 end
45 45
46 46 # Login request and validation
47 47 def login
48 48 if request.get?
49 49 # Logout user
50 50 self.logged_user = nil
51 51 else
52 52 # Authenticate user
53 53 user = User.try_to_login(params[:username], params[:password])
54 54 if user.nil?
55 55 # Invalid credentials
56 56 flash.now[:error] = l(:notice_account_invalid_creditentials)
57 57 elsif user.new_record?
58 58 # Onthefly creation failed, display the registration form to fill/fix attributes
59 59 @user = user
60 60 session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
61 61 render :action => 'register'
62 62 else
63 63 # Valid user
64 64 self.logged_user = user
65 65 # generate a key and set cookie if autologin
66 66 if params[:autologin] && Setting.autologin?
67 67 token = Token.create(:user => user, :action => 'autologin')
68 68 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
69 69 end
70 70 call_hook(:controller_account_success_authentication_after, {:user => user })
71 71 redirect_back_or_default :controller => 'my', :action => 'page'
72 72 end
73 73 end
74 74 end
75 75
76 76 # Log out current user and redirect to welcome page
77 77 def logout
78 78 cookies.delete :autologin
79 79 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
80 80 self.logged_user = nil
81 81 redirect_to home_url
82 82 end
83 83
84 84 # Enable user to choose a new password
85 85 def lost_password
86 86 redirect_to(home_url) && return unless Setting.lost_password?
87 87 if params[:token]
88 88 @token = Token.find_by_action_and_value("recovery", params[:token])
89 89 redirect_to(home_url) && return unless @token and !@token.expired?
90 90 @user = @token.user
91 91 if request.post?
92 92 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
93 93 if @user.save
94 94 @token.destroy
95 95 flash[:notice] = l(:notice_account_password_updated)
96 96 redirect_to :action => 'login'
97 97 return
98 98 end
99 99 end
100 100 render :template => "account/password_recovery"
101 101 return
102 102 else
103 103 if request.post?
104 104 user = User.find_by_mail(params[:mail])
105 105 # user not found in db
106 106 flash.now[:error] = l(:notice_account_unknown_email) and return unless user
107 107 # user uses an external authentification
108 108 flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
109 109 # create a new token for password recovery
110 110 token = Token.new(:user => user, :action => "recovery")
111 111 if token.save
112 112 Mailer.deliver_lost_password(token)
113 113 flash[:notice] = l(:notice_account_lost_email_sent)
114 114 redirect_to :action => 'login'
115 115 return
116 116 end
117 117 end
118 118 end
119 119 end
120 120
121 121 # User self-registration
122 122 def register
123 123 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
124 124 if request.get?
125 125 session[:auth_source_registration] = nil
126 126 @user = User.new(:language => Setting.default_language)
127 127 else
128 128 @user = User.new(params[:user])
129 129 @user.admin = false
130 130 @user.status = User::STATUS_REGISTERED
131 131 if session[:auth_source_registration]
132 132 @user.status = User::STATUS_ACTIVE
133 133 @user.login = session[:auth_source_registration][:login]
134 134 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
135 135 if @user.save
136 136 session[:auth_source_registration] = nil
137 137 self.logged_user = @user
138 138 flash[:notice] = l(:notice_account_activated)
139 139 redirect_to :controller => 'my', :action => 'account'
140 140 end
141 141 else
142 142 @user.login = params[:user][:login]
143 143 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
144 144 case Setting.self_registration
145 145 when '1'
146 146 # Email activation
147 147 token = Token.new(:user => @user, :action => "register")
148 148 if @user.save and token.save
149 149 Mailer.deliver_register(token)
150 150 flash[:notice] = l(:notice_account_register_done)
151 151 redirect_to :action => 'login'
152 152 end
153 153 when '3'
154 154 # Automatic activation
155 155 @user.status = User::STATUS_ACTIVE
156 156 if @user.save
157 157 self.logged_user = @user
158 158 flash[:notice] = l(:notice_account_activated)
159 159 redirect_to :controller => 'my', :action => 'account'
160 160 end
161 161 else
162 162 # Manual activation by the administrator
163 163 if @user.save
164 164 # Sends an email to the administrators
165 165 Mailer.deliver_account_activation_request(@user)
166 166 flash[:notice] = l(:notice_account_pending)
167 167 redirect_to :action => 'login'
168 168 end
169 169 end
170 170 end
171 171 end
172 172 end
173 173
174 174 # Token based account activation
175 175 def activate
176 176 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
177 177 token = Token.find_by_action_and_value('register', params[:token])
178 178 redirect_to(home_url) && return unless token and !token.expired?
179 179 user = token.user
180 180 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
181 181 user.status = User::STATUS_ACTIVE
182 182 if user.save
183 183 token.destroy
184 184 flash[:notice] = l(:notice_account_activated)
185 185 end
186 186 redirect_to :action => 'login'
187 187 end
188 188
189 189 private
190 190 def logged_user=(user)
191 reset_session
191 192 if user && user.is_a?(User)
192 193 User.current = user
193 194 session[:user_id] = user.id
194 195 else
195 196 User.current = User.anonymous
196 session[:user_id] = nil
197 197 end
198 198 end
199 199 end
@@ -1,153 +1,171
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require "#{File.dirname(__FILE__)}/../test_helper"
19 19
20 20 begin
21 21 require 'mocha'
22 22 rescue
23 23 # Won't run some tests
24 24 end
25 25
26 26 class AccountTest < ActionController::IntegrationTest
27 27 fixtures :users
28 28
29 29 # Replace this with your real tests.
