Logut user after password change, Closes #1047

2025-12-17 07:40:12 +01:00 · 2011-10-24 21:47:15 +02:00 · 2011-10-24 21:47:15 +02:00 · fafbdae079
commit fafbdae079
parent 6256caeb72
4 changed files with 43 additions and 20 deletions
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -69,16 +69,7 @@ class LoginController < ApplicationController
  end
  def logout
-    @user.forget_me if logged_in?
+    logout_user
    cookies.delete :auth_token
    session['user_id'] = nil
    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')  && session[:cas_user]
      CASClient::Frameworks::Rails::Filter.logout(self)
    else
      reset_session
      notify :notice, t('login.logged_out')
      redirect_to_login
    end
  end
  def expire_session
@ -149,13 +140,6 @@ class LoginController < ApplicationController
  private
  def redirect_to_login
    respond_to do |format|
      format.html { redirect_to login_path }
      format.m { redirect_to login_path(:format => 'm') }
    end
  end
  def should_expire_sessions?
    session['noexpiry'] != "on"
  end
--- a/app/controllers/preferences_controller.rb
+++ b/app/controllers/preferences_controller.rb
@ -12,8 +12,11 @@ class PreferencesController < ApplicationController
    user_updated = current_user.update_attributes(params['user'])
    prefs_updated = current_user.preference.update_attributes(params['prefs'])
    if (user_updated && prefs_updated)
-      notify :notice, "Preferences updated"
+      if !params['user']['password'].blank? # password updated?
-      redirect_to :action => 'index'
+        logout_user t('preferences.password_changed')
      else
        preference_updated
      end
    else
      msg = "Preferences could not be updated: "
      msg += "User model errors; " unless user_updated
@ -28,4 +31,12 @@ class PreferencesController < ApplicationController
    render :text => l(Date.today, :format => format)
  end
 private
  # Display notification if preferences are successful updated
  def preference_updated
    notify :notice, t('preferences.updated')
    redirect_to :action => 'index'
  end
 end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -659,6 +659,8 @@ en:
    staleness_starts_after: Staleness starts after %{days} days
    change_identity_url: Change Your Identity URL
    change_password: Change your password
    password_changed: You password has been changed, please log on again.
    updated: Preferences updated
    page_title: TRACKS::Preferences
    title: Your preferences
    token_description: Token (for feeds and API use)
--- a/lib/login_system.rb
+++ b/lib/login_system.rb
@ -10,6 +10,22 @@ module LoginSystem
    current_user.prefs unless current_user.nil?
  end
  # Logout the {#current_user} and redirect to login page
  #
  # @param [String] message notification to display
  def logout_user message=t('login.logged_out')
    @user.forget_me if logged_in?
    cookies.delete :auth_token
    session['user_id'] = nil
    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')  && session[:cas_user]
      CASClient::Frameworks::Rails::Filter.logout(self)
    else
      reset_session
      notify :notice, message
      redirect_to_login
    end
  end
  protected
  # overwrite this if you want to restrict access to only a few actions
@ -192,4 +208,14 @@ module LoginSystem
      render :text => t('login.unsuccessful'), :status => 401
  end
 private
  # Redirect the user to the login page.
  def redirect_to_login
    respond_to do |format|
      format.html { redirect_to login_path }
      format.m { redirect_to login_path(:format => 'm') }
    end
  end
 end