Fixed that autologin is broken when using a custom cookie name (#13335).

git-svn-id: https://svn.redmine.org/redmine/trunk@11519 e93f8b46-1217-0410-a6f0-8f06a7374b81

Fixed that autologin is broken when using a custom cookie name (#13335).
git-svn-id: https://svn.redmine.org/redmine/trunk@11519 e93f8b46-1217-0410-a6f0-8f06a7374b81
2f550a3d · jplang · 4342f63f · 2f550a3d · 2f550a3d · 2f550a3d
Commit 2f550a3d authored Mar 02, 2013 by jplang
3 changed files
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -230,7 +230,6 @@ class AccountController < ApplicationController

  def set_autologin_cookie(user)
    token = Token.create(:user => user, :action => 'autologin')
-    cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
    cookie_options = {
      :value => token.value,
      :expires => 1.year.from_now,
@@ -238,7 +237,7 @@ class AccountController < ApplicationController
      :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
      :httponly => true
    }
-    cookies[cookie_name] = cookie_options
+    cookies[autologin_cookie_name] = cookie_options
  end

  # Onthefly creation failed, display the registration form to fill/fix attributes

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base
  protect_from_forgery
  def handle_unverified_request
    super
-    cookies.delete(:autologin)
+    cookies.delete(autologin_cookie_name)
  end

  before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
@@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base
    user
  end

+  def autologin_cookie_name
+    Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
+  end
+
  def try_to_autologin
-    if cookies[:autologin] && Setting.autologin?
+    if cookies[autologin_cookie_name] && Setting.autologin?
      # auto-login feature starts a new session
-      user = User.try_to_autologin(cookies[:autologin])
+      user = User.try_to_autologin(cookies[autologin_cookie_name])
      if user
        reset_session
        start_user_session(user)

--- a/test/integration/account_test.rb
+++ b/test/integration/account_test.rb
@@ -68,6 +68,28 @@ class AccountTest < ActionController::IntegrationTest
    assert_not_nil user.reload.last_login_on
  end

+  def test_autologin_should_use_autologin_cookie_name
+    Token.delete_all
+    Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
+    Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
+    Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
+
+    with_settings :autologin => '7' do
+      assert_difference 'Token.count' do
+        post '/login', :username => 'admin', :password => 'admin', :autologin => 1
+      end
+      assert_response 302
+      assert cookies['custom_autologin'].present?
+      token = cookies['custom_autologin']
+  
+      # Session is cleared
+      reset!
+      cookies['custom_autologin'] = token
+      get '/my/page'
+      assert_response :success
+    end
+  end
+
  def test_lost_password
    Token.delete_all