remember-me: make this feature default

that's usually the default behaviour nowadays so that users don't need to relogin after a browser restart

remember-me: make this feature default
that's usually the default behaviour nowadays so that users don't need to relogin after a browser restart
Braulio Bhavamitra
1 parent a067af01
Showing 7 changed files with 33 additions and 22 deletions Show diff stats
app/controllers/application_controller.rb
app/controllers/public/account_controller.rb
app/models/user.rb
app/views/account/login.html.erb
lib/authenticated_system.rb
po/pt/noosfero.po
test/functional/account_controller_test.rb
@@ -7,7 +7,10 @@ class ApplicationController &lt; ActionController::Base
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
   before_filter :allow_cross_domain_access
+
+  before_filter :login_from_cookie
   before_filter :login_required, :if => :private_environment?
+
   before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
   before_filter :redirect_to_current_user
@@ -50,10 +50,12 @@ class AccountController &lt; ApplicationController
     if logged_in?
       check_join_in_community(self.current_user)
+
       if params[:remember_me] == "1"
         self.current_user.remember_me
-        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+        cookies[:auth_token] = {value: self.current_user.remember_token, expires: self.current_user.remember_token_expires_at}
       end
+
       if redirect?
         go_to_initial_page
         session[:notice] = _("Logged in successfully")
@@ -249,8 +249,9 @@ class User &lt; ActiveRecord::Base
   # These create and unset the fields required for remembering users between browser closes
   def remember_me
-    self.remember_token_expires_at = 2.weeks.from_now.utc
-    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+    self.remember_token_expires_at = 1.months.from_now.utc
+    # if the user's email/password changes this won't be valid anymore
+    self.remember_token = encrypt "#{email}-#{self.crypted_password}-#{remember_token_expires_at}"
     save(:validate => false)
   end
@@ -13,7 +13,14 @@
      <%= f.password_field :password %>
-     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+     <div class='checkbox'>
+       <label>
+         <%= check_box_tag :remember_me, '1', true %>
+         <%= _'Keep me logged in' %>
+       </label>
+     </div>
+
+     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
@@ -138,14 +138,9 @@ module AuthenticatedSystem
     # When called with before_filter :login_from_cookie will check for an :auth_token
     # cookie and log the user back in if apropriate
     def login_from_cookie
-      return unless cookies[:auth_token] && !logged_in?
-      user = User.find_by_remember_token(cookies[:auth_token])
-      if user && user.remember_token?
-        user.remember_me
-        self.current_user = user
-        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
-        flash[:notice] = "Logged in successfully"
-      end
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
     end
   private
@@ -8345,6 +8345,10 @@ msgstr &quot;Continuar&quot;
 msgid "Log in"
 msgstr "Entrar"
+#: app/views/account/login.html.erb:19
+msgid "Keep me logged in"
+msgstr "Mantenha-me logado"
+
 #: app/views/account/login.html.erb:33
 #: app/views/account/login_block.html.erb:31
 msgid "I forgot my password!"
@@ -129,15 +129,14 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert_nil @response.cookies["auth_token"]
   end
-  # "remember_me" feature is disabled; uncommend this if it is enabled again.
-  # def test_should_login_with_cookie
-  #   users(:johndoe).remember_me
-  #   @request.cookies["auth_token"] = cookie_for(:johndoe)
-  #   get :index
-  #   assert @controller.send(:logged_in?)
-  # end
-
-  def test_should_fail_expired_cookie_login
+  should 'login with cookie' do
+    users(:johndoe).remember_me
+    @request.cookies["auth_token"] = cookie_for(:johndoe)
+    get :index
+    assert @controller.send(:logged_in?)
+  end
+
+  should 'fail expired cookie login' do
     users(:johndoe).remember_me
     users(:johndoe).update_attribute :remember_token_expires_at, 5.minutes.ago
     @request.cookies["auth_token"] = cookie_for(:johndoe)
@@ -145,7 +144,7 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert !@controller.send(:logged_in?)
   end
-  def test_should_fail_cookie_login
+  should 'fail cookie login' do
     users(:johndoe).remember_me
     @request.cookies["auth_token"] = auth_token('invalid_auth_token')
     get :index
	@@ -13,7 +13,14 @@		@@ -13,7 +13,14 @@
13		13
14	<%= f.password_field :password %>	14	<%= f.password_field :password %>
15		15
16	- <%= @plugins.dispatch(:login_extra_contents).collect { \|content\| instance_eval(&content) }.join("") %>	16	+ <div class='checkbox'>
		17	+ <label>
		18	+ <%= check_box_tag :remember_me, '1', true %>
		19	+ <%= _'Keep me logged in' %>
		20	+ </label>
		21	+ </div>
		22	+
		23	+ <%= @plugins.dispatch(:login_extra_contents).collect { \|content\| instance_exec(&content) }.join("") %>
17		24
18	<% button_bar do %>	25	<% button_bar do %>
19	<%= submit_button( 'login', _('Log in') )%>	26	<%= submit_button( 'login', _('Log in') )%>