From 86af2330425b927cac93a2d31e78450b6a2c5194 Mon Sep 17 00:00:00 2001 From: guange <8863824@gmail.com> Date: Tue, 5 May 2015 11:45:58 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3autologin=E5=A4=9A=E7=BB=88?= =?UTF-8?q?=E7=AB=AF=E7=99=BB=E5=BD=95=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/account_controller.rb | 5 +---- app/controllers/application_controller.rb | 18 +++++++++--------- app/controllers/my_controller.rb | 4 +++- app/models/token.rb | 17 +++++++++++++++-- config/environments/development.rb | 2 +- config/initializers/session_store.rb | 2 +- db/schema.rb | 10 ---------- 7 files changed, 30 insertions(+), 28 deletions(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 22db3d5b4..981e0cb3c 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -31,9 +31,6 @@ class AccountController < ApplicationController else authenticate_user end - rescue AuthSourceException => e - logger.error "An error occured when authenticating #{params[:username]}: #{e.message}" - render_error :message => e.message end # Log out current user and redirect to welcome page @@ -329,7 +326,7 @@ class AccountController < ApplicationController end def set_autologin_cookie(user) - token = Token.create(:user => user, :action => 'autologin') + token = Token.get_or_create_permanent_login_token(user) cookie_options = { :value => token.value, :expires => 7.days.from_now, diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 741af2aee..0dc86fb01 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -156,16 +156,16 @@ class ApplicationController < ActionController::Base user end end - def try_to_autologin1 - - # auto-login feature starts a new session - user = User.try_to_autologin(params[:token]) - if user - start_user_session(user) - end - user + def try_to_autologin1 + user = User.try_to_autologin(params[:token]) + if user + logout_user if User.current.id != user.id + start_user_session(user) + end + user end + # Sets the logged in user def logged_user=(user) reset_session @@ -200,7 +200,7 @@ class ApplicationController < ActionController::Base def logout_user if User.current.logged? cookies.delete(autologin_cookie_name) - Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) + # Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) self.logged_user = nil end end diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb index d42a750a1..8c76da1a9 100644 --- a/app/controllers/my_controller.rb +++ b/app/controllers/my_controller.rb @@ -200,7 +200,9 @@ class MyController < ApplicationController @user = us.change_password params.merge(:current_user_id => @user.id) if @user.errors.full_messages.count <= 0 flash.now[:notice] = l(:notice_account_password_updated) - redirect_to my_account_url + # 修改完密码,让其重新登录,并更新Token + Token.delete_user_all_tokens(@user) + redirect_to logout_url end end rescue Exception => e diff --git a/app/models/token.rb b/app/models/token.rb index c89ff30bc..d9fc75d76 100644 --- a/app/models/token.rb +++ b/app/models/token.rb @@ -1,3 +1,4 @@ +#coding=utf-8 # Redmine - project management software # Copyright (C) 2006-2013 Jean-Philippe Lang # @@ -14,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - +# class Token < ActiveRecord::Base belongs_to :user validates_uniqueness_of :value @@ -27,6 +28,14 @@ class Token < ActiveRecord::Base self.value = Token.generate_token_value end + def self.get_or_create_permanent_login_token(user) + token = Token.get_token_from_user(user, 'autologin') + unless token + token = Token.create(:user => user, :action => 'autologin') + end + token + end + def self.get_token_from_user(user, action) token = Token.where(:action => action, :user_id => user).first unless token @@ -42,7 +51,7 @@ class Token < ActiveRecord::Base # Delete all expired tokens def self.destroy_expired - Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time] + Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api', 'autologin'], Time.now - @@validity_time] end # Returns the active user who owns the key for the given action @@ -80,6 +89,10 @@ class Token < ActiveRecord::Base Redmine::Utils.random_hex(20) end + def self.delete_user_all_tokens(user) + Token.delete_all(user_id: user.id) + end + private # Removes obsolete tokens (same user and action) diff --git a/config/environments/development.rb b/config/environments/development.rb index 5c2427320..1b653d929 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -11,7 +11,7 @@ RedmineApp::Application.configure do # Show full error reports and disable caching config.consider_all_requests_local = true config.action_controller.perform_caching = false - config.cache_store = :file_store, "#{Rails.root }/files/cache_store/" + # config.cache_store = :file_store, "#{Rails.root }/files/cache_store/" # Don't care if the mailer can't send config.action_mailer.raise_delivery_errors = true diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 3d06070a2..1d3a65f8b 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1 +1 @@ -Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 20.minutes, :key => '_trustie_session', :domain => :all +Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 90.minutes, :key => '_trustie_session', :domain => :all diff --git a/db/schema.rb b/db/schema.rb index 006b26e91..dcbe017fb 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -654,16 +654,6 @@ ActiveRecord::Schema.define(:version => 20150428021035) do add_index "journal_details", ["journal_id"], :name => "journal_details_journal_id" - create_table "journal_details_copy", :force => true do |t| - t.integer "journal_id", :default => 0, :null => false - t.string "property", :limit => 30, :default => "", :null => false - t.string "prop_key", :limit => 30, :default => "", :null => false - t.text "old_value" - t.text "value" - end - - add_index "journal_details_copy", ["journal_id"], :name => "journal_details_journal_id" - create_table "journal_replies", :id => false, :force => true do |t| t.integer "journal_id" t.integer "user_id"