修正autologin多终端登录问题

10 years ago · 86af233042
parent 74a85e1601
commit 86af233042
7 changed files with 30 additions and 28 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -31,9 +31,6 @@ class AccountController < ApplicationController
    else
      authenticate_user
    end
  rescue AuthSourceException => e
    logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
    render_error :message => e.message
  end
  # Log out current user and redirect to welcome page
@ -329,7 +326,7 @@ class AccountController < ApplicationController
  end
  def set_autologin_cookie(user)
-    token = Token.create(:user => user, :action => 'autologin')
+    token = Token.get_or_create_permanent_login_token(user)
    cookie_options = {
      :value => token.value,
      :expires => 7.days.from_now,
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -156,16 +156,16 @@ class ApplicationController < ActionController::Base
      user
    end
  end
  def try_to_autologin1
      # auto-login feature starts a new session
      user = User.try_to_autologin(params[:token])
      if user
          start_user_session(user)
      end
      user
  def try_to_autologin1
    user = User.try_to_autologin(params[:token])
    if user
      logout_user if User.current.id != user.id
      start_user_session(user)
    end
    user
  end
  # Sets the logged in user
  def logged_user=(user)
    reset_session
@ -200,7 +200,7 @@ class ApplicationController < ActionController::Base
  def logout_user
    if User.current.logged?
      cookies.delete(autologin_cookie_name)
-      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
+      # Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
      self.logged_user = nil
    end
  end
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@ -200,7 +200,9 @@ class MyController < ApplicationController
      @user = us.change_password params.merge(:current_user_id => @user.id)
      if @user.errors.full_messages.count <= 0
        flash.now[:notice] = l(:notice_account_password_updated)
-        redirect_to my_account_url
+        # 修改完密码，让其重新登录，并更新Token
        Token.delete_user_all_tokens(@user)
        redirect_to logout_url
      end
    end
  rescue Exception => e
--- a/app/models/token.rb
+++ b/app/models/token.rb
@ -1,3 +1,4 @@
 #coding=utf-8
 # Redmine - project management software
 # Copyright (C) 2006-2013  Jean-Philippe Lang
 #
@ -14,7 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
+#
 class Token < ActiveRecord::Base
  belongs_to :user
  validates_uniqueness_of :value
@ -27,6 +28,14 @@ class Token < ActiveRecord::Base
    self.value = Token.generate_token_value
  end
  def self.get_or_create_permanent_login_token(user)
    token = Token.get_token_from_user(user, 'autologin')
    unless token
      token = Token.create(:user => user, :action => 'autologin')
    end
    token
  end
  def self.get_token_from_user(user, action)
    token = Token.where(:action => action, :user_id => user).first
    unless token
@ -42,7 +51,7 @@ class Token < ActiveRecord::Base
  # Delete all expired tokens
  def self.destroy_expired
-    Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time]
+    Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api', 'autologin'], Time.now - @@validity_time]
  end
  # Returns the active user who owns the key for the given action
@ -80,6 +89,10 @@ class Token < ActiveRecord::Base
    Redmine::Utils.random_hex(20)
  end
  def self.delete_user_all_tokens(user)
    Token.delete_all(user_id: user.id)
  end
  private
  # Removes obsolete tokens (same user and action)
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -11,7 +11,7 @@ RedmineApp::Application.configure do
  # Show full error reports and disable caching
  config.consider_all_requests_local = true
  config.action_controller.perform_caching             = false
-  config.cache_store = :file_store,  "#{Rails.root }/files/cache_store/"
+  # config.cache_store = :file_store,  "#{Rails.root }/files/cache_store/"
  # Don't care if the mailer can't send
  config.action_mailer.raise_delivery_errors = true
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@ -1 +1 @@
-Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 20.minutes, :key => '_trustie_session', :domain => :all
+Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 90.minutes, :key => '_trustie_session', :domain => :all
--- a/db/schema.rb
+++ b/db/schema.rb
@ -654,16 +654,6 @@ ActiveRecord::Schema.define(:version => 20150428021035) do
  add_index "journal_details", ["journal_id"], :name => "journal_details_journal_id"
  create_table "journal_details_copy", :force => true do |t|
    t.integer "journal_id",               :default => 0,  :null => false
    t.string  "property",   :limit => 30, :default => "", :null => false
    t.string  "prop_key",   :limit => 30, :default => "", :null => false
    t.text    "old_value"
    t.text    "value"
  end
  add_index "journal_details_copy", ["journal_id"], :name => "journal_details_journal_id"
  create_table "journal_replies", :id => false, :force => true do |t|
    t.integer "journal_id"
    t.integer "user_id"
`@ -1 +1 @@`
	`Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 20.minutes, :key => '_trustie_session', :domain => :all`	`Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 90.minutes, :key => '_trustie_session', :domain => :all`