Fixed: When logging in via an autologin cookie the user's last_login_on should be updated (#2820).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2524 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-02-25 14:59:33 +00:00 · 2009-02-25 14:59:33 +00:00 · 21eb3c089d
parent 94cc23f103
commit 21eb3c089d
5 changed files with 56 additions and 30 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -150,17 +150,8 @@ class AccountController < ApplicationController
    redirect_to :action => 'login'
  end
  
-private
-  def logged_user=(user)
-    if user && user.is_a?(User)
-      User.current = user
-      session[:user_id] = user.id
-    else
-      User.current = User.anonymous
-      session[:user_id] = nil
-    end
-  end
-  
+  private
+
  def password_authentication
    user = User.try_to_login(params[:username], params[:password])
    if user.nil?
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@ -46,7 +46,7 @@ class ApplicationController < ActionController::Base
    # Check the settings cache for each request
    Setting.check_cache
    # Find the current user
-    User.current = find_current_user
+    self.logged_user = find_current_user
  end
  
  # Returns the current user or nil if no user is logged in
@ -56,13 +56,24 @@ class ApplicationController < ActionController::Base
      (User.active.find(session[:user_id]) rescue nil)
    elsif cookies[:autologin] && Setting.autologin?
      # auto-login feature
-      User.find_by_autologin_key(cookies[:autologin])
+      User.try_to_autologin(cookies[:autologin])
    elsif params[:key] && accept_key_auth_actions.include?(params[:action])
      # RSS key authentication
      User.find_by_rss_key(params[:key])
    end
  end
  
+  # Sets the logged in user
+  def logged_user=(user)
+    if user && user.is_a?(User)
+      User.current = user
+      session[:user_id] = user.id
+    else
+      User.current = User.anonymous
+      session[:user_id] = nil
+    end
+  end
+  
  # check if login is globally required to access the application
  def check_if_login_required
    # no check needed if user is already logged in
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -126,6 +126,15 @@ class User < ActiveRecord::Base
  rescue => text
    raise text
  end
+  
+  # Returns the user who matches the given autologin +key+ or nil
+  def self.try_to_autologin(key)
+    token = Token.find_by_action_and_value('autologin', key)
+    if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
+      token.user.update_attribute(:last_login_on, Time.now)
+      token.user
+    end
+  end
 	
  # Return user's full name for display
  def name(formatter = nil)
@ -199,11 +208,6 @@ class User < ActiveRecord::Base
    token && token.user.active? ? token.user : nil
  end
  
-  def self.find_by_autologin_key(key)
-    token = Token.find_by_action_and_value('autologin', key)
-    token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
-  end
-  
  # Makes find_by_mail case-insensitive
  def self.find_by_mail(mail)
    find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@ -160,18 +160,6 @@ class AccountControllerTest < Test::Unit::TestCase
    puts "Skipping openid tests."
  end
  
-  
-  def test_autologin
-    Setting.autologin = "7"
-    Token.delete_all
-    post :login, :username => 'admin', :password => 'admin', :autologin => 1
-    assert_redirected_to 'my/page'
-    token = Token.find :first
-    assert_not_nil token
-    assert_equal User.find_by_login('admin'), token.user
-    assert_equal 'autologin', token.action
-  end
-  
  def test_logout
    @request.session[:user_id] = 2
    get :logout
--- a/test/integration/account_test.rb
+++ b/test/integration/account_test.rb
@ -37,6 +37,38 @@ class AccountTest < ActionController::IntegrationTest
    assert_template "my/account"    
  end
  
+  def test_autologin
+    user = User.find(1)
+    Setting.autologin = "7"
+    Token.delete_all
+    
+    # User logs in with 'autologin' checked
+    post '/login', :username => user.login, :password => 'admin', :autologin => 1
+    assert_redirected_to 'my/page'
+    token = Token.find :first
+    assert_not_nil token
+    assert_equal user, token.user
+    assert_equal 'autologin', token.action
+    assert_equal user.id, session[:user_id]
+    assert_equal token.value, cookies['autologin']
+    
+    # Session is cleared
+    reset!
+    User.current = nil
+    # Clears user's last login timestamp
+    user.update_attribute :last_login_on, nil
+    assert_nil user.reload.last_login_on
+    
+    # User comes back with his autologin cookie
+    cookies[:autologin] = token.value
+    get '/my/page'
+    assert_response :success
+    assert_template 'my/page'
+    assert_equal user.id, session[:user_id]
+    assert_not_nil user.reload.last_login_on
+    assert user.last_login_on > 2.second.ago
+  end
+  
  def test_lost_password
    Token.delete_all