From 7eb64715595abded9e5ef4bcbc06aa203c6f23a8 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sun, 6 May 2007 12:49:32 +0000 Subject: Added autologin feature (disabled by default). To enable this feature, go to administration settings and choose a duration for autologin. When enabled, a checkbox on the login form lets users activate autologin. git-svn-id: http://redmine.rubyforge.org/svn/trunk@514 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 7 +++++++ app/controllers/application.rb | 7 +++++++ app/models/setting.rb | 2 +- app/models/user.rb | 5 +++++ app/views/account/login.rhtml | 9 ++++++--- app/views/settings/edit.rhtml | 23 ++++++++++++++--------- 6 files changed, 40 insertions(+), 13 deletions(-) (limited to 'app') diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 61c71557a..9b54a90ec 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -42,6 +42,11 @@ class AccountController < ApplicationController user = User.try_to_login(params[:login], params[:password]) if user self.logged_in_user = user + # generate a key and set cookie if autologin + if params[:autologin] && Setting.autologin? + token = Token.create(:user => user, :action => 'autologin') + cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now } + end redirect_back_or_default :controller => 'my', :action => 'page' else flash.now[:notice] = l(:notice_account_invalid_creditentials) @@ -51,6 +56,8 @@ class AccountController < ApplicationController # Log out current user and redirect to welcome page def logout + cookies.delete :autologin + Token.delete_all(["user_id = ? AND action = ?", logged_in_user.id, "autologin"]) if logged_in_user self.logged_in_user = nil redirect_to :controller => 'welcome' end diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 2a8e15155..54e4768b6 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -40,6 +40,13 @@ class ApplicationController < ActionController::Base # check if login is globally required to access the application def check_if_login_required + # no check needed if user is already logged in + return true if logged_in_user + # auto-login feature + autologin_key = cookies[:autologin] + if autologin_key && Setting.autologin? + self.logged_in_user = User.find_by_autologin_key(autologin_key) + end require_login if Setting.login_required? end diff --git a/app/models/setting.rb b/app/models/setting.rb index 56f7a5242..ecca01c28 100644 --- a/app/models/setting.rb +++ b/app/models/setting.rb @@ -49,7 +49,7 @@ class Setting < ActiveRecord::Base end def self.#{name}? - self[:#{name}].to_s == "1" + self[:#{name}].to_i > 0 end def self.#{name}=(value) diff --git a/app/models/user.rb b/app/models/user.rb index 6ae1301e7..1c5613856 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -141,6 +141,11 @@ class User < ActiveRecord::Base token = Token.find_by_value(key) token && token.user.active? ? token.user : nil end + + def self.find_by_autologin_key(key) + token = Token.find_by_action_and_value('autologin', key) + token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil + end def <=>(user) lastname == user.lastname ? firstname <=> user.firstname : lastname <=> user.lastname diff --git a/app/views/account/login.rhtml b/app/views/account/login.rhtml index 7148bdd7d..08d462c61 100644 --- a/app/views/account/login.rhtml +++ b/app/views/account/login.rhtml @@ -3,23 +3,26 @@

<%=l(:label_please_login)%>

<% form_tag({:action=> "login"}, :class => "tabular") do %> +

<%= text_field_tag 'login', nil, :size => 25 %>

<%= password_field_tag 'password', nil, :size => 25 %>

-

+<% if Setting.autologin? %> +

+<% end %> + +

<% end %> <%= javascript_tag "Form.Element.focus('login');" %> -
<% links = [] links << link_to(l(:label_register), :action => 'register') if Setting.self_registration? links << link_to(l(:label_password_lost), :action => 'lost_password') if Setting.lost_password? %> <%= links.join(" | ") %> -

\ No newline at end of file diff --git a/app/views/settings/edit.rhtml b/app/views/settings/edit.rhtml index 057a988de..f88d3f14a 100644 --- a/app/views/settings/edit.rhtml +++ b/app/views/settings/edit.rhtml @@ -15,15 +15,6 @@

<%= select_tag 'settings[default_language]', options_for_select( lang_options_for_select(false), Setting.default_language) %>

-

-<%= check_box_tag 'settings[login_required]', 1, Setting.login_required? %><%= hidden_field_tag 'settings[login_required]', 0 %>

- -

-<%= check_box_tag 'settings[self_registration]', 1, Setting.self_registration? %><%= hidden_field_tag 'settings[self_registration]', 0 %>

- -

-<%= check_box_tag 'settings[lost_password]', 1, Setting.lost_password? %><%= hidden_field_tag 'settings[lost_password]', 0 %>

-

<%= text_field_tag 'settings[attachment_max_size]', Setting.attachment_max_size, :size => 6 %> KB

@@ -52,6 +43,20 @@ <%= check_box_tag 'settings[sys_api_enabled]', 1, Setting.sys_api_enabled? %><%= hidden_field_tag 'settings[sys_api_enabled]', 0 %>

+
<%= l(:label_authentication) %> +

+<%= check_box_tag 'settings[login_required]', 1, Setting.login_required? %><%= hidden_field_tag 'settings[login_required]', 0 %>

+ +

+<%= select_tag 'settings[autologin]', options_for_select( [[l(:label_disabled), "0"]] + [1, 7, 30, 365].collect{|days| [lwr(:actionview_datehelper_time_in_words_day, days), days.to_s]}, Setting.autologin) %>

+ +

+<%= check_box_tag 'settings[self_registration]', 1, Setting.self_registration? %><%= hidden_field_tag 'settings[self_registration]', 0 %>

+ +

+<%= check_box_tag 'settings[lost_password]', 1, Setting.lost_password? %><%= hidden_field_tag 'settings[lost_password]', 0 %>

+
+
<%= l(:text_issues_ref_in_commit_messages) %>

<%= text_field_tag 'settings[commit_ref_keywords]', Setting.commit_ref_keywords, :size => 30 %>
<%= l(:text_coma_separated) %>

-- cgit v1.2.3