Fixed: When logging in via an autologin cookie the user's last_login_on should be updated (#2820).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2524 e93f8b46-1217-0410-a6f0-8f06a7374b81

5 files changed, 56 insertions, 30 deletions

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 4d96ad8f3..9842b9ead 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -150,17 +150,8 @@ class AccountController < ApplicationController
     redirect_to :action => 'login'
   end
   
-private
-  def logged_user=(user)
-    if user && user.is_a?(User)
-      User.current = user
-      session[:user_id] = user.id
-    else
-      User.current = User.anonymous
-      session[:user_id] = nil
-    end
-  end
-  
+  private
+
   def password_authentication
     user = User.try_to_login(params[:username], params[:password])
     if user.nil?
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 109771133..f86487305 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -46,7 +46,7 @@ class ApplicationController < ActionController::Base
     # Check the settings cache for each request
     Setting.check_cache
     # Find the current user
-    User.current = find_current_user
+    self.logged_user = find_current_user
   end
   
   # Returns the current user or nil if no user is logged in
@@ -56,13 +56,24 @@ class ApplicationController < ActionController::Base
       (User.active.find(session[:user_id]) rescue nil)
     elsif cookies[:autologin] && Setting.autologin?
       # auto-login feature
-      User.find_by_autologin_key(cookies[:autologin])
+      User.try_to_autologin(cookies[:autologin])
     elsif params[:key] && accept_key_auth_actions.include?(params[:action])
       # RSS key authentication
       User.find_by_rss_key(params[:key])
     end
   end
   
+  # Sets the logged in user
+  def logged_user=(user)
+    if user && user.is_a?(User)
+      User.current = user
+      session[:user_id] = user.id
+    else
+      User.current = User.anonymous
+      session[:user_id] = nil
+    end
+  end
+  
   # check if login is globally required to access the application
   def check_if_login_required
     # no check needed if user is already logged in
diff --git a/app/models/user.rb b/app/models/user.rb
index 32cc08b11..f42787f5d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -126,6 +126,15 @@ class User < ActiveRecord::Base
   rescue => text
     raise text
   end
+  
+  # Returns the user who matches the given autologin +key+ or nil
+  def self.try_to_autologin(key)
+    token = Token.find_by_action_and_value('autologin', key)
+    if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active?
+      token.user.update_attribute(:last_login_on, Time.now)
+      token.user
+    end
+  end
 	
   # Return user's full name for display
   def name(formatter = nil)
@@ -199,11 +208,6 @@ class User < ActiveRecord::Base
     token && token.user.active? ? token.user : nil
   end
   
-  def self.find_by_autologin_key(key)
-    token = Token.find_by_action_and_value('autologin', key)
-    token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil
-  end
-  
   # Makes find_by_mail case-insensitive
   def self.find_by_mail(mail)
     find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index cf51ba93c..fb23e6bb7 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -160,18 +160,6 @@ class AccountControllerTest < Test::Unit::TestCase
     puts "Skipping openid tests."
   end
   
-  
-  def test_autologin
-    Setting.autologin = "7"
-    Token.delete_all
-    post :login, :username => 'admin', :password => 'admin', :autologin => 1
-    assert_redirected_to 'my/page'
-    token = Token.find :first
-    assert_not_nil token
-    assert_equal User.find_by_login('admin'), token.user
-    assert_equal 'autologin', token.action
-  end
-  
   def test_logout
     @request.session[:user_id] = 2
     get :logout
diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb
index 5c6f1cebd..a82743333 100644
--- a/test/integration/account_test.rb
+++ b/test/integration/account_test.rb
@@ -37,6 +37,38 @@ class AccountTest < ActionController::IntegrationTest
     assert_template "my/account"    
   end
   
+  def test_autologin
+    user = User.find(1)
+    Setting.autologin = "7"
+    Token.delete_all
+    
+    # User logs in with 'autologin' checked
+    post '/login', :username => user.login, :password => 'admin', :autologin => 1
+    assert_redirected_to 'my/page'
+    token = Token.find :first
+    assert_not_nil token
+    assert_equal user, token.user
+    assert_equal 'autologin', token.action
+    assert_equal user.id, session[:user_id]
+    assert_equal token.value, cookies['autologin']
+    
+    # Session is cleared
+    reset!
+    User.current = nil
+    # Clears user's last login timestamp
+    user.update_attribute :last_login_on, nil
+    assert_nil user.reload.last_login_on
+    
+    # User comes back with his autologin cookie
+    cookies[:autologin] = token.value
+    get '/my/page'
+    assert_response :success
+    assert_template 'my/page'
+    assert_equal user.id, session[:user_id]
+    assert_not_nil user.reload.last_login_on
+    assert user.last_login_on > 2.second.ago
+  end
+  
   def test_lost_password
     Token.delete_all