From 578a9e67d3473e87e0acdeb51ab06f1a92ac0ab2 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 7 Apr 2018 07:50:30 +0000 Subject: [PATCH] Merged r17269 into 3.4-stable (#28302). git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17270 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 2 +- app/models/mailer.rb | 9 +++++++-- app/views/mailer/security_notification.html.erb | 4 ++-- app/views/mailer/security_notification.text.erb | 4 ++-- test/unit/mailer_test.rb | 17 +++++++++++++++++ 5 files changed, 29 insertions(+), 7 deletions(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index d6e1da885..5070295d2 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -87,7 +87,7 @@ class AccountController < ApplicationController @user.must_change_passwd = false if @user.save @token.destroy - Mailer.password_updated(@user) + Mailer.password_updated(@user, { remote_ip: request.remote_ip }) flash[:notice] = l(:notice_account_password_updated) redirect_to signin_path return diff --git a/app/models/mailer.rb b/app/models/mailer.rb index 316b4e356..0c8c55c7e 100644 --- a/app/models/mailer.rb +++ b/app/models/mailer.rb @@ -311,7 +311,7 @@ class Mailer < ActionMailer::Base end # Notifies user that his password was updated - def self.password_updated(user) + def self.password_updated(user, options={}) # Don't send a notification to the dummy email address when changing the password # of the default admin account which is required after the first login # TODO: maybe not the best way to handle this @@ -320,6 +320,8 @@ class Mailer < ActionMailer::Base security_notification(user, message: :mail_body_password_updated, title: :button_change_password, + remote_ip: options[:remote_ip], + originator: user, url: {controller: 'my', action: 'password'} ).deliver end @@ -333,7 +335,6 @@ class Mailer < ActionMailer::Base end def security_notification(recipients, options={}) - redmine_headers 'Sender' => User.current.login @user = Array(recipients).detect{|r| r.is_a? User } set_language_if_valid(@user.try :language) @message = l(options[:message], @@ -341,7 +342,11 @@ class Mailer < ActionMailer::Base value: options[:value] ) @title = options[:title] && l(options[:title]) + @originator = options[:originator] || User.current + @remote_ip = options[:remote_ip] || @originator.remote_ip @url = options[:url] && (options[:url].is_a?(Hash) ? url_for(options[:url]) : options[:url]) + redmine_headers 'Sender' => @originator.login + redmine_headers 'Url' => @url mail :to => recipients, :subject => "[#{Setting.app_title}] #{l(:mail_subject_security_notification)}" end diff --git a/app/views/mailer/security_notification.html.erb b/app/views/mailer/security_notification.html.erb index 53bf0a0d5..309e9437f 100644 --- a/app/views/mailer/security_notification.html.erb +++ b/app/views/mailer/security_notification.html.erb @@ -7,7 +7,7 @@ <%= content_tag :h1, @title -%> <% end %>

-

<%= l(:field_user) %>: <%= User.current.login %>
-<%= l(:field_remote_ip) %>: <%= User.current.remote_ip %>
+

<%= l(:field_user) %>: <%= @originator.login %>
+<%= l(:field_remote_ip) %>: <%= @remote_ip %>
<%= l(:label_date) %>: <%= format_time Time.now, true, @user %>

diff --git a/app/views/mailer/security_notification.text.erb b/app/views/mailer/security_notification.text.erb index 17fd6ef67..5be036b7a 100644 --- a/app/views/mailer/security_notification.text.erb +++ b/app/views/mailer/security_notification.text.erb @@ -2,7 +2,7 @@ <%= @url || @title %> -<%= l(:field_user) %>: <%= User.current.login %> -<%= l(:field_remote_ip) %>: <%= User.current.remote_ip %> +<%= l(:field_user) %>: <%= @originator.login %> +<%= l(:field_remote_ip) %>: <%= @remote_ip %> <%= l(:label_date) %>: <%= format_time Time.now, true, @user %> diff --git a/test/unit/mailer_test.rb b/test/unit/mailer_test.rb index a755b8a5f..e712f0d70 100644 --- a/test/unit/mailer_test.rb +++ b/test/unit/mailer_test.rb @@ -713,6 +713,23 @@ class MailerTest < ActiveSupport::TestCase end end + def test_security_notification_with_overridden_originator_and_remote_ip + set_language_if_valid User.find(1).language + with_settings :emails_footer => "footer without link" do + User.current.remote_ip = '192.168.1.1' + assert Mailer.security_notification(User.find(1), message: :notice_account_password_updated, originator: User.find(2), remote_ip: '10.0.0.42').deliver + mail = last_email + assert_not_nil mail + assert_mail_body_match User.find(2).login, mail + assert_mail_body_match '10.0.0.42', mail + assert_mail_body_match I18n.t(:notice_account_password_updated), mail + assert_select_email do + assert_select "h1", false + assert_select "a", false + end + end + end + def test_security_notification_should_include_title set_language_if_valid User.find(2).language with_settings :emails_footer => "footer without link" do -- 2.39.5