jro_apps/redmine Commit - r9286:c7149f418408

Fixed that Token.destroy_expired destroys API tokens....

Jean-Philippe Lang -

r9286:c7149f418408

parent child

Context file:

r9286:c7149f418408

Collapse all files

app/models/token.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2011  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class Token < ActiveRecord::Base
               belongs_to :user
               validates_uniqueness_of :value
               before_create :delete_previous_tokens, :generate_new_token
               @@validity_time = 1.day
               def generate_new_token
                 self.value = Token.generate_token_value
               end
               # Return true if token has expired
               def expired?
                 return Time.now > self.created_on + @@validity_time
               end
               # Delete all expired tokens
               def self.destroy_expired
-                Token.delete_all ["action <> 'feeds' AND created_on < ?", Time.now - @@validity_time]
+                Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time]
               end
             private
               def self.generate_token_value
                 Redmine::Utils.random_hex(20)
               end
               # Removes obsolete tokens (same user and action)
               def delete_previous_tokens
                 if user
                   Token.delete_all(['user_id = ? AND action = ?', user.id, action])
                 end
               end
             end

test/unit/token_test.rb +23 0

             # Redmine - project management software
             # Copyright (C) 2006-2011  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../test_helper', __FILE__)
             class TokenTest < ActiveSupport::TestCase
               fixtures :tokens
               def test_create
                 token = Token.new
                 token.save
                 assert_equal 40, token.value.length
                 assert !token.expired?
               end
               def test_create_should_remove_existing_tokens
                 user = User.find(1)
                 t1 = Token.create(:user => user, :action => 'autologin')
                 t2 = Token.create(:user => user, :action => 'autologin')
                 assert_not_equal t1.value, t2.value
                 assert !Token.exists?(t1.id)
                 assert  Token.exists?(t2.id)
               end
+              def test_destroy_expired_should_not_destroy_feeds_and_api_tokens
+                Token.delete_all
+                Token.create!(:user_id => 1, :action => 'api', :created_on => 7.days.ago)
+                Token.create!(:user_id => 1, :action => 'feeds', :created_on => 7.days.ago)
+                assert_no_difference 'Token.count' do
+                  assert_equal 0, Token.destroy_expired
+                end
+              end
+              def test_destroy_expired_should_destroy_expired_tokens
+                Token.delete_all
+                Token.create!(:user_id => 1, :action => 'autologin', :created_on => 7.days.ago)
+                Token.create!(:user_id => 2, :action => 'autologin', :created_on => 3.days.ago)
+                Token.create!(:user_id => 3, :action => 'autologin', :created_on => 1.hour.ago)
+                assert_difference 'Token.count', -2 do
+                  assert_equal 2, Token.destroy_expired
+                end
+              end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages