[Git][noosfero/noosfero][master] remember-me: make this feature default

Mon Aug 10 10:46:34 BRT 2015

Bráulio Bhavamitra pushed to branch master at Noosfero / noosfero


Commits:
28460adb by Braulio Bhavamitra at 2015-08-10T10:34:29Z
remember-me: make this feature default

that's usually the default behaviour nowadays so that users don't need to relogin
after a browser restart

- - - - -


7 changed files:

- app/controllers/application_controller.rb
- app/controllers/public/account_controller.rb
- app/models/user.rb
- app/views/account/login.html.erb
- lib/authenticated_system.rb
- po/pt/noosfero.po
- test/functional/account_controller_test.rb


Changes:

=====================================
app/controllers/application_controller.rb
=====================================

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -7,7 +7,10 @@ class ApplicationController < ActionController::Base
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
   before_filter :allow_cross_domain_access
+
+  before_filter :login_from_cookie
   before_filter :login_required, :if => :private_environment?
+
   before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
   before_filter :redirect_to_current_user
 


=====================================
app/controllers/public/account_controller.rb
=====================================
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -50,10 +50,12 @@ class AccountController < ApplicationController
 
     if logged_in?
       check_join_in_community(self.current_user)
+
       if params[:remember_me] == "1"
         self.current_user.remember_me
-        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+        cookies[:auth_token] = {value: self.current_user.remember_token, expires: self.current_user.remember_token_expires_at}
       end
+
       if redirect?
         go_to_initial_page
         session[:notice] = _("Logged in successfully")


=====================================
app/models/user.rb
=====================================
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -249,8 +249,9 @@ class User < ActiveRecord::Base
 
   # These create and unset the fields required for remembering users between browser closes
   def remember_me
-    self.remember_token_expires_at = 2.weeks.from_now.utc
-    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+    self.remember_token_expires_at = 1.months.from_now.utc
+    # if the user's email/password changes this won't be valid anymore
+    self.remember_token = encrypt "#{email}-#{self.crypted_password}-#{remember_token_expires_at}"
     save(:validate => false)
   end
 


=====================================
app/views/account/login.html.erb
=====================================
--- a/app/views/account/login.html.erb
+++ b/app/views/account/login.html.erb
@@ -13,7 +13,14 @@
 
      <%= f.password_field :password %>
 
-     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+     <div class='checkbox'>
+       <label>
+         <%= check_box_tag :remember_me, '1', true %>
+         <%= _'Keep me logged in' %>
+       </label>
+     </div>
+
+     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
 
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>


=====================================
lib/authenticated_system.rb
=====================================
--- a/lib/authenticated_system.rb
+++ b/lib/authenticated_system.rb
@@ -138,14 +138,9 @@ module AuthenticatedSystem
     # When called with before_filter :login_from_cookie will check for an :auth_token
     # cookie and log the user back in if apropriate
     def login_from_cookie
-      return unless cookies[:auth_token] && !logged_in?
-      user = User.find_by_remember_token(cookies[:auth_token])
-      if user && user.remember_token?
-        user.remember_me
-        self.current_user = user
-        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
-        flash[:notice] = "Logged in successfully"
-      end
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
     end
 
   private


=====================================
po/pt/noosfero.po
=====================================
--- a/po/pt/noosfero.po
+++ b/po/pt/noosfero.po
@@ -8345,6 +8345,10 @@ msgstr "Continuar"
 msgid "Log in"
 msgstr "Entrar"
 
+#: app/views/account/login.html.erb:19
+msgid "Keep me logged in"
+msgstr "Mantenha-me logado"
+
 #: app/views/account/login.html.erb:33
 #: app/views/account/login_block.html.erb:31
 msgid "I forgot my password!"


=====================================
test/functional/account_controller_test.rb
=====================================
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -129,15 +129,14 @@ class AccountControllerTest < ActionController::TestCase
     assert_nil @response.cookies["auth_token"]
   end
 
-  # "remember_me" feature is disabled; uncommend this if it is enabled again.
-  # def test_should_login_with_cookie
-  #   users(:johndoe).remember_me
-  #   @request.cookies["auth_token"] = cookie_for(:johndoe)
-  #   get :index
-  #   assert @controller.send(:logged_in?)
-  # end
-
-  def test_should_fail_expired_cookie_login
+  should 'login with cookie' do
+    users(:johndoe).remember_me
+    @request.cookies["auth_token"] = cookie_for(:johndoe)
+    get :index
+    assert @controller.send(:logged_in?)
+  end
+
+  should 'fail expired cookie login' do
     users(:johndoe).remember_me
     users(:johndoe).update_attribute :remember_token_expires_at, 5.minutes.ago
     @request.cookies["auth_token"] = cookie_for(:johndoe)
@@ -145,7 +144,7 @@ class AccountControllerTest < ActionController::TestCase
     assert !@controller.send(:logged_in?)
   end
 
-  def test_should_fail_cookie_login
+  should 'fail cookie login' do
     users(:johndoe).remember_me
     @request.cookies["auth_token"] = auth_token('invalid_auth_token')
     get :index



View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/28460adbef237e785a512c68f602050213b4bfd8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150810/15116a75/attachment.html>
