jro_apps/redmine Files · app/models/token.rb

Introduce virtual MenuNodes (#15880)....

Introduce virtual MenuNodes (#15880). They are characterized by having a blank url. they will only be rendered if the user is authorized to see at least one of its children. they render as links which do nothing when clicked. Patch by Jan Schulz-Hofen. git-svn-id: http://svn.redmine.org/redmine/trunk@15501 e93f8b46-1217-0410-a6f0-8f06a7374b81

Jean-Philippe Lang - - Load All Authors

File last commit:

r14856:cda9c63d9c21


                r15119:53710d80fc88

Download file

             token.rb
        
                    93 lines
            
             | 2.8 KiB
            
                | text/x-ruby
            
             |
                RubyLexer
            
             / app / models / token.rb
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # Redmine - project management software

      # Copyright (C) 2006-2016  Jean-Philippe Lang

      #

      # This program is free software; you can redistribute it and/or

      # modify it under the terms of the GNU General Public License

      # as published by the Free Software Foundation; either version 2

      # of the License, or (at your option) any later version.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU General Public License

      # along with this program; if not, write to the Free Software

      # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

      class Token < ActiveRecord::Base

        belongs_to :user

        validates_uniqueness_of :value

        attr_protected :id

        before_create :delete_previous_tokens, :generate_new_token

        cattr_accessor :validity_time

        self.validity_time = 1.day

        def generate_new_token

          self.value = Token.generate_token_value

        end

        # Return true if token has expired

        def expired?

          return Time.now > self.created_on + self.class.validity_time

        end

        # Delete all expired tokens

        def self.destroy_expired

          Token.where("action NOT IN (?) AND created_on < ?", ['feeds', 'api', 'session'], Time.now - validity_time).delete_all

        end

        # Returns the active user who owns the key for the given action

        def self.find_active_user(action, key, validity_days=nil)

          user = find_user(action, key, validity_days)

          if user && user.active?

            user

          end

        end

        # Returns the user who owns the key for the given action

        def self.find_user(action, key, validity_days=nil)

          token = find_token(action, key, validity_days)

          if token

            token.user

          end

        end

        # Returns the token for action and key with an optional

        # validity duration (in number of days)

        def self.find_token(action, key, validity_days=nil)

          action = action.to_s

          key = key.to_s

          return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i

          token = Token.where(:action => action, :value => key).first

          if token && (token.action == action) && (token.value == key) && token.user

            if validity_days.nil? || (token.created_on > validity_days.days.ago)

              token

            end

          end

        end

        def self.generate_token_value

          Redmine::Utils.random_hex(20)

        end

        private

        # Removes obsolete tokens (same user and action)

        def delete_previous_tokens

          if user

            scope = Token.where(:user_id => user.id, :action => action)

            if action == 'session'

              ids = scope.order(:updated_on => :desc).offset(9).ids

              if ids.any?

                Token.delete(ids)

              end

            else

              scope.delete_all

            end

          end

        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# Redmine - project management software
				# Copyright (C) 2006-2016 Jean-Philippe Lang
				#
				# This program is free software; you can redistribute it and/or
				# modify it under the terms of the GNU General Public License
				# as published by the Free Software Foundation; either version 2
				# of the License, or (at your option) any later version.
				#
				# This program is distributed in the hope that it will be useful,
				# but WITHOUT ANY WARRANTY; without even the implied warranty of
				# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				# GNU General Public License for more details.
				#
				# You should have received a copy of the GNU General Public License
				# along with this program; if not, write to the Free Software
				# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

				class Token < ActiveRecord::Base
				belongs_to :user
				validates_uniqueness_of :value
				attr_protected :id

				before_create :delete_previous_tokens, :generate_new_token

				cattr_accessor :validity_time
				self.validity_time = 1.day

				def generate_new_token
				self.value = Token.generate_token_value
				end

				# Return true if token has expired
				def expired?
				return Time.now > self.created_on + self.class.validity_time
				end

				# Delete all expired tokens
				def self.destroy_expired
				Token.where("action NOT IN (?) AND created_on < ?", ['feeds', 'api', 'session'], Time.now - validity_time).delete_all
				end

				# Returns the active user who owns the key for the given action
				def self.find_active_user(action, key, validity_days=nil)
				user = find_user(action, key, validity_days)
				if user && user.active?
				user
				end
				end

				# Returns the user who owns the key for the given action
				def self.find_user(action, key, validity_days=nil)
				token = find_token(action, key, validity_days)
				if token
				token.user
				end
				end

				# Returns the token for action and key with an optional
				# validity duration (in number of days)
				def self.find_token(action, key, validity_days=nil)
				action = action.to_s
				key = key.to_s
				return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i

				token = Token.where(:action => action, :value => key).first
				if token && (token.action == action) && (token.value == key) && token.user
				if validity_days.nil? \|\| (token.created_on > validity_days.days.ago)
				token
				end
				end
				end

				def self.generate_token_value
				Redmine::Utils.random_hex(20)
				end

				private

				# Removes obsolete tokens (same user and action)
				def delete_previous_tokens
				if user
				scope = Token.where(:user_id => user.id, :action => action)
				if action == 'session'
				ids = scope.order(:updated_on => :desc).offset(9).ids
				if ids.any?
				Token.delete(ids)
				end
				else
				scope.delete_all
				end
				end
				end
				end