Merged r12438 (#15735).

git-svn-id: http://svn.redmine.org/redmine/branches/2.4-stable@12444 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2013-12-22 14:48:46 +00:00
parent 9ebcb1e734
commit aacaa9da8e
2 changed files with 18 additions and 0 deletions

View File

@ -22,6 +22,14 @@ class AccountController < ApplicationController
# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_filter :check_if_login_required, :check_password_change
# Overrides ApplicationController#verify_authenticity_token to disable
# token verification on openid callbacks
def verify_authenticity_token
unless using_open_id?
super
end
end
# Login request and validation
def login
if request.get?

View File

@ -131,6 +131,16 @@ class AccountControllerOpenidTest < ActionController::TestCase
assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user'
end
def test_post_login_should_not_verify_token_when_using_open_id
ActionController::Base.allow_forgery_protection = true
AccountController.any_instance.stubs(:using_open_id?).returns(true)
AccountController.any_instance.stubs(:authenticate_with_open_id).returns(true)
post :login
assert_response 200
ensure
ActionController::Base.allow_forgery_protection = false
end
def test_register_after_login_failure_should_not_require_user_to_enter_a_password
Setting.self_registration = '3'