##// END OF EJS Templates
jro_apps » redmine
RSS
Use browser language as default when registering....
Jean-Philippe Lang -
r10759:cabfece11ba4
parent child
Show More
Side by Side Unified
Context file:
r10759:cabfece11ba4 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,296 +1,296
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required
24 24
25 25 # Login request and validation
26 26 def login
27 27 if request.get?
28 28 logout_user
29 29 else
30 30 authenticate_user
31 31 end
32 32 rescue AuthSourceException => e
33 33 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
34 34 render_error :message => e.message
35 35 end
36 36
37 37 # Log out current user and redirect to welcome page
38 38 def logout
39 39 logout_user
40 40 redirect_to home_url
41 41 end
42 42
43 43 # Lets user choose a new password
44 44 def lost_password
45 45 redirect_to(home_url) && return unless Setting.lost_password?
46 46 if params[:token]
47 47 @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
48 48 if @token.nil? || @token.expired?
49 49 redirect_to home_url
50 50 return
51 51 end
52 52 @user = @token.user
53 53 unless @user && @user.active?
54 54 redirect_to home_url
55 55 return
56 56 end
57 57 if request.post?
58 58 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
59 59 if @user.save
60 60 @token.destroy
61 61 flash[:notice] = l(:notice_account_password_updated)
62 62 redirect_to signin_path
63 63 return
64 64 end
65 65 end
66 66 render :template => "account/password_recovery"
67 67 return
68 68 else
69 69 if request.post?
70 70 user = User.find_by_mail(params[:mail].to_s)
71 71 # user not found or not active
72 72 unless user && user.active?
73 73 flash.now[:error] = l(:notice_account_unknown_email)
74 74 return
75 75 end
76 76 # user cannot change its password
77 77 unless user.change_password_allowed?
78 78 flash.now[:error] = l(:notice_can_t_change_password)
79 79 return
80 80 end
81 81 # create a new token for password recovery
82 82 token = Token.new(:user => user, :action => "recovery")
83 83 if token.save
84 84 Mailer.lost_password(token).deliver
85 85 flash[:notice] = l(:notice_account_lost_email_sent)
86 86 redirect_to signin_path
87 87 return
88 88 end
89 89 end
90 90 end
91 91 end
92 92
93 93 # User self-registration
94 94 def register
95 95 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
96 96 if request.get?
97 97 session[:auth_source_registration] = nil
98 @user = User.new(:language => Setting.default_language)
98 @user = User.new(:language => current_language.to_s)
99 99 else
100 100 user_params = params[:user] || {}
101 101 @user = User.new
102 102 @user.safe_attributes = user_params
103 103 @user.admin = false
104 104 @user.register
105 105 if session[:auth_source_registration]
106 106 @user.activate
107 107 @user.login = session[:auth_source_registration][:login]
108 108 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
109 109 if @user.save
110 110 session[:auth_source_registration] = nil
111 111 self.logged_user = @user
112 112 flash[:notice] = l(:notice_account_activated)
113 113 redirect_to my_account_path
114 114 end
115 115 else
116 116 @user.login = params[:user][:login]
117 117 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
118 118 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
119 119 end
120 120
121 121 case Setting.self_registration
122 122 when '1'
123 123 register_by_email_activation(@user)
124 124 when '3'
125 125 register_automatically(@user)
126 126 else
127 127 register_manually_by_administrator(@user)
128 128 end
129 129 end
130 130 end
131 131 end
132 132
133 133 # Token based account activation
134 134 def activate
135 135 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
136 136 token = Token.find_by_action_and_value('register', params[:token])
137 137 redirect_to(home_url) && return unless token and !token.expired?
138 138 user = token.user
139 139 redirect_to(home_url) && return unless user.registered?
140 140 user.activate
141 141 if user.save
142 142 token.destroy
143 143 flash[:notice] = l(:notice_account_activated)
144 144 end
145 145 redirect_to signin_path
146 146 end
147 147
148 148 private
149 149
150 150 def authenticate_user
151 151 if Setting.openid? && using_open_id?
152 152 open_id_authenticate(params[:openid_url])
153 153 else
154 154 password_authentication
155 155 end
156 156 end
157 157
158 158 def password_authentication
159 159 user = User.try_to_login(params[:username], params[:password])
160 160
161 161 if user.nil?
162 162 invalid_credentials
163 163 elsif user.new_record?
