Logut user after password change, Closes #1047

2025-12-17 07:40:12 +01:00 · 2011-10-24 21:47:15 +02:00 · 2011-10-24 21:47:15 +02:00 · fafbdae079
commit fafbdae079
parent 6256caeb72
4 changed files with 43 additions and 20 deletions
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -69,16 +69,7 @@ class LoginController < ApplicationController
  end
  
  def logout
-    @user.forget_me if logged_in?
-    cookies.delete :auth_token
-    session['user_id'] = nil
-    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')  && session[:cas_user]
-      CASClient::Frameworks::Rails::Filter.logout(self)
-    else
-      reset_session
-      notify :notice, t('login.logged_out')
-      redirect_to_login
-    end
+    logout_user
  end

  def expire_session
@ -149,13 +140,6 @@ class LoginController < ApplicationController
  
  private
      
-  def redirect_to_login
-    respond_to do |format|
-      format.html { redirect_to login_path }
-      format.m { redirect_to login_path(:format => 'm') }
-    end
-  end
-  
  def should_expire_sessions?
    session['noexpiry'] != "on"
  end
--- a/app/controllers/preferences_controller.rb
+++ b/app/controllers/preferences_controller.rb
@ -12,8 +12,11 @@ class PreferencesController < ApplicationController
    user_updated = current_user.update_attributes(params['user'])
    prefs_updated = current_user.preference.update_attributes(params['prefs'])
    if (user_updated && prefs_updated)
-      notify :notice, "Preferences updated"
-      redirect_to :action => 'index'
+      if !params['user']['password'].blank? # password updated?
+        logout_user t('preferences.password_changed')
+      else
+        preference_updated
+      end
    else
      msg = "Preferences could not be updated: "
      msg += "User model errors; " unless user_updated
@ -28,4 +31,12 @@ class PreferencesController < ApplicationController
    render :text => l(Date.today, :format => format)
  end

+private
+
+  # Display notification if preferences are successful updated
+  def preference_updated
+    notify :notice, t('preferences.updated')
+    redirect_to :action => 'index'
+  end
+  
 end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -659,6 +659,8 @@ en:
    staleness_starts_after: Staleness starts after %{days} days
    change_identity_url: Change Your Identity URL
    change_password: Change your password
+    password_changed: You password has been changed, please log on again.
+    updated: Preferences updated
    page_title: TRACKS::Preferences
    title: Your preferences
    token_description: Token (for feeds and API use)
--- a/lib/login_system.rb
+++ b/lib/login_system.rb
@ -10,6 +10,22 @@ module LoginSystem
    current_user.prefs unless current_user.nil?
  end
  
+  # Logout the {#current_user} and redirect to login page
+  #
+  # @param [String] message notification to display
+  def logout_user message=t('login.logged_out')
+    @user.forget_me if logged_in?
+    cookies.delete :auth_token
+    session['user_id'] = nil
+    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')  && session[:cas_user]
+      CASClient::Frameworks::Rails::Filter.logout(self)
+    else
+      reset_session
+      notify :notice, message
+      redirect_to_login
+    end
+  end
+    
  protected
  
  # overwrite this if you want to restrict access to only a few actions
@ -192,4 +208,14 @@ module LoginSystem
      render :text => t('login.unsuccessful'), :status => 401
  end

+private
+
+  # Redirect the user to the login page.
+  def redirect_to_login
+    respond_to do |format|
+      format.html { redirect_to login_path }
+      format.m { redirect_to login_path(:format => 'm') }
+    end
+  end
+
 end