Commit 2f550a3d authored by jplang's avatar jplang

Fixed that autologin is broken when using a custom cookie name (#13335).

git-svn-id: https://svn.redmine.org/redmine/trunk@11519 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 4342f63f
......@@ -230,7 +230,6 @@ class AccountController < ApplicationController
def set_autologin_cookie(user)
token = Token.create(:user => user, :action => 'autologin')
cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
cookie_options = {
:value => token.value,
:expires => 1.year.from_now,
......@@ -238,7 +237,7 @@ class AccountController < ApplicationController
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
:httponly => true
}
cookies[cookie_name] = cookie_options
cookies[autologin_cookie_name] = cookie_options
end
# Onthefly creation failed, display the registration form to fill/fix attributes
......
......@@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base
protect_from_forgery
def handle_unverified_request
super
cookies.delete(:autologin)
cookies.delete(autologin_cookie_name)
end
before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
......@@ -127,10 +127,14 @@ class ApplicationController < ActionController::Base
user
end
def autologin_cookie_name
Redmine::Configuration['autologin_cookie_name'].presence || 'autologin'
end
def try_to_autologin
if cookies[:autologin] && Setting.autologin?
if cookies[autologin_cookie_name] && Setting.autologin?
# auto-login feature starts a new session
user = User.try_to_autologin(cookies[:autologin])
user = User.try_to_autologin(cookies[autologin_cookie_name])
if user
reset_session
start_user_session(user)
......
......@@ -68,6 +68,28 @@ class AccountTest < ActionController::IntegrationTest
assert_not_nil user.reload.last_login_on
end
def test_autologin_should_use_autologin_cookie_name
Token.delete_all
Redmine::Configuration.stubs(:[]).with('autologin_cookie_name').returns('custom_autologin')
Redmine::Configuration.stubs(:[]).with('autologin_cookie_path').returns('/')
Redmine::Configuration.stubs(:[]).with('autologin_cookie_secure').returns(false)
with_settings :autologin => '7' do
assert_difference 'Token.count' do
post '/login', :username => 'admin', :password => 'admin', :autologin => 1
end
assert_response 302
assert cookies['custom_autologin'].present?
token = cookies['custom_autologin']
# Session is cleared
reset!
cookies['custom_autologin'] = token
get '/my/page'
assert_response :success
end
end
def test_lost_password
Token.delete_all
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment