jro_apps/redmine Commit - r15916:e360394be7a4

Merged r16287 to r16289 (#24416)....

Jean-Philippe Lang -

r15916:e360394be7a4

parent child

Context file:

r15916:e360394be7a4

app/controllers/account_controller.rb +10 -2

                # Lets user choose a new password
                def lost_password
                  (redirect_to(home_url); return) unless Setting.lost_password?
-                 if params[:token]
-                   @token = Token.find_token("recovery", params[:token].to_s)
+                 if prt = (params[:token] || session[:password_recovery_token])
+                   @token = Token.find_token("recovery", prt.to_s)
                    if @token.nil? || @token.expired?
                      redirect_to home_url
                      return
                    end
+                   # redirect to remove the token query parameter from the URL and add it to the session
+                   if request.query_parameters[:token].present?
+                     session[:password_recovery_token] = @token.value
+                     redirect_to lost_password_url
+                     return
+                   end
                    @user = @token.user
                    unless @user && @user.active?
                      redirect_to home_url

test/functional/account_controller_test.rb +12 -1

                  end
                end
-               def test_get_lost_password_with_token_should_display_the_password_recovery_form
+               def test_get_lost_password_with_token_should_redirect_with_token_in_session
                  user = User.find(2)
                  token = Token.create!(:action => 'recovery', :user => user)
                  get :lost_password, :token => token.value
+                 assert_redirected_to '/account/lost_password'
+                 assert_equal token.value, request.session[:password_recovery_token]
+               end
+               def test_get_lost_password_with_token_in_session_should_display_the_password_recovery_form
+                 user = User.find(2)
+                 token = Token.create!(:action => 'recovery', :user => user)
+                 request.session[:password_recovery_token] = token.value
+                 get :lost_password
                  assert_response :success
                  assert_template 'password_recovery'

test/integration/account_test.rb +3 0

                  assert !token.expired?
                  get "/account/lost_password", :token => token.value
+                 assert_redirected_to '/account/lost_password'
+                 follow_redirect!
                  assert_response :success
                  assert_template "account/password_recovery"
                  assert_select 'input[type=hidden][name=token][value=?]', token.value

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages