# Check the settings cache for each request
Setting.check_cache
# Find the current user
- self.logged_user = find_current_user
+ User.current = find_current_user
end
# Returns the current user or nil if no user is logged in
+ # and starts a session if needed
def find_current_user
if session[:user_id]
# existing session
(User.active.find(session[:user_id]) rescue nil)
elsif cookies[:autologin] && Setting.autologin?
- # auto-login feature
- User.try_to_autologin(cookies[:autologin])
- elsif params[:key] && accept_key_auth_actions.include?(params[:action])
- # RSS key authentication
+ # auto-login feature starts a new session
+ user = User.try_to_autologin(cookies[:autologin])
+ session[:user_id] = user.id if user
+ user
+ elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
+ # RSS key authentication does not start a session
User.find_by_rss_key(params[:key])
end
end
class ApplicationTest < ActionController::IntegrationTest
include Redmine::I18n
- fixtures :users
+ fixtures :all
def test_set_localization
Setting.default_language = 'en'
assert_response :success
assert_tag :tag => 'h2', :content => 'Projects'
end
+
+ def test_token_based_access_should_not_start_session
+ # issue of a private project
+ get 'issues/4.atom'
+ assert_response 302
+
+ rss_key = User.find(2).rss_key
+ get "issues/4.atom?key=#{rss_key}"
+ assert_response 200
+ assert_nil session[:user_id]
+ end
end
projects / redmine.git / commitdiff