164 164 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
165 165 else
166 166 # Valid user
167 167 successful_authentication(user)
168 168 end
169 169 end
170 170
171 171 def open_id_authenticate(openid_url)
172 172 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
173 173 if result.successful?
174 174 user = User.find_or_initialize_by_identity_url(identity_url)
175 175 if user.new_record?
176 176 # Self-registration off
177 177 redirect_to(home_url) && return unless Setting.self_registration?
178 178
179 179 # Create on the fly
180 180 user.login = registration['nickname'] unless registration['nickname'].nil?
181 181 user.mail = registration['email'] unless registration['email'].nil?
182 182 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
183 183 user.random_password
184 184 user.register
185 185
186 186 case Setting.self_registration
187 187 when '1'
188 188 register_by_email_activation(user) do
189 189 onthefly_creation_failed(user)
190 190 end
191 191 when '3'
192 192 register_automatically(user) do
193 193 onthefly_creation_failed(user)
194 194 end
195 195 else
196 196 register_manually_by_administrator(user) do
197 197 onthefly_creation_failed(user)
198 198 end
199 199 end
200 200 else
201 201 # Existing record
202 202 if user.active?
203 203 successful_authentication(user)
204 204 else
205 205 account_pending
206 206 end
207 207 end
208 208 end
209 209 end
210 210 end
211 211
212 212 def successful_authentication(user)
213 213 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
214 214 # Valid user
215 215 self.logged_user = user
216 216 # generate a key and set cookie if autologin
217 217 if params[:autologin] && Setting.autologin?
218 218 set_autologin_cookie(user)
219 219 end
220 220 call_hook(:controller_account_success_authentication_after, {:user => user })
221 221 redirect_back_or_default my_page_path
222 222 end
223 223
224 224 def set_autologin_cookie(user)
225 225 token = Token.create(:user => user, :action => 'autologin')
226 226 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
227 227 cookie_options = {
228 228 :value => token.value,
229 229 :expires => 1.year.from_now,
230 230 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
231 231 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
232 232 :httponly => true
233 233 }
234 234 cookies[cookie_name] = cookie_options
235 235 end
236 236
237 237 # Onthefly creation failed, display the registration form to fill/fix attributes
238 238 def onthefly_creation_failed(user, auth_source_options = { })
239 239 @user = user
240 240 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
241 241 render :action => 'register'
242 242 end
243 243
244 244 def invalid_credentials
245 245 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
246 246 flash.now[:error] = l(:notice_account_invalid_creditentials)
247 247 end
248 248
249 249 # Register a user for email activation.
250 250 #
251 251 # Pass a block for behavior when a user fails to save
252 252 def register_by_email_activation(user, &block)
253 253 token = Token.new(:user => user, :action => "register")
254 254 if user.save and token.save
255 255 Mailer.register(token).deliver
256 256 flash[:notice] = l(:notice_account_register_done)
257 257 redirect_to signin_path
258 258 else
259 259 yield if block_given?
260 260 end
261 261 end
262 262
263 263 # Automatically register a user
264 264 #
265 265 # Pass a block for behavior when a user fails to save
266 266 def register_automatically(user, &block)
267 267 # Automatic activation
268 268 user.activate
269 269 user.last_login_on = Time.now
270 270 if user.save
271 271 self.logged_user = user
272 272 flash[:notice] = l(:notice_account_activated)
273 273 redirect_to my_account_path
274 274 else
275 275 yield if block_given?
276 276 end
277 277 end
278 278
279 279 # Manual activation by the administrator
280 280 #
281 281 # Pass a block for behavior when a user fails to save
282 282 def register_manually_by_administrator(user, &block)
283 283 if user.save
284 284 # Sends an email to the administrators
285 285 Mailer.account_activation_request(user).deliver
286 286 account_pending
287 287 else
288 288 yield if block_given?
