diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-04 17:15:07 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-04 17:15:07 +0000 |
| commit | b9ee00a8c8ba2fe2b32eb33d299d4764ebc2968b (patch) | |
| tree | b6dbfdb5379e2aec1ab06be75d5ad77f94873bfa | |
| parent | 5c7aaa4d1eed86e0a3e687ab4a2263b00a68d611 (diff) | |
| download | redmine-b9ee00a8c8ba2fe2b32eb33d299d4764ebc2968b.tar.gz redmine-b9ee00a8c8ba2fe2b32eb33d299d4764ebc2968b.zip | |
Adds methods to User model to handle tokens.
git-svn-id: http://svn.redmine.org/redmine/trunk@16474 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/account_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 7 | ||||
| -rw-r--r-- | app/models/user.rb | 14 |
3 files changed, 20 insertions, 5 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 6bd7e02f5..842df6045 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -280,13 +280,13 @@ class AccountController < ApplicationController end def set_autologin_cookie(user) - token = Token.create(:user => user, :action => 'autologin') + token = user.generate_autologin_token secure = Redmine::Configuration['autologin_cookie_secure'] if secure.nil? secure = request.ssl? end cookie_options = { - :value => token.value, + :value => token, :expires => 1.year.from_now, :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'), :secure => secure, diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d3f549e46..f7bc95a7d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -168,9 +168,10 @@ class ApplicationController < ActionController::Base # Logs out current user def logout_user if User.current.logged? - cookies.delete(autologin_cookie_name) - Token.where(["user_id = ? AND action = ?", User.current.id, 'autologin']).delete_all - Token.where(["user_id = ? AND action = ? AND value = ?", User.current.id, 'session', session[:tk]]).delete_all + if autologin = cookies.delete(autologin_cookie_name) + User.current.delete_autologin_token(autologin) + end + User.current.delete_session_token(session[:tk]) self.logged_user = nil end end diff --git a/app/models/user.rb b/app/models/user.rb index 815a6d343..f7a9c33bd 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -417,6 +417,20 @@ class User < Principal token.value end + def delete_session_token(value) + Token.where(:user_id => id, :action => 'session', :value => value).delete_all + end + + # Generates a new autologin token and returns its value + def generate_autologin_token + token = Token.create!(:user_id => id, :action => 'autologin') + token.value + end + + def delete_autologin_token(value) + Token.where(:user_id => id, :action => 'autologin', :value => value).delete_all + end + # Returns true if token is a valid session token for the user whose id is user_id def self.verify_session_token(user_id, token) return false if user_id.blank? || token.blank? |