git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11519 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/2.4.0
def set_autologin_cookie(user) | def set_autologin_cookie(user) | ||||
token = Token.create(:user => user, :action => 'autologin') | token = Token.create(:user => user, :action => 'autologin') | ||||
cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' | |||||
cookie_options = { | cookie_options = { | ||||
:value => token.value, | :value => token.value, | ||||
:expires => 1.year.from_now, | :expires => 1.year.from_now, | ||||
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), | :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), | ||||
:httponly => true | :httponly => true | ||||
} | } | ||||
cookies[cookie_name] = cookie_options | |||||
cookies[autologin_cookie_name] = cookie_options | |||||
end | end | ||||
# Onthefly creation failed, display the registration form to fill/fix attributes | # Onthefly creation failed, display the registration form to fill/fix attributes |
protect_from_forgery | protect_from_forgery | ||||
def handle_unverified_request | def handle_unverified_request | ||||
super | super | ||||
cookies.delete(:autologin) | |||||
cookies.delete(autologin_cookie_name) | |||||
end | end | ||||
before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization | before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization | ||||
user | user | ||||
end | end | ||||
def autologin_cookie_name | |||||
Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' | |||||
end | |||||
def try_to_autologin | def try_to_autologin | ||||
if cookies[:autologin] && Setting.autologin? | |||||
if cookies[autologin_cookie_name] && Setting.autologin? | |||||
# auto-login feature starts a new session | # auto-login feature starts a new session | ||||
user = User.try_to_autologin(cookies[:autologin]) | |||||
user = User.try_to_autologin(cookies[autologin_cookie_name]) | |||||
if user | if user | ||||
reset_session | reset_session | ||||
start_user_session(user) | start_user_session(user) |
assert_not_nil user.reload.last_login_on | assert_not_nil user.reload.last_login_on | ||||
end | end | ||||
def test_autologin_should_use_autologin_cookie_name | |||||
Token.delete_all | |||||
Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') | |||||
Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') | |||||
Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) | |||||
with_settings :autologin => '7' do | |||||
assert_difference 'Token.count' do | |||||
post '/login', :username => 'admin', :password => 'admin', :autologin => 1 | |||||
end | |||||
assert_response 302 | |||||
assert cookies['custom_autologin'].present? | |||||
token = cookies['custom_autologin'] | |||||
# Session is cleared | |||||
reset! | |||||
cookies['custom_autologin'] = token | |||||
get '/my/page' | |||||
assert_response :success | |||||
end | |||||
end | |||||
def test_lost_password | def test_lost_password | ||||
Token.delete_all | Token.delete_all | ||||