remember-me: make this feature default

that's usually the default behaviour nowadays so that users don't need to relogin after a browser restart

remember-me: make this feature default
that's usually the default behaviour nowadays so that users don't need to relogin after a browser restart
Braulio Bhavamitra
1 parent a067af01
Showing 7 changed files with 33 additions and 22 deletions Show diff stats
app/controllers/application_controller.rb
app/controllers/public/account_controller.rb
app/models/user.rb
app/views/account/login.html.erb
lib/authenticated_system.rb
po/pt/noosfero.po
test/functional/account_controller_test.rb
@@ -7,7 +7,10 @@ class ApplicationController &lt; ActionController::Base
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
   before_filter :allow_cross_domain_access
+
+  before_filter :login_from_cookie
   before_filter :login_required, :if => :private_environment?
+
   before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
   before_filter :redirect_to_current_user
  
@@ -50,10 +50,12 @@ class AccountController &lt; ApplicationController
  
     if logged_in?
       check_join_in_community(self.current_user)
+
       if params[:remember_me] == "1"
         self.current_user.remember_me
-        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+        cookies[:auth_token] = {value: self.current_user.remember_token, expires: self.current_user.remember_token_expires_at}
       end
+
       if redirect?
         go_to_initial_page
         session[:notice] = _("Logged in successfully")
@@ -249,8 +249,9 @@ class User &lt; ActiveRecord::Base
  
   # These create and unset the fields required for remembering users between browser closes
   def remember_me
-    self.remember_token_expires_at = 2.weeks.from_now.utc
-    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+    self.remember_token_expires_at = 1.months.from_now.utc
+    # if the user's email/password changes this won't be valid anymore
+    self.remember_token = encrypt "#{email}-#{self.crypted_password}-#{remember_token_expires_at}"
     save(:validate => false)
   end
  
@@ -13,7 +13,14 @@
  
      <%= f.password_field :password %>
  
-     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+     <div class='checkbox'>
+       <label>
+         <%= check_box_tag :remember_me, '1', true %>
+         <%= _'Keep me logged in' %>
+       </label>
+     </div>
+
+     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
  
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
@@ -138,14 +138,9 @@ module AuthenticatedSystem
     # When called with before_filter :login_from_cookie will check for an :auth_token
     # cookie and log the user back in if apropriate
     def login_from_cookie
-      return unless cookies[:auth_token] && !logged_in?
-      user = User.find_by_remember_token(cookies[:auth_token])
-      if user && user.remember_token?
-        user.remember_me
-        self.current_user = user
-        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
-        flash[:notice] = "Logged in successfully"
-      end
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
     end
  
   private
@@ -8345,6 +8345,10 @@ msgstr &quot;Continuar&quot;
 msgid "Log in"
 msgstr "Entrar"
  
+#: app/views/account/login.html.erb:19
+msgid "Keep me logged in"
+msgstr "Mantenha-me logado"
+
 #: app/views/account/login.html.erb:33
 #: app/views/account/login_block.html.erb:31
 msgid "I forgot my password!"
@@ -129,15 +129,14 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert_nil @response.cookies["auth_token"]
   end
  
-  # "remember_me" feature is disabled; uncommend this if it is enabled again.
-  # def test_should_login_with_cookie
-  #   users(:johndoe).remember_me
-  #   @request.cookies["auth_token"] = cookie_for(:johndoe)
-  #   get :index
-  #   assert @controller.send(:logged_in?)
-  # end
-
-  def test_should_fail_expired_cookie_login
+  should 'login with cookie' do
+    users(:johndoe).remember_me
+    @request.cookies["auth_token"] = cookie_for(:johndoe)
+    get :index
+    assert @controller.send(:logged_in?)
+  end
+
+  should 'fail expired cookie login' do
     users(:johndoe).remember_me
     users(:johndoe).update_attribute :remember_token_expires_at, 5.minutes.ago
     @request.cookies["auth_token"] = cookie_for(:johndoe)
@@ -145,7 +144,7 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert !@controller.send(:logged_in?)
   end
  
