| @@ -15,8 +15,11 | |||||
| 15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
|
|
18 | require 'rails_generator/secret_key_generator' | |||
|
|
19 | ||||
| 18 | class Token < ActiveRecord::Base |
|
20 | class Token < ActiveRecord::Base | |
| 19 | belongs_to :user |
|
21 | belongs_to :user | |
|
|
22 | validates_uniqueness_of :value | |||
| 20 |
|
23 | |||
| 21 | @@validity_time = 1.day |
|
24 | @@validity_time = 1.day | |
| 22 |
|
25 | |||
| @@ -36,9 +39,7 class Token < ActiveRecord::Base | |||||
| 36 |
|
39 | |||
| 37 | private |
|
40 | private | |
| 38 | def self.generate_token_value |
|
41 | def self.generate_token_value | |
| 39 | chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a |
|
42 | s = Rails::SecretKeyGenerator.new(object_id).generate_secret | |
| 40 | token_value = '' |
|
43 | s[0, 40] | |
| 41 | 40.times { |i| token_value << chars[rand(chars.size-1)] } |
|
|||
| 42 | token_value |
|
|||
| 43 | end |
|
44 | end | |
| 44 | end |
|
45 | end | |
| @@ -175,8 +175,14 class User < ActiveRecord::Base | |||||
| 175 | end |
|
175 | end | |
| 176 |
|
176 | |||
| 177 | def self.find_by_autologin_key(key) |
|
177 | def self.find_by_autologin_key(key) | |
| 178 | token = Token.find_by_action_and_value('autologin', key) |
|
178 | tokens = Token.find_all_by_action_and_value('autologin', key) | |
| 179 | token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil |
|
179 | # Make sure there's only 1 token that matches the key | |
|
|
180 | if tokens.size == 1 | |||
|
|
181 | token = tokens.first | |||
|
|
182 | if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active? | |||
|
|
183 | token.user | |||
|
|
184 | end | |||
|
|
185 | end | |||
| 180 | end |
|
186 | end | |
| 181 |
|
187 | |||
| 182 | # Makes find_by_mail case-insensitive |
|
188 | # Makes find_by_mail case-insensitive | |
| @@ -18,6 +18,7 http://www.redmine.org/ | |||||
| 18 | * Fixed: issues/show should accept user's rss key |
|
18 | * Fixed: issues/show should accept user's rss key | |
| 19 | * Fixed: consistency of custom fields display on the issue detail view |
|
19 | * Fixed: consistency of custom fields display on the issue detail view | |
| 20 | * Fixed: wiki comments length validation is missing |
|
20 | * Fixed: wiki comments length validation is missing | |
|
|
21 | * Fixed: weak autologin token generation algorithm causes duplicate tokens | |||
| 21 |
|
22 | |||
| 22 |
|
23 | |||
| 23 | == 2009-04-05 v0.8.3 |
|
24 | == 2009-04-05 v0.8.3 | |
General Comments 0
You need to be logged in to leave comments.
Login now