Revision 2524
Added by Jean-Philippe Lang over 16 years ago
| trunk/app/controllers/account_controller.rb | ||
|---|---|---|
| 150 | 150 |
redirect_to :action => 'login' |
| 151 | 151 |
end |
| 152 | 152 |
|
| 153 |
private |
|
| 154 |
def logged_user=(user) |
|
| 155 |
if user && user.is_a?(User) |
|
| 156 |
User.current = user |
|
| 157 |
session[:user_id] = user.id |
|
| 158 |
else |
|
| 159 |
User.current = User.anonymous |
|
| 160 |
session[:user_id] = nil |
|
| 161 |
end |
|
| 162 |
end |
|
| 163 |
|
|
| 153 |
private |
|
| 154 | ||
| 164 | 155 |
def password_authentication |
| 165 | 156 |
user = User.try_to_login(params[:username], params[:password]) |
| 166 | 157 |
if user.nil? |
| trunk/app/controllers/application.rb | ||
|---|---|---|
| 46 | 46 |
# Check the settings cache for each request |
| 47 | 47 |
Setting.check_cache |
| 48 | 48 |
# Find the current user |
| 49 |
User.current = find_current_user
|
|
| 49 |
self.logged_user = find_current_user
|
|
| 50 | 50 |
end |
| 51 | 51 |
|
| 52 | 52 |
# Returns the current user or nil if no user is logged in |
| ... | ... | |
| 56 | 56 |
(User.active.find(session[:user_id]) rescue nil) |
| 57 | 57 |
elsif cookies[:autologin] && Setting.autologin? |
| 58 | 58 |
# auto-login feature |
| 59 |
User.find_by_autologin_key(cookies[:autologin])
|
|
| 59 |
User.try_to_autologin(cookies[:autologin])
|
|
| 60 | 60 |
elsif params[:key] && accept_key_auth_actions.include?(params[:action]) |
| 61 | 61 |
# RSS key authentication |
| 62 | 62 |
User.find_by_rss_key(params[:key]) |
| 63 | 63 |
end |
| 64 | 64 |
end |
| 65 | 65 |
|
| 66 |
# Sets the logged in user |
|
| 67 |
def logged_user=(user) |
|
| 68 |
if user && user.is_a?(User) |
|
| 69 |
User.current = user |
|
| 70 |
session[:user_id] = user.id |
|
| 71 |
else |
|
| 72 |
User.current = User.anonymous |
|
| 73 |
session[:user_id] = nil |
|
| 74 |
end |
|
| 75 |
end |
|
| 76 |
|
|
| 66 | 77 |
# check if login is globally required to access the application |
| 67 | 78 |
def check_if_login_required |
| 68 | 79 |
# no check needed if user is already logged in |
| trunk/app/models/user.rb | ||
|---|---|---|
| 126 | 126 |
rescue => text |
| 127 | 127 |
raise text |
| 128 | 128 |
end |
| 129 |
|
|
| 130 |
# Returns the user who matches the given autologin +key+ or nil |
|
| 131 |
def self.try_to_autologin(key) |
|
| 132 |
token = Token.find_by_action_and_value('autologin', key)
|
|
| 133 |
if token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user && token.user.active? |
|
| 134 |
token.user.update_attribute(:last_login_on, Time.now) |
|
| 135 |
token.user |
|
| 136 |
end |
|
| 137 |
end |
|
| 129 | 138 |
|
| 130 | 139 |
# Return user's full name for display |
| 131 | 140 |
def name(formatter = nil) |
| ... | ... | |
| 199 | 208 |
token && token.user.active? ? token.user : nil |
| 200 | 209 |
end |
| 201 | 210 |
|
| 202 |
def self.find_by_autologin_key(key) |
|
| 203 |
token = Token.find_by_action_and_value('autologin', key)
|
|
| 204 |
token && (token.created_on > Setting.autologin.to_i.day.ago) && token.user.active? ? token.user : nil |
|
| 205 |
end |
|
| 206 |
|
|
| 207 | 211 |
# Makes find_by_mail case-insensitive |
| 208 | 212 |
def self.find_by_mail(mail) |
| 209 | 213 |
find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase]) |
| trunk/test/functional/account_controller_test.rb | ||
|---|---|---|
| 160 | 160 |
puts "Skipping openid tests." |
| 161 | 161 |
end |
| 162 | 162 |
|
| 163 |
|
|
| 164 |
def test_autologin |
|
| 165 |
Setting.autologin = "7" |
|
| 166 |
Token.delete_all |
|
| 167 |
post :login, :username => 'admin', :password => 'admin', :autologin => 1 |
|
| 168 |
assert_redirected_to 'my/page' |
|
| 169 |
token = Token.find :first |
|
| 170 |
assert_not_nil token |
|
| 171 |
assert_equal User.find_by_login('admin'), token.user
|
|
| 172 |
assert_equal 'autologin', token.action |
|
| 173 |
end |
|
| 174 |
|
|
| 175 | 163 |
def test_logout |
| 176 | 164 |
@request.session[:user_id] = 2 |
| 177 | 165 |
get :logout |
| trunk/test/integration/account_test.rb | ||
|---|---|---|
| 37 | 37 |
assert_template "my/account" |
| 38 | 38 |
end |
| 39 | 39 |
|
| 40 |
def test_autologin |
|
| 41 |
user = User.find(1) |
|
| 42 |
Setting.autologin = "7" |
|
| 43 |
Token.delete_all |
|
| 44 |
|
|
| 45 |
# User logs in with 'autologin' checked |
|
| 46 |
post '/login', :username => user.login, :password => 'admin', :autologin => 1 |
|
| 47 |
assert_redirected_to 'my/page' |
|
| 48 |
token = Token.find :first |
|
| 49 |
assert_not_nil token |
|
| 50 |
assert_equal user, token.user |
|
| 51 |
assert_equal 'autologin', token.action |
|
| 52 |
assert_equal user.id, session[:user_id] |
|
| 53 |
assert_equal token.value, cookies['autologin'] |
|
| 54 |
|
|
| 55 |
# Session is cleared |
|
| 56 |
reset! |
|
| 57 |
User.current = nil |
|
| 58 |
# Clears user's last login timestamp |
|
| 59 |
user.update_attribute :last_login_on, nil |
|
| 60 |
assert_nil user.reload.last_login_on |
|
| 61 |
|
|
| 62 |
# User comes back with his autologin cookie |
|
| 63 |
cookies[:autologin] = token.value |
|
| 64 |
get '/my/page' |
|
| 65 |
assert_response :success |
|
| 66 |
assert_template 'my/page' |
|
| 67 |
assert_equal user.id, session[:user_id] |
|
| 68 |
assert_not_nil user.reload.last_login_on |
|
| 69 |
assert user.last_login_on > 2.second.ago |
|
| 70 |
end |
|
| 71 |
|
|
| 40 | 72 |
def test_lost_password |
| 41 | 73 |
Token.delete_all |
| 42 | 74 |
|
Also available in: Unified diff
Fixed: When logging in via an autologin cookie the user's last_login_on should be updated (#2820).