def set_autologin_cookie(user)
token = Token.create(:user => user, :action => 'autologin')
- cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
cookie_options = {
:value => token.value,
:expires => 1.year.from_now,
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
:httponly => true
}
- cookies[cookie_name] = cookie_options
+ cookies[autologin_cookie_name] = cookie_options
end
# Onthefly creation failed, display the registration form to fill/fix attributes
protect_from_forgery
def handle_unverified_request
super
- cookies.delete(:autologin)
+ cookies.delete(autologin_cookie_name)
end
before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
user
end
+ def autologin_cookie_name
+ Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
+ end
+
def try_to_autologin
- if cookies[:autologin] && Setting.autologin?
+ if cookies[autologin_cookie_name] && Setting.autologin?
# auto-login feature starts a new session
- user = User.try_to_autologin(cookies[:autologin])
+ user = User.try_to_autologin(cookies[autologin_cookie_name])
if user
reset_session
start_user_session(user)
assert_not_nil user.reload.last_login_on
end
+ def test_autologin_should_use_autologin_cookie_name
+ Token.delete_all
+ Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
+ Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
+ Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
+
+ with_settings :autologin => '7' do
+ assert_difference 'Token.count' do
+ post '/login', :username => 'admin', :password => 'admin', :autologin => 1
+ end
+ assert_response 302
+ assert cookies['custom_autologin'].present?
+ token = cookies['custom_autologin']
+
+ # Session is cleared
+ reset!
+ cookies['custom_autologin'] = token
+ get '/my/page'
+ assert_response :success
+ end
+ end
+
def test_lost_password
Token.delete_all
projects / redmine.git / commitdiff