From: Jean-Philippe Lang Date: Thu, 14 Feb 2013 21:47:07 +0000 (+0000) Subject: Adds token finder methods. X-Git-Tag: 2.3.0~141 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=812da860b376d857fc7f1c4b06b26c6bec9232f7;p=redmine.git Adds token finder methods. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11374 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index a89c22373..df9a7a975 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -51,7 +51,7 @@ class AccountController < ApplicationController def lost_password (redirect_to(home_url); return) unless Setting.lost_password? if params[:token] - @token = Token.find_by_action_and_value("recovery", params[:token].to_s) + @token = Token.find_token("recovery", params[:token].to_s) if @token.nil? || @token.expired? redirect_to home_url return @@ -140,7 +140,7 @@ class AccountController < ApplicationController # Token based account activation def activate (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present? - token = Token.find_by_action_and_value('register', params[:token].to_s) + token = Token.find_token('register', params[:token].to_s) (redirect_to(home_url); return) unless token and !token.expired? user = token.user (redirect_to(home_url); return) unless user.registered? diff --git a/app/models/token.rb b/app/models/token.rb index 4c0598e60..3131bce8d 100644 --- a/app/models/token.rb +++ b/app/models/token.rb @@ -39,14 +39,31 @@ class Token < ActiveRecord::Base # Returns the active user who owns the key for the given action def self.find_active_user(action, key, validity_days=nil) + user = find_user(action, key, validity_days) + if user && user.active? + user + end + end + + # Returns the user who owns the key for the given action + def self.find_user(action, key, validity_days=nil) + token = find_token(action, key, validity_days) + if token + token.user + end + end + + # Returns the token for action and key with an optional + # validity duration (in number of days) + def self.find_token(action, key, validity_days=nil) action = action.to_s key = key.to_s - return nil unless action.present? && key =~ /\A[a-f0-9]+\z/ + return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i - token = find_by_action_and_value(action, key) - if token && token.user && token.user.active? + token = Token.where(:action => action, :value => key).first + if token && (token.action == action) && (token.value == key) && token.user if validity_days.nil? || (token.created_on > validity_days.days.ago) - token.user + token end end end diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb index 4b7727ab2..45399e0ee 100644 --- a/test/unit/token_test.rb +++ b/test/unit/token_test.rb @@ -58,4 +58,56 @@ class TokenTest < ActiveSupport::TestCase assert_equal 2, Token.destroy_expired end end + + def test_find_active_user_should_return_user + token = Token.create!(:user_id => 1, :action => 'api') + assert_equal User.find(1), Token.find_active_user('api', token.value) + end + + def test_find_active_user_should_return_nil_for_locked_user + token = Token.create!(:user_id => 1, :action => 'api') + User.find(1).lock! + assert_nil Token.find_active_user('api', token.value) + end + + def test_find_user_should_return_user + token = Token.create!(:user_id => 1, :action => 'api') + assert_equal User.find(1), Token.find_user('api', token.value) + end + + def test_find_user_should_return_locked_user + token = Token.create!(:user_id => 1, :action => 'api') + User.find(1).lock! + assert_equal User.find(1), Token.find_user('api', token.value) + end + + def test_find_token_should_return_the_token + token = Token.create!(:user_id => 1, :action => 'api') + assert_equal token, Token.find_token('api', token.value) + end + + def test_find_token_should_return_the_token_with_validity + token = Token.create!(:user_id => 1, :action => 'api', :created_on => 1.hour.ago) + assert_equal token, Token.find_token('api', token.value, 1) + end + + def test_find_token_should_return_nil_with_wrong_action + token = Token.create!(:user_id => 1, :action => 'feeds') + assert_nil Token.find_token('api', token.value) + end + + def test_find_token_should_return_nil_with_wrong_action + token = Token.create!(:user_id => 1, :action => 'feeds') + assert_nil Token.find_token('api', Token.generate_token_value) + end + + def test_find_token_should_return_nil_without_user + token = Token.create!(:user_id => 999, :action => 'api') + assert_nil Token.find_token('api', token.value) + end + + def test_find_token_should_return_nil_with_validity_expired + token = Token.create!(:user_id => 999, :action => 'api', :created_on => 2.days.ago) + assert_nil Token.find_token('api', token.value, 1) + end end