Adds token finder methods.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11374 e93f8b46-1217-0410-a6f0-8f06a7374b81
2013-02-14 21:47:07 +00:00 · 2013-02-14 21:47:07 +00:00 · 812da860b3
parent adb4a575dc
commit 812da860b3
3 changed files with 75 additions and 6 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -51,7 +51,7 @@ class AccountController < ApplicationController
  def lost_password
    (redirect_to(home_url); return) unless Setting.lost_password?
    if params[:token]
-      @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
+      @token = Token.find_token("recovery", params[:token].to_s)
      if @token.nil? || @token.expired?
        redirect_to home_url
        return
@ -140,7 +140,7 @@ class AccountController < ApplicationController
  # Token based account activation
  def activate
    (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
-    token = Token.find_by_action_and_value('register', params[:token].to_s)
+    token = Token.find_token('register', params[:token].to_s)
    (redirect_to(home_url); return) unless token and !token.expired?
    user = token.user
    (redirect_to(home_url); return) unless user.registered?
--- a/app/models/token.rb
+++ b/app/models/token.rb
@ -39,14 +39,31 @@ class Token < ActiveRecord::Base

  # Returns the active user who owns the key for the given action
  def self.find_active_user(action, key, validity_days=nil)
+    user = find_user(action, key, validity_days)
+    if user && user.active?
+      user
+    end
+  end
+
+  # Returns the user who owns the key for the given action
+  def self.find_user(action, key, validity_days=nil)
+    token = find_token(action, key, validity_days)
+    if token
+      token.user
+    end
+  end
+
+  # Returns the token for action and key with an optional
+  # validity duration (in number of days)
+  def self.find_token(action, key, validity_days=nil)
    action = action.to_s
    key = key.to_s
-    return nil unless action.present? && key =~ /\A[a-f0-9]+\z/
+    return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i

-    token = find_by_action_and_value(action, key)
-    if token && token.user && token.user.active?
+    token = Token.where(:action => action, :value => key).first
+    if token && (token.action == action) && (token.value == key) && token.user
      if validity_days.nil? || (token.created_on > validity_days.days.ago)
-        token.user
+        token
      end
    end
  end
--- a/test/unit/token_test.rb
+++ b/test/unit/token_test.rb
@ -58,4 +58,56 @@ class TokenTest < ActiveSupport::TestCase
      assert_equal 2, Token.destroy_expired
    end
  end
+
+  def test_find_active_user_should_return_user
+    token = Token.create!(:user_id => 1, :action => 'api')
+    assert_equal User.find(1), Token.find_active_user('api', token.value)
+  end
+
+  def test_find_active_user_should_return_nil_for_locked_user
+    token = Token.create!(:user_id => 1, :action => 'api')
+    User.find(1).lock!
+    assert_nil Token.find_active_user('api', token.value)
+  end
+
+  def test_find_user_should_return_user
+    token = Token.create!(:user_id => 1, :action => 'api')
+    assert_equal User.find(1), Token.find_user('api', token.value)
+  end
+
+  def test_find_user_should_return_locked_user
+    token = Token.create!(:user_id => 1, :action => 'api')
+    User.find(1).lock!
+    assert_equal User.find(1), Token.find_user('api', token.value)
+  end
+
+  def test_find_token_should_return_the_token
+    token = Token.create!(:user_id => 1, :action => 'api')
+    assert_equal token, Token.find_token('api', token.value)
+  end
+
+  def test_find_token_should_return_the_token_with_validity
+    token = Token.create!(:user_id => 1, :action => 'api', :created_on => 1.hour.ago)
+    assert_equal token, Token.find_token('api', token.value, 1)
+  end
+
+  def test_find_token_should_return_nil_with_wrong_action
+    token = Token.create!(:user_id => 1, :action => 'feeds')
+    assert_nil Token.find_token('api', token.value)
+  end
+
+  def test_find_token_should_return_nil_with_wrong_action
+    token = Token.create!(:user_id => 1, :action => 'feeds')
+    assert_nil Token.find_token('api', Token.generate_token_value)
+  end
+
+  def test_find_token_should_return_nil_without_user
+    token = Token.create!(:user_id => 999, :action => 'api')
+    assert_nil Token.find_token('api', token.value)
+  end
+
+  def test_find_token_should_return_nil_with_validity_expired
+    token = Token.create!(:user_id => 999, :action => 'api', :created_on => 2.days.ago)
+    assert_nil Token.find_token('api', token.value, 1)
+  end
 end