This changeset adds real "remember me" functionality. The checkbox on the login page "Stay logged in" previously prevented an inactive session from expiring. Now, it also functions to remember that a user is logged in across browser sessions (i.e. a user exits the browser, and reopens it).

I've also ensured that all tests (including selenium tests) are passing on my machine. This changeset should be back to stable and usable. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@561 a4c988fc-2ded-0310-b66e-134b36920a42
2026-03-07 21:22:37 +01:00 · 2007-07-08 06:41:10 +00:00 · 2007-07-08 06:41:10 +00:00 · 16b9c2947b
commit 16b9c2947b
parent 855f6e0beb
17 changed files with 285 additions and 243 deletions
--- a/tracks/test/functional/login_controller_test.rb
+++ b/tracks/test/functional/login_controller_test.rb
@ -76,6 +76,44 @@ class LoginControllerTest < Test::Rails::TestCase
    assert_response :success
  end
  
+  def test_should_remember_me
+    post :login, :user_login => 'jane', :user_password => 'sesame', :user_noexpiry => "on"
+    assert_not_nil @response.cookies["auth_token"]
+  end
+
+  def test_should_not_remember_me
+    post :login, :user_login => 'jane', :user_password => 'sesame', :user_noexpiry => "off"
+    assert_nil @response.cookies["auth_token"]
+  end
+  
+  def test_should_delete_token_on_logout
+    login_as :other_user
+    get :logout
+    assert_equal @response.cookies["auth_token"], []
+  end
+
+  def test_should_login_with_cookie
+    users(:other_user).remember_me
+    @request.cookies["auth_token"] = cookie_for(:other_user)
+    get :login
+    assert @controller.send(:logged_in?)
+  end
+
+  def test_should_fail_expired_cookie_login
+    users(:other_user).remember_me
+    users(:other_user).update_attribute :remember_token_expires_at, 5.minutes.ago
+    @request.cookies["auth_token"] = cookie_for(:other_user)
+    get :login
+    assert !@controller.send(:logged_in?)
+  end
+
+  def test_should_fail_cookie_login
+    users(:other_user).remember_me
+    @request.cookies["auth_token"] = auth_token('invalid_auth_token')
+    get :login
+    assert !@controller.send(:logged_in?)
+  end
+  
  private
  
  # Logs in a user and returns the user object found in the session object
@ -85,5 +123,13 @@ class LoginControllerTest < Test::Rails::TestCase
    return User.find(session['user_id'])
  end
  
+  def auth_token(token)
+    CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+  end
+    
+  def cookie_for(user)
+    auth_token users(user).remember_token
+  end
+  
    
 end