From 28460adbef237e785a512c68f602050213b4bfd8 Mon Sep 17 00:00:00 2001 From: Braulio Bhavamitra Date: Sat, 18 Jul 2015 20:39:38 -0300 Subject: [PATCH] remember-me: make this feature default --- app/controllers/application_controller.rb | 3 +++ app/controllers/public/account_controller.rb | 4 +++- app/models/user.rb | 5 +++-- app/views/account/login.html.erb | 9 ++++++++- lib/authenticated_system.rb | 11 +++-------- po/pt/noosfero.po | 4 ++++ test/functional/account_controller_test.rb | 19 +++++++++---------- 7 files changed, 33 insertions(+), 22 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 74a80d0..fa86383 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,7 +7,10 @@ class ApplicationController < ActionController::Base before_filter :detect_stuff_by_domain before_filter :init_noosfero_plugins before_filter :allow_cross_domain_access + + before_filter :login_from_cookie before_filter :login_required, :if => :private_environment? + before_filter :verify_members_whitelist, :if => [:private_environment?, :user] before_filter :redirect_to_current_user diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb index 18f6419..9b95673 100644 --- a/app/controllers/public/account_controller.rb +++ b/app/controllers/public/account_controller.rb @@ -50,10 +50,12 @@ class AccountController < ApplicationController if logged_in? check_join_in_community(self.current_user) + if params[:remember_me] == "1" self.current_user.remember_me - cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at } + cookies[:auth_token] = {value: self.current_user.remember_token, expires: self.current_user.remember_token_expires_at} end + if redirect? go_to_initial_page session[:notice] = _("Logged in successfully") diff --git a/app/models/user.rb b/app/models/user.rb index b132e32..b25801a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -249,8 +249,9 @@ class User < ActiveRecord::Base # These create and unset the fields required for remembering users between browser closes def remember_me - self.remember_token_expires_at = 2.weeks.from_now.utc - self.remember_token = encrypt("#{email}--#{remember_token_expires_at}") + self.remember_token_expires_at = 1.months.from_now.utc + # if the user's email/password changes this won't be valid anymore + self.remember_token = encrypt "#{email}-#{self.crypted_password}-#{remember_token_expires_at}" save(:validate => false) end diff --git a/app/views/account/login.html.erb b/app/views/account/login.html.erb index 9f3e747..5f978c5 100644 --- a/app/views/account/login.html.erb +++ b/app/views/account/login.html.erb @@ -13,7 +13,14 @@ <%= f.password_field :password %> - <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %> +
+ +
+ + <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }.join("") %> <% button_bar do %> <%= submit_button( 'login', _('Log in') )%> diff --git a/lib/authenticated_system.rb b/lib/authenticated_system.rb index ee95a63..3c5d091 100644 --- a/lib/authenticated_system.rb +++ b/lib/authenticated_system.rb @@ -138,14 +138,9 @@ module AuthenticatedSystem # When called with before_filter :login_from_cookie will check for an :auth_token # cookie and log the user back in if apropriate def login_from_cookie - return unless cookies[:auth_token] && !logged_in? - user = User.find_by_remember_token(cookies[:auth_token]) - if user && user.remember_token? - user.remember_me - self.current_user = user - cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at } - flash[:notice] = "Logged in successfully" - end + return if cookies[:auth_token].blank? or logged_in? + user = User.where(remember_token: cookies[:auth_token]).first + self.current_user = user if user and user.remember_token? end private diff --git a/po/pt/noosfero.po b/po/pt/noosfero.po index c14f181..0ed970c 100644 --- a/po/pt/noosfero.po +++ b/po/pt/noosfero.po @@ -8345,6 +8345,10 @@ msgstr "Continuar" msgid "Log in" msgstr "Entrar" +#: app/views/account/login.html.erb:19 +msgid "Keep me logged in" +msgstr "Mantenha-me logado" + #: app/views/account/login.html.erb:33 #: app/views/account/login_block.html.erb:31 msgid "I forgot my password!" diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index e6511b9..b07883c 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -129,15 +129,14 @@ class AccountControllerTest < ActionController::TestCase assert_nil @response.cookies["auth_token"] end - # "remember_me" feature is disabled; uncommend this if it is enabled again. - # def test_should_login_with_cookie - # users(:johndoe).remember_me - # @request.cookies["auth_token"] = cookie_for(:johndoe) - # get :index - # assert @controller.send(:logged_in?) - # end - - def test_should_fail_expired_cookie_login + should 'login with cookie' do + users(:johndoe).remember_me + @request.cookies["auth_token"] = cookie_for(:johndoe) + get :index + assert @controller.send(:logged_in?) + end + + should 'fail expired cookie login' do users(:johndoe).remember_me users(:johndoe).update_attribute :remember_token_expires_at, 5.minutes.ago @request.cookies["auth_token"] = cookie_for(:johndoe) @@ -145,7 +144,7 @@ class AccountControllerTest < ActionController::TestCase assert !@controller.send(:logged_in?) end - def test_should_fail_cookie_login + should 'fail cookie login' do users(:johndoe).remember_me @request.cookies["auth_token"] = auth_token('invalid_auth_token') get :index -- libgit2 0.21.2