Browse Source
Fixed that autologin is broken when using a custom cookie name (#13335).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11519 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/2.4.0
Jean-Philippe Lang
11 years ago
3 changed files with 30 additions and 5 deletions
+ 1
- 2
app/controllers/account_controller.rb
View File
| def set_autologin_cookie(user) | def set_autologin_cookie(user) | ||||
| token = Token.create(:user => user, :action => 'autologin') | token = Token.create(:user => user, :action => 'autologin') | ||||
| cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' | |||||
| cookie_options = { | cookie_options = { | ||||
| :value => token.value, | :value => token.value, | ||||
| :expires => 1.year.from_now, | :expires => 1.year.from_now, | ||||
| :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), | :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), | ||||
| :httponly => true | :httponly => true | ||||
| } | } | ||||
| cookies[cookie_name] = cookie_options | |||||
| cookies[autologin_cookie_name] = cookie_options | |||||
| end | end | ||||
| # Onthefly creation failed, display the registration form to fill/fix attributes | # Onthefly creation failed, display the registration form to fill/fix attributes |
+ 7
- 3
app/controllers/application_controller.rb
View File
| protect_from_forgery | protect_from_forgery | ||||
| def handle_unverified_request | def handle_unverified_request | ||||
| super | super | ||||
| cookies.delete(:autologin) | |||||
| cookies.delete(autologin_cookie_name) | |||||
| end | end | ||||
| before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization | before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization | ||||
| user | user | ||||
| end | end | ||||
| def autologin_cookie_name | |||||
| Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' | |||||
| end | |||||
| def try_to_autologin | def try_to_autologin | ||||
| if cookies[:autologin] && Setting.autologin? | |||||
| if cookies[autologin_cookie_name] && Setting.autologin? | |||||
| # auto-login feature starts a new session | # auto-login feature starts a new session | ||||
| user = User.try_to_autologin(cookies[:autologin]) | |||||
| user = User.try_to_autologin(cookies[autologin_cookie_name]) | |||||
| if user | if user | ||||
| reset_session | reset_session | ||||
| start_user_session(user) | start_user_session(user) |
+ 22
- 0
test/integration/account_test.rb
View File
| assert_not_nil user.reload.last_login_on | assert_not_nil user.reload.last_login_on | ||||
| end | end | ||||
| def test_autologin_should_use_autologin_cookie_name | |||||
| Token.delete_all | |||||
| Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') | |||||
| Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') | |||||
| Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) | |||||
| with_settings :autologin => '7' do | |||||
| assert_difference 'Token.count' do | |||||
| post '/login', :username => 'admin', :password => 'admin', :autologin => 1 | |||||
| end | |||||
| assert_response 302 | |||||
| assert cookies['custom_autologin'].present? | |||||
| token = cookies['custom_autologin'] | |||||
| # Session is cleared | |||||
| reset! | |||||
| cookies['custom_autologin'] = token | |||||
| get '/my/page' | |||||
| assert_response :success | |||||
| end | |||||
| end | |||||
| def test_lost_password | def test_lost_password | ||||
| Token.delete_all | Token.delete_all | ||||
Loading…