[Git][noosfero/noosfero][master] remember-me: make this feature default
Bráulio Bhavamitra
gitlab at gitlab.com
Mon Aug 10 10:46:34 BRT 2015
Bráulio Bhavamitra pushed to branch master at Noosfero / noosfero
Commits:
28460adb by Braulio Bhavamitra at 2015-08-10T10:34:29Z
remember-me: make this feature default
that's usually the default behaviour nowadays so that users don't need to relogin
after a browser restart
- - - - -
7 changed files:
- app/controllers/application_controller.rb
- app/controllers/public/account_controller.rb
- app/models/user.rb
- app/views/account/login.html.erb
- lib/authenticated_system.rb
- po/pt/noosfero.po
- test/functional/account_controller_test.rb
Changes:
=====================================
app/controllers/application_controller.rb
=====================================
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -7,7 +7,10 @@ class ApplicationController < ActionController::Base
before_filter :detect_stuff_by_domain
before_filter :init_noosfero_plugins
before_filter :allow_cross_domain_access
+
+ before_filter :login_from_cookie
before_filter :login_required, :if => :private_environment?
+
before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
before_filter :redirect_to_current_user
=====================================
app/controllers/public/account_controller.rb
=====================================
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -50,10 +50,12 @@ class AccountController < ApplicationController
if logged_in?
check_join_in_community(self.current_user)
+
if params[:remember_me] == "1"
self.current_user.remember_me
- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+ cookies[:auth_token] = {value: self.current_user.remember_token, expires: self.current_user.remember_token_expires_at}
end
+
if redirect?
go_to_initial_page
session[:notice] = _("Logged in successfully")
=====================================
app/models/user.rb
=====================================
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -249,8 +249,9 @@ class User < ActiveRecord::Base
# These create and unset the fields required for remembering users between browser closes
def remember_me
- self.remember_token_expires_at = 2.weeks.from_now.utc
- self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
+ self.remember_token_expires_at = 1.months.from_now.utc
+ # if the user's email/password changes this won't be valid anymore
+ self.remember_token = encrypt "#{email}-#{self.crypted_password}-#{remember_token_expires_at}"
save(:validate => false)
end
=====================================
app/views/account/login.html.erb
=====================================
--- a/app/views/account/login.html.erb
+++ b/app/views/account/login.html.erb
@@ -13,7 +13,14 @@
<%= f.password_field :password %>
- <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+ <div class='checkbox'>
+ <label>
+ <%= check_box_tag :remember_me, '1', true %>
+ <%= _'Keep me logged in' %>
+ </label>
+ </div>
+
+ <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
<% button_bar do %>
<%= submit_button( 'login', _('Log in') )%>
=====================================
lib/authenticated_system.rb
=====================================
--- a/lib/authenticated_system.rb
+++ b/lib/authenticated_system.rb
@@ -138,14 +138,9 @@ module AuthenticatedSystem
# When called with before_filter :login_from_cookie will check for an :auth_token
# cookie and log the user back in if apropriate
def login_from_cookie
- return unless cookies[:auth_token] && !logged_in?
- user = User.find_by_remember_token(cookies[:auth_token])
- if user && user.remember_token?
- user.remember_me
- self.current_user = user
- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
- flash[:notice] = "Logged in successfully"
- end
+ return if cookies[:auth_token].blank? or logged_in?
+ user = User.where(remember_token: cookies[:auth_token]).first
+ self.current_user = user if user and user.remember_token?
end
private
=====================================
po/pt/noosfero.po
=====================================
--- a/po/pt/noosfero.po
+++ b/po/pt/noosfero.po
@@ -8345,6 +8345,10 @@ msgstr "Continuar"
msgid "Log in"
msgstr "Entrar"
+#: app/views/account/login.html.erb:19
+msgid "Keep me logged in"
+msgstr "Mantenha-me logado"
+
#: app/views/account/login.html.erb:33
#: app/views/account/login_block.html.erb:31
msgid "I forgot my password!"
=====================================
test/functional/account_controller_test.rb
=====================================
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -129,15 +129,14 @@ class AccountControllerTest < ActionController::TestCase
assert_nil @response.cookies["auth_token"]
end
- # "remember_me" feature is disabled; uncommend this if it is enabled again.
- # def test_should_login_with_cookie
- # users(:johndoe).remember_me
- # @request.cookies["auth_token"] = cookie_for(:johndoe)
- # get :index
- # assert @controller.send(:logged_in?)
- # end
-
- def test_should_fail_expired_cookie_login
+ should 'login with cookie' do
+ users(:johndoe).remember_me
+ @request.cookies["auth_token"] = cookie_for(:johndoe)
+ get :index
+ assert @controller.send(:logged_in?)
+ end
+
+ should 'fail expired cookie login' do
users(:johndoe).remember_me
users(:johndoe).update_attribute :remember_token_expires_at, 5.minutes.ago
@request.cookies["auth_token"] = cookie_for(:johndoe)
@@ -145,7 +144,7 @@ class AccountControllerTest < ActionController::TestCase
assert !@controller.send(:logged_in?)
end
- def test_should_fail_cookie_login
+ should 'fail cookie login' do
users(:johndoe).remember_me
@request.cookies["auth_token"] = auth_token('invalid_auth_token')
get :index
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/28460adbef237e785a512c68f602050213b4bfd8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150810/15116a75/attachment.html>
More information about the Noosfero-dev
mailing list