git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/2.3-stable@11569 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/2.3.0
@@ -232,7 +232,6 @@ class AccountController < ApplicationController | |||
def set_autologin_cookie(user) | |||
token = Token.create(:user => user, :action => 'autologin') | |||
cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' | |||
cookie_options = { | |||
:value => token.value, | |||
:expires => 1.year.from_now, | |||
@@ -240,7 +239,7 @@ class AccountController < ApplicationController | |||
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), | |||
:httponly => true | |||
} | |||
cookies[cookie_name] = cookie_options | |||
cookies[autologin_cookie_name] = cookie_options | |||
end | |||
# Onthefly creation failed, display the registration form to fill/fix attributes |
@@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base | |||
protect_from_forgery | |||
def handle_unverified_request | |||
super | |||
cookies.delete(:autologin) | |||
cookies.delete(autologin_cookie_name) | |||
end | |||
before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization | |||
@@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base | |||
user | |||
end | |||
def autologin_cookie_name | |||
Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' | |||
end | |||
def try_to_autologin | |||
if cookies[:autologin] && Setting.autologin? | |||
if cookies[autologin_cookie_name] && Setting.autologin? | |||
# auto-login feature starts a new session | |||
user = User.try_to_autologin(cookies[:autologin]) | |||
user = User.try_to_autologin(cookies[autologin_cookie_name]) | |||
if user | |||
reset_session | |||
start_user_session(user) | |||
@@ -153,7 +157,7 @@ class ApplicationController < ActionController::Base | |||
# Logs out current user | |||
def logout_user | |||
if User.current.logged? | |||
cookies.delete :autologin | |||
cookies.delete(autologin_cookie_name) | |||
Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) | |||
self.logged_user = nil | |||
end |
@@ -68,6 +68,33 @@ class AccountTest < ActionController::IntegrationTest | |||
assert_not_nil user.reload.last_login_on | |||
end | |||
def test_autologin_should_use_autologin_cookie_name | |||
Token.delete_all | |||
Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') | |||
Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') | |||
Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) | |||
with_settings :autologin => '7' do | |||
assert_difference 'Token.count' do | |||
post '/login', :username => 'admin', :password => 'admin', :autologin => 1 | |||
end | |||
assert_response 302 | |||
assert cookies['custom_autologin'].present? | |||
token = cookies['custom_autologin'] | |||
# Session is cleared | |||
reset! | |||
cookies['custom_autologin'] = token | |||
get '/my/page' | |||
assert_response :success | |||
assert_difference 'Token.count', -1 do | |||
post '/logout' | |||
end | |||
assert cookies['custom_autologin'].blank? | |||
end | |||
end | |||
def test_lost_password | |||
Token.delete_all | |||