30 30 def test_login
31 31 get "my/page"
32 32 assert_redirected_to "account/login"
33 33 log_user('jsmith', 'jsmith')
34 34
35 35 get "my/account"
36 36 assert_response :success
37 37 assert_template "my/account"
38 38 end
39 39
40 40 def test_lost_password
41 41 Token.delete_all
42 42
43 43 get "account/lost_password"
44 44 assert_response :success
45 45 assert_template "account/lost_password"
46 46
47 47 post "account/lost_password", :mail => 'jSmith@somenet.foo'
48 48 assert_redirected_to "account/login"
49 49
50 50 token = Token.find(:first)
51 51 assert_equal 'recovery', token.action
52 52 assert_equal 'jsmith@somenet.foo', token.user.mail
53 53 assert !token.expired?
54 54
55 55 get "account/lost_password", :token => token.value
56 56 assert_response :success
57 57 assert_template "account/password_recovery"
58 58
59 59 post "account/lost_password", :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'newpass'
60 60 assert_redirected_to "account/login"
61 61 assert_equal 'Password was successfully updated.', flash[:notice]
62 62
63 63 log_user('jsmith', 'newpass')
64 64 assert_equal 0, Token.count
65 65 end
66 66
67 67 def test_register_with_automatic_activation
68 68 Setting.self_registration = '3'
69 69
70 70 get 'account/register'
71 71 assert_response :success
72 72 assert_template 'account/register'
73 73
74 74 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
75 75 :password => "newpass", :password_confirmation => "newpass"
76 76 assert_redirected_to 'my/account'
77 77 follow_redirect!
78 78 assert_response :success
79 79 assert_template 'my/account'
80 80
81 81 assert User.find_by_login('newuser').active?
82 82 end
83 83
84 84 def test_register_with_manual_activation
85 85 Setting.self_registration = '2'
86 86
87 87 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
88 88 :password => "newpass", :password_confirmation => "newpass"
89 89 assert_redirected_to 'account/login'
90 90 assert !User.find_by_login('newuser').active?
91 91 end
92 92
93 93 def test_register_with_email_activation
94 94 Setting.self_registration = '1'
95 95 Token.delete_all
96 96
97 97 post 'account/register', :user => {:login => "newuser", :language => "en", :firstname => "New", :lastname => "User", :mail => "newuser@foo.bar"},
98 98 :password => "newpass", :password_confirmation => "newpass"
99 99 assert_redirected_to 'account/login'
100 100 assert !User.find_by_login('newuser').active?
101 101
102 102 token = Token.find(:first)
103 103 assert_equal 'register', token.action
104 104 assert_equal 'newuser@foo.bar', token.user.mail
105 105 assert !token.expired?
106 106
107 107 get 'account/activate', :token => token.value
108 108 assert_redirected_to 'account/login'
109 109 log_user('newuser', 'newpass')
110 110 end
111 111
112 112 if Object.const_defined?(:Mocha)
113 113
114 114 def test_onthefly_registration
115 115 # disable registration
116 116 Setting.self_registration = '0'
117 117 AuthSource.expects(:authenticate).returns([:login => 'foo', :firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com', :auth_source_id => 66])
118 118
119 119 post 'account/login', :username => 'foo', :password => 'bar'
120 120 assert_redirected_to 'my/page'
121 121
122 122 user = User.find_by_login('foo')
123 123 assert user.is_a?(User)
124 124 assert_equal 66, user.auth_source_id
125 125 assert user.hashed_password.blank?
126 126 end
127 127
128 128 def test_onthefly_registration_with_invalid_attributes
129 129 # disable registration
130 130 Setting.self_registration = '0'
131 131 AuthSource.expects(:authenticate).returns([:login => 'foo', :lastname => 'Smith', :auth_source_id => 66])
132 132
133 133 post 'account/login', :username => 'foo', :password => 'bar'
134 134 assert_response :success
135 135 assert_template 'account/register'
136 136 assert_tag :input, :attributes => { :name => 'user[firstname]', :value => '' }
137 137 assert_tag :input, :attributes => { :name => 'user[lastname]', :value => 'Smith' }
138 138 assert_no_tag :input, :attributes => { :name => 'user[login]' }
139 139 assert_no_tag :input, :attributes => { :name => 'user[password]' }
140 140
141 141 post 'account/register', :user => {:firstname => 'Foo', :lastname => 'Smith', :mail => 'foo@bar.com'}
142 142 assert_redirected_to 'my/account'
143 143
144 144 user = User.find_by_login('foo')
145 145 assert user.is_a?(User)
146 146 assert_equal 66, user.auth_source_id
147 147 assert user.hashed_password.blank?
148 148 end
149 149
150 def test_login_and_logout_should_clear_session
151 get '/login'
152 sid = session.session_id
153
154 post '/login', :username => 'admin', :password => 'admin'
155 assert_redirected_to 'my/page'
156 assert_not_equal sid, session.session_id, "login should reset session"
157 assert_equal 1, session[:user_id]
158 sid = session.session_id
159
160 get '/'
161 assert_equal sid, session.session_id
162
163 get '/logout'
164 assert_not_equal sid, session.session_id, "logout should reset session"
165 assert_nil session[:user_id]
166 end
167
150 168 else
151 169 puts 'Mocha is missing. Skipping tests.'
152 170 end
153 171 end
General Comments 0
You need to be logged in to leave comments. Login now