From: Jean-Philippe Lang Date: Sat, 9 Mar 2013 10:17:26 +0000 (+0000) Subject: Merged r11519 and r11520 from trunk (#13335). X-Git-Tag: 2.3.0~32 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=4413e0e52e2cbd6ae3d56521f2b6df1417c58163;p=redmine.git Merged r11519 and r11520 from trunk (#13335). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/2.3-stable@11569 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 573390ba7..57d0c2004 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -232,7 +232,6 @@ class AccountController < ApplicationController def set_autologin_cookie(user) token = Token.create(:user => user, :action => 'autologin') - cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' cookie_options = { :value => token.value, :expires => 1.year.from_now, @@ -240,7 +239,7 @@ class AccountController < ApplicationController :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), :httponly => true } - cookies[cookie_name] = cookie_options + cookies[autologin_cookie_name] = cookie_options end # Onthefly creation failed, display the registration form to fill/fix attributes diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5a59a3d2f..6bbc4d1fc 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base protect_from_forgery def handle_unverified_request super - cookies.delete(:autologin) + cookies.delete(autologin_cookie_name) end before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization @@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base user end + def autologin_cookie_name + Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' + end + def try_to_autologin - if cookies[:autologin] && Setting.autologin? + if cookies[autologin_cookie_name] && Setting.autologin? # auto-login feature starts a new session - user = User.try_to_autologin(cookies[:autologin]) + user = User.try_to_autologin(cookies[autologin_cookie_name]) if user reset_session start_user_session(user) @@ -153,7 +157,7 @@ class ApplicationController < ActionController::Base # Logs out current user def logout_user if User.current.logged? - cookies.delete :autologin + cookies.delete(autologin_cookie_name) Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) self.logged_user = nil end diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb index b9f56f491..de78ba7d3 100644 --- a/test/integration/account_test.rb +++ b/test/integration/account_test.rb @@ -68,6 +68,33 @@ class AccountTest < ActionController::IntegrationTest assert_not_nil user.reload.last_login_on end + def test_autologin_should_use_autologin_cookie_name + Token.delete_all + Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') + Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') + Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) + + with_settings :autologin => '7' do + assert_difference 'Token.count' do + post '/login', :username => 'admin', :password => 'admin', :autologin => 1 + end + assert_response 302 + assert cookies['custom_autologin'].present? + token = cookies['custom_autologin'] + + # Session is cleared + reset! + cookies['custom_autologin'] = token + get '/my/page' + assert_response :success + + assert_difference 'Token.count', -1 do + post '/logout' + end + assert cookies['custom_autologin'].blank? + end + end + def test_lost_password Token.delete_all