| @@ -58,12 +58,20 class AccountController < ApplicationController | |||||
| 58 | # Lets user choose a new password |
|
58 | # Lets user choose a new password | |
| 59 | def lost_password |
|
59 | def lost_password | |
| 60 | (redirect_to(home_url); return) unless Setting.lost_password? |
|
60 | (redirect_to(home_url); return) unless Setting.lost_password? | |
| 61 | if params[:token] |
|
61 | if prt = (params[:token] || session[:password_recovery_token]) | |
| 62 |
@token = Token.find_token("recovery", p |
|
62 | @token = Token.find_token("recovery", prt.to_s) | |
| 63 | if @token.nil? || @token.expired? |
|
63 | if @token.nil? || @token.expired? | |
| 64 | redirect_to home_url |
|
64 | redirect_to home_url | |
| 65 | return |
|
65 | return | |
| 66 | end |
|
66 | end | |
|
|
67 | ||||
|
|
68 | # redirect to remove the token query parameter from the URL and add it to the session | |||
|
|
69 | if request.query_parameters[:token].present? | |||
|
|
70 | session[:password_recovery_token] = @token.value | |||
|
|
71 | redirect_to lost_password_url | |||
|
|
72 | return | |||
|
|
73 | end | |||
|
|
74 | ||||
| 67 | @user = @token.user |
|
75 | @user = @token.user | |
| 68 | unless @user && @user.active? |
|
76 | unless @user && @user.active? | |
| 69 | redirect_to home_url |
|
77 | redirect_to home_url | |
| @@ -381,11 +381,22 class AccountControllerTest < ActionController::TestCase | |||||
| 381 | end |
|
381 | end | |
| 382 | end |
|
382 | end | |
| 383 |
|
383 | |||
| 384 |
def test_get_lost_password_with_token_should_ |
|
384 | def test_get_lost_password_with_token_should_redirect_with_token_in_session | |
| 385 | user = User.find(2) |
|
385 | user = User.find(2) | |
| 386 | token = Token.create!(:action => 'recovery', :user => user) |
|
386 | token = Token.create!(:action => 'recovery', :user => user) | |
| 387 |
|
387 | |||
| 388 | get :lost_password, :token => token.value |
|
388 | get :lost_password, :token => token.value | |
|
|
389 | assert_redirected_to '/account/lost_password' | |||
|
|
390 | ||||
|
|
391 | assert_equal token.value, request.session[:password_recovery_token] | |||
|
|
392 | end | |||
|
|
393 | ||||
|
|
394 | def test_get_lost_password_with_token_in_session_should_display_the_password_recovery_form | |||
|
|
395 | user = User.find(2) | |||
|
|
396 | token = Token.create!(:action => 'recovery', :user => user) | |||
|
|
397 | request.session[:password_recovery_token] = token.value | |||
|
|
398 | ||||
|
|
399 | get :lost_password | |||
| 389 | assert_response :success |
|
400 | assert_response :success | |
| 390 | assert_template 'password_recovery' |
|
401 | assert_template 'password_recovery' | |
| 391 |
|
402 | |||
| @@ -118,6 +118,9 class AccountTest < Redmine::IntegrationTest | |||||
| 118 | assert !token.expired? |
|
118 | assert !token.expired? | |
| 119 |
|
119 | |||
| 120 | get "/account/lost_password", :token => token.value |
|
120 | get "/account/lost_password", :token => token.value | |
|
|
121 | assert_redirected_to '/account/lost_password' | |||
|
|
122 | ||||
|
|
123 | follow_redirect! | |||
| 121 | assert_response :success |
|
124 | assert_response :success | |
| 122 | assert_template "account/password_recovery" |
|
125 | assert_template "account/password_recovery" | |
| 123 | assert_select 'input[type=hidden][name=token][value=?]', token.value |
|
126 | assert_select 'input[type=hidden][name=token][value=?]', token.value | |
General Comments 0
You need to be logged in to leave comments.
Login now