Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-02 11:25:55 +01:00
Code Issues Packages Projects Releases Activity

Adds methods to User model to handle tokens.

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@16474 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2017-04-04 17:15:07 +00:00
parent 5c7aaa4d1e
commit b9ee00a8c8
3 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/account_controller.rb
View File

@@ -280,13 +280,13 @@ class AccountController < ApplicationController
end end
def set_autologin_cookie(user) def set_autologin_cookie(user)
token = Token.create(:user => user, :action => 'autologin') token = user.generate_autologin_token
secure = Redmine::Configuration['autologin_cookie_secure'] secure = Redmine::Configuration['autologin_cookie_secure']
if secure.nil? if secure.nil?
secure = request.ssl? secure = request.ssl?
end end
cookie_options = { cookie_options = {
:value => token.value, :value => token,
:expires => 1.year.from_now, :expires => 1.year.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'), :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
:secure => secure, :secure => secure,

7
app/controllers/application_controller.rb
View File

@@ -168,9 +168,10 @@ class ApplicationController < ActionController::Base
# Logs out current user # Logs out current user
def logout_user def logout_user
if User.current.logged? if User.current.logged?
cookies.delete(autologin_cookie_name) if autologin = cookies.delete(autologin_cookie_name)
Token.where(["user_id = ? AND action = ?", User.current.id, 'autologin']).delete_all User.current.delete_autologin_token(autologin)
Token.where(["user_id = ? AND action = ? AND value = ?", User.current.id, 'session', session[:tk]]).delete_all end
User.current.delete_session_token(session[:tk])
self.logged_user = nil self.logged_user = nil
end end
end end

14
app/models/user.rb
View File

@@ -417,6 +417,20 @@ class User < Principal
token.value token.value
end end
def delete_session_token(value)
Token.where(:user_id => id, :action => 'session', :value => value).delete_all
end
# Generates a new autologin token and returns its value
def generate_autologin_token
token = Token.create!(:user_id => id, :action => 'autologin')
token.value
end
def delete_autologin_token(value)
Token.where(:user_id => id, :action => 'autologin', :value => value).delete_all
end
# Returns true if token is a valid session token for the user whose id is user_id # Returns true if token is a valid session token for the user whose id is user_id
def self.verify_session_token(user_id, token) def self.verify_session_token(user_id, token)
return false if user_id.blank? || token.blank? return false if user_id.blank? || token.blank?