Fixed: When logging in via an autologin cookie the user's last_login_on should be updated (#2820).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2524 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
94cc23f103
commit
21eb3c089d
|
@ -151,15 +151,6 @@ class AccountController < ApplicationController
|
|||
end
|
||||
|
||||
private
|
||||
def logged_user=(user)
|
||||
if user && user.is_a?(User)
|
||||
User.current = user
|
||||
session[:user_id] = user.id
|
||||
else
|
||||
User.current = User.anonymous
|
||||
session[:user_id] = nil
|
||||
end
|
||||
end
|
||||
|
||||
def password_authentication
|
||||
user = User.try_to_login(params[:username], params[:password])
|
||||
|
|
|
@ -46,7 +46,7 @@ class ApplicationController < ActionController::Base
|
|||
# Check the settings cache for each request
|
||||
Setting.check_cache
|
||||
# Find the current user
|
||||
User.current = find_current_user
|
||||
self.logged_user = find_current_user
|
||||
end
|
||||
|
||||
# Returns the current user or nil if no user is logged in
|
||||
|
@ -56,13 +56,24 @@ class ApplicationController < ActionController::Base
|
|||
(User.active.find(session[:user_id]) rescue nil)
|
||||
elsif cookies[:autologin] && Setting.autologin?
|
||||
# auto-login feature
|
||||
User.find_by_autologin_key(cookies[:autologin])
|
||||
User.try_to_autologin(cookies[:autologin])
|
||||
elsif params[:key] && accept_key_auth_actions.include?(params[:action])
|
||||
# RSS key authentication
|
||||
User.find_by_rss_key(params[:key])
|
||||
end
|
||||
end
|
||||
|
||||
# Sets the logged in user
|
||||
def logged_user=(user)
|
||||
if user && user.is_a?(User)
|
||||
User.current = user
|
||||
session[:user_id] = user.id
|
||||
else
|
||||
User.current = User.anonymous
|
||||
session[:user_id] = nil
|
||||
end
|
||||
end
|
||||
|
||||
# check if login is globally required to access the application
|
||||
def check_if_login_required
|
||||
# no check needed if user is already logged in
|
||||
|
|
|
@ -127,6 +127,15 @@ class User < ActiveRecord::Base
|
|||
raise text
|
||||
end
|
||||
|
||||
# Returns the user who matches the given autologin +key+ or nil
|
||||
def self.try_to_autologin(key)
|
||||
token = Token.find_by_action_and_value('autologin', key)
|
||||
if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
|
||||
token.user.update_attribute(:last_login_on, Time.now)
|
||||
token.user
|
||||
end
|
||||
end
|
||||
|
||||
# Return user's full name for display
|
||||
def name(formatter = nil)
|
||||
if formatter
|
||||
|
@ -199,11 +208,6 @@ class User < ActiveRecord::Base
|
|||
token && token.user.active? ? token.user : nil
|
||||
end
|
||||
|
||||
def self.find_by_autologin_key(key)
|
||||
token = Token.find_by_action_and_value('autologin', key)
|
||||
token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
|
||||
end
|
||||
|
||||
# Makes find_by_mail case-insensitive
|
||||
def self.find_by_mail(mail)
|
||||
find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
|
||||
|
|
|
@ -160,18 +160,6 @@ class AccountControllerTest < Test::Unit::TestCase
|
|||
puts "Skipping openid tests."
|
||||
end
|
||||
|
||||
|
||||
def test_autologin
|
||||
Setting.autologin = "7"
|
||||
Token.delete_all
|
||||
post :login, :username => 'admin', :password => 'admin', :autologin => 1
|
||||
assert_redirected_to 'my/page'
|
||||
token = Token.find :first
|
||||
assert_not_nil token
|
||||
assert_equal User.find_by_login('admin'), token.user
|
||||
assert_equal 'autologin', token.action
|
||||
end
|
||||
|
||||
def test_logout
|
||||
@request.session[:user_id] = 2
|
||||
get :logout
|
||||
|
|
|
@ -37,6 +37,38 @@ class AccountTest < ActionController::IntegrationTest
|
|||
assert_template "my/account"
|
||||
end
|
||||
|
||||
def test_autologin
|
||||
user = User.find(1)
|
||||
Setting.autologin = "7"
|
||||
Token.delete_all
|
||||
|
||||
# User logs in with 'autologin' checked
|
||||
post '/login', :username => user.login, :password => 'admin', :autologin => 1
|
||||
assert_redirected_to 'my/page'
|
||||
token = Token.find :first
|
||||
assert_not_nil token
|
||||
assert_equal user, token.user
|
||||
assert_equal 'autologin', token.action
|
||||
assert_equal user.id, session[:user_id]
|
||||
assert_equal token.value, cookies['autologin']
|
||||
|
||||
# Session is cleared
|
||||
reset!
|
||||
User.current = nil
|
||||
# Clears user's last login timestamp
|
||||
user.update_attribute :last_login_on, nil
|
||||
assert_nil user.reload.last_login_on
|
||||
|
||||
# User comes back with his autologin cookie
|
||||
cookies[:autologin] = token.value
|
||||
get '/my/page'
|
||||
assert_response :success
|
||||
assert_template 'my/page'
|
||||
assert_equal user.id, session[:user_id]
|
||||
assert_not_nil user.reload.last_login_on
|
||||
assert user.last_login_on > 2.second.ago
|
||||
end
|
||||
|
||||
def test_lost_password
|
||||
Token.delete_all
|
||||
|
||||
|
|
Loading…
Reference in New Issue