summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2009-06-02 17:24:50 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2009-06-02 17:24:50 +0000
commit6da0542af48be717378e3885bf8278cc773be6f2 (patch)
treea6bd58c60a3963474c19177896bd12192fdaf6b0
parent62e58f26b0c6905fc0b2d79ed278ac0e4f55d793 (diff)
downloadredmine-6da0542af48be717378e3885bf8278cc773be6f2.tar.gz
redmine-6da0542af48be717378e3885bf8278cc773be6f2.zip
Delete previous tokens when creating a new one.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2778 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--app/models/token.rb13
-rw-r--r--test/unit/token_test.rb13
2 files changed, 22 insertions, 4 deletions
diff --git a/app/models/token.rb b/app/models/token.rb
index a5199c770..b59d4f287 100644
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006 Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -19,6 +19,8 @@ class Token < ActiveRecord::Base
belongs_to :user
validates_uniqueness_of :value
+ before_create :delete_previous_tokens
+
@@validity_time = 1.day
def before_create
@@ -39,4 +41,11 @@ private
def self.generate_token_value
ActiveSupport::SecureRandom.hex(20)
end
+
+ # Removes obsolete tokens (same user and action)
+ def delete_previous_tokens
+ if user
+ Token.delete_all(['user_id = ? AND action = ?', user.id, action])
+ end
+ end
end
diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb
index 5a34e0ad3..64ac85a39 100644
--- a/test/unit/token_test.rb
+++ b/test/unit/token_test.rb
@@ -1,5 +1,5 @@
-# redMine - project management software
-# Copyright (C) 2006-2007 Jean-Philippe Lang
+# Redmine - project management software
+# Copyright (C) 2006-2009 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -26,4 +26,13 @@ class TokenTest < Test::Unit::TestCase
assert_equal 40, token.value.length
assert !token.expired?
end
+
+ def test_create_should_remove_existing_tokens
+ user = User.find(1)
+ t1 = Token.create(:user => user, :action => 'autologin')
+ t2 = Token.create(:user => user, :action => 'autologin')
+ assert_not_equal t1.value, t2.value
+ assert !Token.exists?(t1.id)
+ assert Token.exists?(t2.id)
+ end
end