From 9e0723c11b929ebe53f897d18a25466b8b80849a Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 2 Feb 2013 08:46:58 +0000
Subject: [PATCH] Refactors methods for searching a user by token.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11296 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/token.rb | 17 ++++++++++++++++-
 app/models/user.rb  | 18 ++++++------------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/app/models/token.rb b/app/models/token.rb
index 1627b7587..c14175ea8 100644
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -37,11 +37,26 @@ class Token < ActiveRecord::Base
     Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time]
   end
 
-private
+  # Returns the active user who owns the key for the given action
+  def self.find_active_user(action, key, validity_days=nil)
+    action = action.to_s
+    key = key.to_s
+    return nil unless action.present? && key =~ /\A[a-f0-9]+\z/
+
+    token = find_by_action_and_value(action, key)
+    if token && token.user && token.user.active?
+      if validity_days.nil? || (token.created_on > validity_days.ago)
+        token.user
+      end
+    end
+  end
+
   def self.generate_token_value
     Redmine::Utils.random_hex(20)
   end
 
+  private
+
   # Removes obsolete tokens (same user and action)
   def delete_previous_tokens
     if user
diff --git a/app/models/user.rb b/app/models/user.rb
index 05f4bd706..ec3cc3fc5 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -190,14 +190,10 @@ class User < Principal
 
   # Returns the user who matches the given autologin +key+ or nil
   def self.try_to_autologin(key)
-    tokens = Token.find_all_by_action_and_value('autologin', key.to_s)
-    # Make sure there's only 1 token that matches the key
-    if tokens.size == 1
-      token = tokens.first
-      if (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
-        token.user.update_column(:last_login_on, Time.now)
-        token.user
-      end
+    user = Token.find_active_user('autologin', key, Setting.autologin.to_i)
+    if user
+      user.update_column(:last_login_on, Time.now)
+      user
     end
   end
 
@@ -367,13 +363,11 @@ class User < Principal
   end
 
   def self.find_by_rss_key(key)
-    token = Token.find_by_action_and_value('feeds', key.to_s)
-    token && token.user.active? ? token.user : nil
+    Token.find_active_user('feeds', key)
   end
 
   def self.find_by_api_key(key)
-    token = Token.find_by_action_and_value('api', key.to_s)
-    token && token.user.active? ? token.user : nil
+    Token.find_active_user('api', key)
   end
 
   # Makes find_by_mail case-insensitive