-  def test_should_fail_cookie_login
+  should 'fail cookie login' do
     users(:johndoe).remember_me
     @request.cookies["auth_token"] = auth_token('invalid_auth_token')
     get :index
...	...	@@ -7,7 +7,10 @@ class ApplicationController < ActionController::Base
7	7	before_filter :detect_stuff_by_domain
8	8	before_filter :init_noosfero_plugins
9	9	before_filter :allow_cross_domain_access
	10	+
	11	+ before_filter :login_from_cookie
10	12	before_filter :login_required, :if => :private_environment?
	13	+
11	14	before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
12	15	before_filter :redirect_to_current_user
13	16
...	...
...	...	@@ -50,10 +50,12 @@ class AccountController < ApplicationController
50	50
51	51	if logged_in?
52	52	check_join_in_community(self.current_user)
	53	+
53	54	if params[:remember_me] == "1"
54	55	self.current_user.remember_me
55		- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
	56	+ cookies[:auth_token] = {value: self.current_user.remember_token, expires: self.current_user.remember_token_expires_at}
56	57	end
	58	+
57	59	if redirect?
58	60	go_to_initial_page
59	61	session[:notice] = _("Logged in successfully")
...	...
...	...	@@ -249,8 +249,9 @@ class User < ActiveRecord::Base
249	249
250	250	# These create and unset the fields required for remembering users between browser closes
251	251	def remember_me
252		- self.remember_token_expires_at = 2.weeks.from_now.utc
253		- self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
	252	+ self.remember_token_expires_at = 1.months.from_now.utc
	253	+ # if the user's email/password changes this won't be valid anymore
	254	+ self.remember_token = encrypt "#{email}-#{self.crypted_password}-#{remember_token_expires_at}"
254	255	save(:validate => false)
255	256	end
256	257
...	...
...	...	@@ -13,7 +13,14 @@
13	13
14	14	<%= f.password_field :password %>
15	15
16		- <%= @plugins.dispatch(:login_extra_contents).collect { \|content\| instance_eval(&content) }.join("") %>
	16	+ <div class='checkbox'>
	17	+ <label>
	18	+ <%= check_box_tag :remember_me, '1', true %>
	19	+ <%= _'Keep me logged in' %>
	20	+ </label>
	21	+ </div>
	22	+
	23	+ <%= @plugins.dispatch(:login_extra_contents).collect { \|content\| instance_exec(&content) }.join("") %>
17	24
18	25	<% button_bar do %>
19	26	<%= submit_button( 'login', _('Log in') )%>
...	...
...	...	@@ -138,14 +138,9 @@ module AuthenticatedSystem
138	138	# When called with before_filter :login_from_cookie will check for an :auth_token
139	139	# cookie and log the user back in if apropriate
140	140	def login_from_cookie
141		- return unless cookies[:auth_token] && !logged_in?
142		- user = User.find_by_remember_token(cookies[:auth_token])
143		- if user && user.remember_token?
144		- user.remember_me
145		- self.current_user = user
146		- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
147		- flash[:notice] = "Logged in successfully"
148		- end
	141	+ return if cookies[:auth_token].blank? or logged_in?
	142	+ user = User.where(remember_token: cookies[:auth_token]).first
	143	+ self.current_user = user if user and user.remember_token?
149	144	end
150	145
151	146	private
...	...
...	...	@@ -8345,6 +8345,10 @@ msgstr "Continuar"
8345	8345	msgid "Log in"
8346	8346	msgstr "Entrar"
8347	8347
	8348	+#: app/views/account/login.html.erb:19
	8349	+msgid "Keep me logged in"
	8350	+msgstr "Mantenha-me logado"
	8351	+
8348	8352	#: app/views/account/login.html.erb:33
8349	8353	#: app/views/account/login_block.html.erb:31
8350	8354	msgid "I forgot my password!"
...	...
...	...	@@ -129,15 +129,14 @@ class AccountControllerTest < ActionController::TestCase
129	129	assert_nil @response.cookies["auth_token"]
130	130	end
131	131
132		- # "remember_me" feature is disabled; uncommend this if it is enabled again.
133		- # def test_should_login_with_cookie
134		- # users(:johndoe).remember_me
135		- # @request.cookies["auth_token"] = cookie_for(:johndoe)
136		- # get :index
137		- # assert @controller.send(:logged_in?)
138		- # end
139		-
140		- def test_should_fail_expired_cookie_login
	132	+ should 'login with cookie' do
	133	+ users(:johndoe).remember_me
	134	+ @request.cookies["auth_token"] = cookie_for(:johndoe)
	135	+ get :index
	136	+ assert @controller.send(:logged_in?)
	137	+ end
	138	+
	139	+ should 'fail expired cookie login' do
141	140	users(:johndoe).remember_me
142	141	users(:johndoe).update_attribute :remember_token_expires_at, 5.minutes.ago
143	142	@request.cookies["auth_token"] = cookie_for(:johndoe)
...	...	@@ -145,7 +144,7 @@ class AccountControllerTest < ActionController::TestCase
145	144	assert !@controller.send(:logged_in?)
146	145	end
147	146
148		- def test_should_fail_cookie_login
	147	+ should 'fail cookie login' do
149	148	users(:johndoe).remember_me
150	149	@request.cookies["auth_token"] = auth_token('invalid_auth_token')
151	150	get :index
...	...