From b9ee00a8c8ba2fe2b32eb33d299d4764ebc2968b Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Tue, 4 Apr 2017 17:15:07 +0000 Subject: Adds methods to User model to handle tokens. git-svn-id: http://svn.redmine.org/redmine/trunk@16474 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 4 ++-- app/controllers/application_controller.rb | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 6bd7e02f5..842df6045 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -280,13 +280,13 @@ class AccountController < ApplicationController end def set_autologin_cookie(user) - token = Token.create(:user => user, :action => 'autologin') + token = user.generate_autologin_token secure = Redmine::Configuration['autologin_cookie_secure'] if secure.nil? secure = request.ssl? end cookie_options = { - :value => token.value, + :value => token, :expires => 1.year.from_now, :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'), :secure => secure, diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d3f549e46..f7bc95a7d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -168,9 +168,10 @@ class ApplicationController < ActionController::Base # Logs out current user def logout_user if User.current.logged? - cookies.delete(autologin_cookie_name) - Token.where(["user_id = ? AND action = ?", User.current.id, 'autologin']).delete_all - Token.where(["user_id = ? AND action = ? AND value = ?", User.current.id, 'session', session[:tk]]).delete_all + if autologin = cookies.delete(autologin_cookie_name) + User.current.delete_autologin_token(autologin) + end + User.current.delete_session_token(session[:tk]) self.logged_user = nil end end -- cgit v1.2.3