Browse Source
Fixed that autologin is broken when using a custom cookie name (#13335).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11519 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/2.4.0
Jean-Philippe Lang
11 years ago
3 changed files with 30 additions and 5 deletions
+ 1
- 2
app/controllers/account_controller.rb
View File
| @@ -230,7 +230,6 @@ class AccountController < ApplicationController | |||
| def set_autologin_cookie(user) | |||
| token = Token.create(:user => user, :action => 'autologin') | |||
| cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' | |||
| cookie_options = { | |||
| :value => token.value, | |||
| :expires => 1.year.from_now, | |||
| @@ -238,7 +237,7 @@ class AccountController < ApplicationController | |||
| :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), | |||
| :httponly => true | |||
| } | |||
| cookies[cookie_name] = cookie_options | |||
| cookies[autologin_cookie_name] = cookie_options | |||
| end | |||
| # Onthefly creation failed, display the registration form to fill/fix attributes | |||
+ 7
- 3
app/controllers/application_controller.rb
View File
| @@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base | |||
| protect_from_forgery | |||
| def handle_unverified_request | |||
| super | |||
| cookies.delete(:autologin) | |||
| cookies.delete(autologin_cookie_name) | |||
| end | |||
| before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization | |||
| @@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base | |||
| user | |||
| end | |||
| def autologin_cookie_name | |||
| Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' | |||
| end | |||
| def try_to_autologin | |||
| if cookies[:autologin] && Setting.autologin? | |||
| if cookies[autologin_cookie_name] && Setting.autologin? | |||
| # auto-login feature starts a new session | |||
| user = User.try_to_autologin(cookies[:autologin]) | |||
| user = User.try_to_autologin(cookies[autologin_cookie_name]) | |||
| if user | |||
| reset_session | |||
| start_user_session(user) | |||
+ 22
- 0
test/integration/account_test.rb
View File
| @@ -68,6 +68,28 @@ class AccountTest < ActionController::IntegrationTest | |||
| assert_not_nil user.reload.last_login_on | |||
| end | |||
| def test_autologin_should_use_autologin_cookie_name | |||
| Token.delete_all | |||
| Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') | |||
| Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') | |||
| Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) | |||
| with_settings :autologin => '7' do | |||
| assert_difference 'Token.count' do | |||
| post '/login', :username => 'admin', :password => 'admin', :autologin => 1 | |||
| end | |||
| assert_response 302 | |||
| assert cookies['custom_autologin'].present? | |||
| token = cookies['custom_autologin'] | |||
| # Session is cleared | |||
| reset! | |||
| cookies['custom_autologin'] = token | |||
| get '/my/page' | |||
| assert_response :success | |||
| end | |||
| end | |||
| def test_lost_password | |||
| Token.delete_all | |||
Loading…