diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-03-02 20:28:21 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-03-02 20:28:21 +0000 |
| commit | 08ef201cec0c1524ba74f31cf26a516980123974 (patch) | |
| tree | 7987b5a3dfd54922dc84d3491b4ff3bbe8e17306 | |
| parent | 80807a8c495da9ad54d2ab52db4b891d90c64f8f (diff) | |
| download | redmine-08ef201cec0c1524ba74f31cf26a516980123974.tar.gz redmine-08ef201cec0c1524ba74f31cf26a516980123974.zip | |
Fixed that autologin is broken when using a custom cookie name (#13335).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11519 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/account_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
| -rw-r--r-- | test/integration/account_test.rb | 22 |
3 files changed, 30 insertions, 5 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index df9a7a975..a09633421 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -230,7 +230,6 @@ class AccountController < ApplicationController def set_autologin_cookie(user) token = Token.create(:user => user, :action => 'autologin') - cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin' cookie_options = { :value => token.value, :expires => 1.year.from_now, @@ -238,7 +237,7 @@ class AccountController < ApplicationController :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false), :httponly => true } - cookies[cookie_name] = cookie_options + cookies[autologin_cookie_name] = cookie_options end # Onthefly creation failed, display the registration form to fill/fix attributes diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5a59a3d2f..9948e717e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base protect_from_forgery def handle_unverified_request super - cookies.delete(:autologin) + cookies.delete(autologin_cookie_name) end before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization @@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base user end + def autologin_cookie_name + Redmine::Configuration['autologin_cookie_name'].presence || 'autologin' + end + def try_to_autologin - if cookies[:autologin] && Setting.autologin? + if cookies[autologin_cookie_name] && Setting.autologin? # auto-login feature starts a new session - user = User.try_to_autologin(cookies[:autologin]) + user = User.try_to_autologin(cookies[autologin_cookie_name]) if user reset_session start_user_session(user) diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb index b9f56f491..bdd9cb5d3 100644 --- a/test/integration/account_test.rb +++ b/test/integration/account_test.rb @@ -68,6 +68,28 @@ class AccountTest < ActionController::IntegrationTest assert_not_nil user.reload.last_login_on end + def test_autologin_should_use_autologin_cookie_name + Token.delete_all + Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin') + Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/') + Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false) + + with_settings :autologin => '7' do + assert_difference 'Token.count' do + post '/login', :username => 'admin', :password => 'admin', :autologin => 1 + end + assert_response 302 + assert cookies['custom_autologin'].present? + token = cookies['custom_autologin'] + + # Session is cleared + reset! + cookies['custom_autologin'] = token + get '/my/page' + assert_response :success + end + end + def test_lost_password Token.delete_all |