Merged r11519 and r11520 from trunk (#13335).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/2.3-stable@11569 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2013-03-09 10:17:26 +00:00
parent b2e1080007
commit 4413e0e52e
3 changed files with 36 additions and 6 deletions

View File

@ -232,7 +232,6 @@ class AccountController < ApplicationController
def set_autologin_cookie(user) def set_autologin_cookie(user)
token = Token.create(:user => user, :action => 'autologin') token = Token.create(:user => user, :action => 'autologin')
cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
cookie_options = { cookie_options = {
:value => token.value, :value => token.value,
:expires => 1.year.from_now, :expires => 1.year.from_now,
@ -240,7 +239,7 @@ class AccountController < ApplicationController
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
:httponly => true :httponly => true
} }
cookies[cookie_name] = cookie_options cookies[autologin_cookie_name] = cookie_options
end end
# Onthefly creation failed, display the registration form to fill/fix attributes # Onthefly creation failed, display the registration form to fill/fix attributes

View File

@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base
protect_from_forgery protect_from_forgery
def handle_unverified_request def handle_unverified_request
super super
cookies.delete(:autologin) cookies.delete(autologin_cookie_name)
end end
before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base
user user
end end
def autologin_cookie_name
Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
end
def try_to_autologin def try_to_autologin
if cookies[:autologin] && Setting.autologin? if cookies[autologin_cookie_name] && Setting.autologin?
# auto-login feature starts a new session # auto-login feature starts a new session
user = User.try_to_autologin(cookies[:autologin]) user = User.try_to_autologin(cookies[autologin_cookie_name])
if user if user
reset_session reset_session
start_user_session(user) start_user_session(user)
@ -153,7 +157,7 @@ class ApplicationController < ActionController::Base
# Logs out current user # Logs out current user
def logout_user def logout_user
if User.current.logged? if User.current.logged?
cookies.delete :autologin cookies.delete(autologin_cookie_name)
Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
self.logged_user = nil self.logged_user = nil
end end

View File

@ -68,6 +68,33 @@ class AccountTest < ActionController::IntegrationTest
assert_not_nil user.reload.last_login_on assert_not_nil user.reload.last_login_on
end end
def test_autologin_should_use_autologin_cookie_name
Token.delete_all
Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
with_settings :autologin => '7' do
assert_difference 'Token.count' do
post '/login', :username => 'admin', :password => 'admin', :autologin => 1
end
assert_response 302
assert cookies['custom_autologin'].present?
token = cookies['custom_autologin']
# Session is cleared
reset!
cookies['custom_autologin'] = token
get '/my/page'
assert_response :success
assert_difference 'Token.count', -1 do
post '/logout'
end
assert cookies['custom_autologin'].blank?
end
end
def test_lost_password def test_lost_password
Token.delete_all Token.delete_all