Merged r11519 and r11520 from trunk (#13335).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/2.3-stable@11569 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/account_controller.rb

@@ -232,7 +232,6 @@ class AccountController < ApplicationController
 
   def set_autologin_cookie(user)
     token = Token.create(:user => user, :action => 'autologin')
-    cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
     cookie_options = {
       :value => token.value,
       :expires => 1.year.from_now,
@@ -240,7 +239,7 @@ class AccountController < ApplicationController
       :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
       :httponly => true
     }
-    cookies[cookie_name] = cookie_options
+    cookies[autologin_cookie_name] = cookie_options
   end
 
   # Onthefly creation failed, display the registration form to fill/fix attributes

app/controllers/application_controller.rb

@@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
   def handle_unverified_request
     super
-    cookies.delete(:autologin)
+    cookies.delete(autologin_cookie_name)
   end
 
   before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
@@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base
     user
   end
 
+  def autologin_cookie_name
+    Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
+  end
+
   def try_to_autologin
-    if cookies[:autologin] && Setting.autologin?
+    if cookies[autologin_cookie_name] && Setting.autologin?
       # auto-login feature starts a new session
-      user = User.try_to_autologin(cookies[:autologin])
+      user = User.try_to_autologin(cookies[autologin_cookie_name])
       if user
         reset_session
         start_user_session(user)
@@ -153,7 +157,7 @@ class ApplicationController < ActionController::Base
   # Logs out current user
   def logout_user
     if User.current.logged?
-      cookies.delete :autologin
+      cookies.delete(autologin_cookie_name)
       Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
       self.logged_user = nil
     end

test/integration/account_test.rb

@@ -68,6 +68,33 @@ class AccountTest < ActionController::IntegrationTest
     assert_not_nil user.reload.last_login_on
   end
 
+  def test_autologin_should_use_autologin_cookie_name
+    Token.delete_all
+    Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
+    Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
+    Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
+
+    with_settings :autologin => '7' do
+      assert_difference 'Token.count' do
+        post '/login', :username => 'admin', :password => 'admin', :autologin => 1
+      end
+      assert_response 302
+      assert cookies['custom_autologin'].present?
+      token = cookies['custom_autologin']
+  
+      # Session is cleared
+      reset!
+      cookies['custom_autologin'] = token
+      get '/my/page'
+      assert_response :success
+
+      assert_difference 'Token.count', -1 do
+        post '/logout'
+      end
+      assert cookies['custom_autologin'].blank?
+    end
+  end
+
   def test_lost_password
     Token.delete_all