289 289 end
290 290 end
291 291
292 292 def account_pending
293 293 flash[:notice] = l(:notice_account_pending)
294 294 redirect_to signin_path
295 295 end
296 296 end
Show file before | Show file after | Hide comments
@@ -1,247 +1,260
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../test_helper', __FILE__)
19 19
20 20 class AccountControllerTest < ActionController::TestCase
21 21 fixtures :users, :roles
22 22
23 23 def setup
24 24 User.current = nil
25 25 end
26 26
27 27 def test_get_login
28 28 get :login
29 29 assert_response :success
30 30 assert_template 'login'
31 31
32 32 assert_select 'input[name=username]'
33 33 assert_select 'input[name=password]'
34 34 end
35 35
36 36 def test_login_should_redirect_to_back_url_param
37 37 # request.uri is "test.host" in test environment
38 38 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
39 39 assert_redirected_to '/issues/show/1'
40 40 end
41 41
42 42 def test_login_should_not_redirect_to_another_host
43 43 post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
44 44 assert_redirected_to '/my/page'
45 45 end
46 46
47 47 def test_login_with_wrong_password
48 48 post :login, :username => 'admin', :password => 'bad'
49 49 assert_response :success
50 50 assert_template 'login'
51 51
52 52 assert_select 'div.flash.error', :text => /Invalid user or password/
53 53 assert_select 'input[name=username][value=admin]'
54 54 assert_select 'input[name=password]'
55 55 assert_select 'input[name=password][value]', 0
56 56 end
57 57
58 58 def test_login_should_rescue_auth_source_exception
59 59 source = AuthSource.create!(:name => 'Test')
60 60 User.find(2).update_attribute :auth_source_id, source.id
61 61 AuthSource.any_instance.stubs(:authenticate).raises(AuthSourceException.new("Something wrong"))
62 62
63 63 post :login, :username => 'jsmith', :password => 'jsmith'
64 64 assert_response 500
65 65 assert_error_tag :content => /Something wrong/
66 66 end
67 67
68 68 def test_login_should_reset_session
69 69 @controller.expects(:reset_session).once
70 70
71 71 post :login, :username => 'jsmith', :password => 'jsmith'
72 72 assert_response 302
73 73 end
74 74
75 75 def test_logout
76 76 @request.session[:user_id] = 2
77 77 get :logout
78 78 assert_redirected_to '/'
79 79 assert_nil @request.session[:user_id]
80 80 end
81 81
82 82 def test_logout_should_reset_session
83 83 @controller.expects(:reset_session).once
84 84
85 85 @request.session[:user_id] = 2
86 86 get :logout
87 87 assert_response 302
88 88 end
89 89
90 90 def test_get_register_with_registration_on
91 91 with_settings :self_registration => '3' do
92 92 get :register
93 93 assert_response :success
94 94 assert_template 'register'
95 95 assert_not_nil assigns(:user)
96 96
97 97 assert_tag 'input', :attributes => {:name => 'user[password]'}
98 98 assert_tag 'input', :attributes => {:name => 'user[password_confirmation]'}
99 99 end
100 100 end
101 101
102 def test_get_register_should_detect_user_language
103 with_settings :self_registration => '3' do
104 @request.env['HTTP_ACCEPT_LANGUAGE'] = 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3'
105 get :register
106 assert_response :success
107 assert_not_nil assigns(:user)
108 assert_equal 'fr', assigns(:user).language
109 assert_select 'select[name=?]', 'user[language]' do
110 assert_select 'option[value=fr][selected=selected]'
111 end
112 end
113 end
114
102 115 def test_get_register_with_registration_off_should_redirect
103 116 with_settings :self_registration => '0' do
104 117 get :register
105 118 assert_redirected_to '/'
106 119 end
107 120 end
108 121
109 122 # See integration/account_test.rb for the full test
110 123 def test_post_register_with_registration_on
111 124 with_settings :self_registration => '3' do
112 125 assert_difference 'User.count' do
113 126 post :register, :user => {
114 127 :login => 'register',
115 128 :password => 'secret123',
116 129 :password_confirmation => 'secret123',
117 130 :firstname => 'John',
118 131 :lastname => 'Doe',
119 132 :mail => 'register@example.com'
120 133 }
121 134 assert_redirected_to '/my/account'
122 135 end
123 136 user = User.first(:order => 'id DESC')
124 137 assert_equal 'register', user.login
125 138 assert_equal 'John', user.firstname
126 139 assert_equal 'Doe', user.lastname
127 140 assert_equal 'register@example.com', user.mail
128 141 assert user.check_password?('secret123')
129 142 assert user.active?
