Makes the autologin cookie configurable (#1763).

The cookie attributes (name, path, secure) can now be set in config/configuration.yml. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4756 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-01-23 11:20:46 +00:00 · 2011-01-23 11:20:46 +00:00 · 55acbcb560
parent 7dd464c577
commit 55acbcb560
2 changed files with 21 additions and 2 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -203,12 +203,23 @@ class AccountController < ApplicationController
    self.logged_user = user
    # generate a key and set cookie if autologin
    if params[:autologin] && Setting.autologin?
-      token = Token.create(:user => user, :action => 'autologin')
-      cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
+      set_autologin_cookie(user)
    end
    call_hook(:controller_account_success_authentication_after, {:user => user })
    redirect_back_or_default :controller => 'my', :action => 'page'
  end
+  
+  def set_autologin_cookie(user)
+    token = Token.create(:user => user, :action => 'autologin')
+    cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
+    cookie_options = {
+      :value => token.value,
+      :expires => 1.year.from_now,
+      :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
+      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false)
+    }
+    cookies[cookie_name] = cookie_options
+  end

  # Onthefly creation failed, display the registration form to fill/fix attributes
  def onthefly_creation_failed(user, auth_source_options = { })
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@ -99,6 +99,14 @@ default:
  # attachments_storage_path: D:/redmine/files
  attachments_storage_path:
  
+  # Configuration of the autologin cookie.
+  # autologin_cookie_name: the name of the cookie (default: autologin)
+  # autologin_cookie_path: the cookie path (default: /)
+  # autologin_cookie_secure: true sets the cookie secure flag (default: false)
+  autologin_cookie_name:
+  autologin_cookie_path:
+  autologin_cookie_secure:
+  
 # specific configuration options for production environment
 # that overrides the default ones
 production: