Do not start user session when accessing atom feed with token-based authentication.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2779 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
parent
6da0542af4
commit
9c282842a9
|
|
@ -42,19 +42,22 @@ class ApplicationController < ActionController::Base
|
||||||
# Check the settings cache for each request
|
# Check the settings cache for each request
|
||||||
Setting.check_cache
|
Setting.check_cache
|
||||||
# Find the current user
|
# Find the current user
|
||||||
self.logged_user = find_current_user
|
User.current = find_current_user
|
||||||
end
|
end
|
||||||
|
|
||||||
# Returns the current user or nil if no user is logged in
|
# Returns the current user or nil if no user is logged in
|
||||||
|
# and starts a session if needed
|
||||||
def find_current_user
|
def find_current_user
|
||||||
if session[:user_id]
|
if session[:user_id]
|
||||||
# existing session
|
# existing session
|
||||||
(User.active.find(session[:user_id]) rescue nil)
|
(User.active.find(session[:user_id]) rescue nil)
|
||||||
elsif cookies[:autologin] && Setting.autologin?
|
elsif cookies[:autologin] && Setting.autologin?
|
||||||
# auto-login feature
|
# auto-login feature starts a new session
|
||||||
User.try_to_autologin(cookies[:autologin])
|
user = User.try_to_autologin(cookies[:autologin])
|
||||||
elsif params[:key] && accept_key_auth_actions.include?(params[:action])
|
session[:user_id] = user.id if user
|
||||||
# RSS key authentication
|
user
|
||||||
|
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
|
||||||
|
# RSS key authentication does not start a session
|
||||||
User.find_by_rss_key(params[:key])
|
User.find_by_rss_key(params[:key])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ require "#{File.dirname(__FILE__)}/../test_helper"
|
||||||
class ApplicationTest < ActionController::IntegrationTest
|
class ApplicationTest < ActionController::IntegrationTest
|
||||||
include Redmine::I18n
|
include Redmine::I18n
|
||||||
|
|
||||||
fixtures :users
|
fixtures :all
|
||||||
|
|
||||||
def test_set_localization
|
def test_set_localization
|
||||||
Setting.default_language = 'en'
|
Setting.default_language = 'en'
|
||||||
|
|
@ -42,4 +42,15 @@ class ApplicationTest < ActionController::IntegrationTest
|
||||||
assert_response :success
|
assert_response :success
|
||||||
assert_tag :tag => 'h2', :content => 'Projects'
|
assert_tag :tag => 'h2', :content => 'Projects'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_token_based_access_should_not_start_session
|
||||||
|
# issue of a private project
|
||||||
|
get 'issues/4.atom'
|
||||||
|
assert_response 302
|
||||||
|
|
||||||
|
rss_key = User.find(2).rss_key
|
||||||
|
get "issues/4.atom?key=#{rss_key}"
|
||||||
|
assert_response 200
|
||||||
|
assert_nil session[:user_id]
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue