Commit dcb9cade authored by jplang's avatar jplang

Adds methods to User model to handle tokens.

git-svn-id: https://svn.redmine.org/redmine/trunk@16474 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 5e44c9d6
......@@ -280,13 +280,13 @@ class AccountController < ApplicationController
end
def set_autologin_cookie(user)
token = Token.create(:user => user, :action => 'autologin')
token = user.generate_autologin_token
secure = Redmine::Configuration['autologin_cookie_secure']
if secure.nil?
secure = request.ssl?
end
cookie_options = {
:value => token.value,
:value => token,
:expires => 1.year.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
:secure => secure,
......
......@@ -168,9 +168,10 @@ class ApplicationController < ActionController::Base
# Logs out current user
def logout_user
if User.current.logged?
cookies.delete(autologin_cookie_name)
Token.where(["user_id = ? AND action = ?", User.current.id, 'autologin']).delete_all
Token.where(["user_id = ? AND action = ? AND value = ?", User.current.id, 'session', session[:tk]]).delete_all
if autologin = cookies.delete(autologin_cookie_name)
User.current.delete_autologin_token(autologin)
end
User.current.delete_session_token(session[:tk])
self.logged_user = nil
end
end
......
......@@ -417,6 +417,20 @@ class User < Principal
token.value
end
def delete_session_token(value)
Token.where(:user_id => id, :action => 'session', :value => value).delete_all
end
# Generates a new autologin token and returns its value
def generate_autologin_token
token = Token.create!(:user_id => id, :action => 'autologin')
token.value
end
def delete_autologin_token(value)
Token.where(:user_id => id, :action => 'autologin', :value => value).delete_all
end
# Returns true if token is a valid session token for the user whose id is user_id
def self.verify_session_token(user_id, token)
return false if user_id.blank? || token.blank?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment