Use POST instead of GET for logging out (#13022).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11289 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
41faf7f5f5
commit
f2fd78f7b8
|
@ -38,8 +38,13 @@ class AccountController < ApplicationController
|
||||||
|
|
||||||
# Log out current user and redirect to welcome page
|
# Log out current user and redirect to welcome page
|
||||||
def logout
|
def logout
|
||||||
logout_user
|
if User.current.anonymous?
|
||||||
redirect_to home_url
|
redirect_to home_url
|
||||||
|
elsif request.post?
|
||||||
|
logout_user
|
||||||
|
redirect_to home_url
|
||||||
|
end
|
||||||
|
# display the logout form
|
||||||
end
|
end
|
||||||
|
|
||||||
# Lets user choose a new password
|
# Lets user choose a new password
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
<%= form_tag(signout_path) do %>
|
||||||
|
<p><%= submit_tag l(:label_logout) %></p>
|
||||||
|
<% end %>
|
|
@ -208,7 +208,7 @@ Redmine::MenuManager.map :account_menu do |menu|
|
||||||
menu.push :login, :signin_path, :if => Proc.new { !User.current.logged? }
|
menu.push :login, :signin_path, :if => Proc.new { !User.current.logged? }
|
||||||
menu.push :register, :register_path, :if => Proc.new { !User.current.logged? && Setting.self_registration? }
|
menu.push :register, :register_path, :if => Proc.new { !User.current.logged? && Setting.self_registration? }
|
||||||
menu.push :my_account, { :controller => 'my', :action => 'account' }, :if => Proc.new { User.current.logged? }
|
menu.push :my_account, { :controller => 'my', :action => 'account' }, :if => Proc.new { User.current.logged? }
|
||||||
menu.push :logout, :signout_path, :if => Proc.new { User.current.logged? }
|
menu.push :logout, :signout_path, :html => {:method => 'post'}, :if => Proc.new { User.current.logged? }
|
||||||
end
|
end
|
||||||
|
|
||||||
Redmine::MenuManager.map :application_menu do |menu|
|
Redmine::MenuManager.map :application_menu do |menu|
|
||||||
|
|
|
@ -80,9 +80,18 @@ class AccountControllerTest < ActionController::TestCase
|
||||||
assert_response 302
|
assert_response 302
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_logout
|
def test_get_logout_should_not_logout
|
||||||
@request.session[:user_id] = 2
|
@request.session[:user_id] = 2
|
||||||
get :logout
|
get :logout
|
||||||
|
assert_response :success
|
||||||
|
assert_template 'logout'
|
||||||
|
|
||||||
|
assert_equal 2, @request.session[:user_id]
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_logout
|
||||||
|
@request.session[:user_id] = 2
|
||||||
|
post :logout
|
||||||
assert_redirected_to '/'
|
assert_redirected_to '/'
|
||||||
assert_nil @request.session[:user_id]
|
assert_nil @request.session[:user_id]
|
||||||
end
|
end
|
||||||
|
@ -91,7 +100,7 @@ class AccountControllerTest < ActionController::TestCase
|
||||||
@controller.expects(:reset_session).once
|
@controller.expects(:reset_session).once
|
||||||
|
|
||||||
@request.session[:user_id] = 2
|
@request.session[:user_id] = 2
|
||||||
get :logout
|
post :logout
|
||||||
assert_response 302
|
assert_response 302
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -85,6 +85,13 @@ class WelcomeControllerTest < ActionController::TestCase
|
||||||
:content => %r{warnLeavingUnsaved}
|
:content => %r{warnLeavingUnsaved}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_logout_link_should_post
|
||||||
|
@request.session[:user_id] = 2
|
||||||
|
|
||||||
|
get :index
|
||||||
|
assert_select 'a[href=/logout][data-method=post]', :text => 'Sign out'
|
||||||
|
end
|
||||||
|
|
||||||
def test_call_hook_mixed_in
|
def test_call_hook_mixed_in
|
||||||
assert @controller.respond_to?(:call_hook)
|
assert @controller.respond_to?(:call_hook)
|
||||||
end
|
end
|
||||||
|
|
|
@ -25,10 +25,12 @@ class RoutingAccountTest < ActionController::IntegrationTest
|
||||||
{ :controller => 'account', :action => 'login' }
|
{ :controller => 'account', :action => 'login' }
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
assert_routing(
|
["get", "post"].each do |method|
|
||||||
{ :method => 'get', :path => "/logout" },
|
assert_routing(
|
||||||
{ :controller => 'account', :action => 'logout' }
|
{ :method => method, :path => "/logout" },
|
||||||
)
|
{ :controller => 'account', :action => 'logout' }
|
||||||
|
)
|
||||||
|
end
|
||||||
["get", "post"].each do |method|
|
["get", "post"].each do |method|
|
||||||
assert_routing(
|
assert_routing(
|
||||||
{ :method => method, :path => "/account/register" },
|
{ :method => method, :path => "/account/register" },
|
||||||
|
|
Loading…
Reference in New Issue