130 143 end
131 144 end
132 145
133 146 def test_post_register_with_registration_off_should_redirect
134 147 with_settings :self_registration => '0' do
135 148 assert_no_difference 'User.count' do
136 149 post :register, :user => {
137 150 :login => 'register',
138 151 :password => 'test',
139 152 :password_confirmation => 'test',
140 153 :firstname => 'John',
141 154 :lastname => 'Doe',
142 155 :mail => 'register@example.com'
143 156 }
144 157 assert_redirected_to '/'
145 158 end
146 159 end
147 160 end
148 161
149 162 def test_get_lost_password_should_display_lost_password_form
150 163 get :lost_password
151 164 assert_response :success
152 165 assert_select 'input[name=mail]'
153 166 end
154 167
155 168 def test_lost_password_for_active_user_should_create_a_token
156 169 Token.delete_all
157 170 ActionMailer::Base.deliveries.clear
158 171 assert_difference 'ActionMailer::Base.deliveries.size' do
159 172 assert_difference 'Token.count' do
160 173 with_settings :host_name => 'mydomain.foo', :protocol => 'http' do
161 174 post :lost_password, :mail => 'JSmith@somenet.foo'
162 175 assert_redirected_to '/login'
163 176 end
164 177 end
165 178 end
166 179
167 180 token = Token.order('id DESC').first
168 181 assert_equal User.find(2), token.user
169 182 assert_equal 'recovery', token.action
170 183
171 184 assert_select_email do
172 185 assert_select "a[href=?]", "http://mydomain.foo/account/lost_password?token=#{token.value}"
173 186 end
174 187 end
175 188
176 189 def test_lost_password_for_unknown_user_should_fail
177 190 Token.delete_all
178 191 assert_no_difference 'Token.count' do
179 192 post :lost_password, :mail => 'invalid@somenet.foo'
180 193 assert_response :success
181 194 end
182 195 end
183 196
184 197 def test_lost_password_for_non_active_user_should_fail
185 198 Token.delete_all
186 199 assert User.find(2).lock!
187 200
188 201 assert_no_difference 'Token.count' do
189 202 post :lost_password, :mail => 'JSmith@somenet.foo'
190 203 assert_response :success
191 204 end
192 205 end
193 206
194 207 def test_get_lost_password_with_token_should_display_the_password_recovery_form
195 208 user = User.find(2)
196 209 token = Token.create!(:action => 'recovery', :user => user)
197 210
198 211 get :lost_password, :token => token.value
199 212 assert_response :success
200 213 assert_template 'password_recovery'
201 214
202 215 assert_select 'input[type=hidden][name=token][value=?]', token.value
203 216 end
204 217
205 218 def test_get_lost_password_with_invalid_token_should_redirect
206 219 get :lost_password, :token => "abcdef"
207 220 assert_redirected_to '/'
208 221 end
209 222
210 223 def test_post_lost_password_with_token_should_change_the_user_password
211 224 user = User.find(2)
212 225 token = Token.create!(:action => 'recovery', :user => user)
213 226
214 227 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
215 228 assert_redirected_to '/login'
216 229 user.reload
217 230 assert user.check_password?('newpass123')
218 231 assert_nil Token.find_by_id(token.id), "Token was not deleted"
219 232 end
220 233
221 234 def test_post_lost_password_with_token_for_non_active_user_should_fail
222 235 user = User.find(2)
223 236 token = Token.create!(:action => 'recovery', :user => user)
224 237 user.lock!
225 238
226 239 post :lost_password, :token => token.value, :new_password => 'newpass123', :new_password_confirmation => 'newpass123'
227 240 assert_redirected_to '/'
228 241 assert ! user.check_password?('newpass123')
229 242 end
230 243
231 244 def test_post_lost_password_with_token_and_password_confirmation_failure_should_redisplay_the_form
232 245 user = User.find(2)
233 246 token = Token.create!(:action => 'recovery', :user => user)
234 247
235 248 post :lost_password, :token => token.value, :new_password => 'newpass', :new_password_confirmation => 'wrongpass'
236 249 assert_response :success
237 250 assert_template 'password_recovery'
238 251 assert_not_nil Token.find_by_id(token.id), "Token was deleted"
239 252
240 253 assert_select 'input[type=hidden][name=token][value=?]', token.value
241 254 end
242 255
243 256 def test_post_lost_password_with_invalid_token_should_redirect
244 257 post :lost_password, :token => "abcdef", :new_password => 'newpass', :new_password_confirmation => 'newpass'
245 258 assert_redirected_to '/'
246 259 end
247 260 end
General Comments 0
You need to be logged in to leave comments. Login now