修正autologin多终端登录问题

app/controllers/account_controller.rb

@@ -31,9 +31,6 @@ class AccountController < ApplicationController
     else
       authenticate_user
     end
-  rescue AuthSourceException => e
-    logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
-    render_error :message => e.message
   end
 
   # Log out current user and redirect to welcome page
@@ -329,7 +326,7 @@ class AccountController < ApplicationController
   end
 
   def set_autologin_cookie(user)
-    token = Token.create(:user => user, :action => 'autologin')
+    token = Token.get_or_create_permanent_login_token(user)
     cookie_options = {
       :value => token.value,
       :expires => 7.days.from_now,

app/controllers/application_controller.rb

@@ -156,16 +156,16 @@ class ApplicationController < ActionController::Base
       user
     end
   end
+
   def try_to_autologin1
-
-      # auto-login feature starts a new session
-      user = User.try_to_autologin(params[:token])
-      if user
-          start_user_session(user)
-      end
-      user
-
+    user = User.try_to_autologin(params[:token])
+    if user
+      logout_user if User.current.id != user.id
+      start_user_session(user)
+    end
+    user
   end
+
   # Sets the logged in user
   def logged_user=(user)
     reset_session
@@ -200,7 +200,7 @@ class ApplicationController < ActionController::Base
   def logout_user
     if User.current.logged?
       cookies.delete(autologin_cookie_name)
-      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
+      # Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
       self.logged_user = nil
     end
   end

app/controllers/my_controller.rb

@@ -200,7 +200,9 @@ class MyController < ApplicationController
       @user = us.change_password params.merge(:current_user_id => @user.id)
       if @user.errors.full_messages.count <= 0
         flash.now[:notice] = l(:notice_account_password_updated)
-        redirect_to my_account_url
+        # 修改完密码，让其重新登录，并更新Token
+        Token.delete_user_all_tokens(@user)
+        redirect_to logout_url
       end
     end
   rescue Exception => e

app/models/token.rb

@@ -1,3 +1,4 @@
+#coding=utf-8
 # Redmine - project management software
 # Copyright (C) 2006-2013  Jean-Philippe Lang
 #
@@ -14,7 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
+#
 class Token < ActiveRecord::Base
   belongs_to :user
   validates_uniqueness_of :value
@@ -27,6 +28,14 @@ class Token < ActiveRecord::Base
     self.value = Token.generate_token_value
   end
 
+  def self.get_or_create_permanent_login_token(user)
+    token = Token.get_token_from_user(user, 'autologin')
+    unless token
+      token = Token.create(:user => user, :action => 'autologin')
+    end
+    token
+  end
+
   def self.get_token_from_user(user, action)
     token = Token.where(:action => action, :user_id => user).first
     unless token
@@ -42,7 +51,7 @@ class Token < ActiveRecord::Base
 
   # Delete all expired tokens
   def self.destroy_expired
-    Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time]
+    Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api', 'autologin'], Time.now - @@validity_time]
   end
 
   # Returns the active user who owns the key for the given action
@@ -80,6 +89,10 @@ class Token < ActiveRecord::Base
     Redmine::Utils.random_hex(20)
   end
 
+  def self.delete_user_all_tokens(user)
+    Token.delete_all(user_id: user.id)
+  end
+
   private
 
   # Removes obsolete tokens (same user and action)

config/environments/development.rb

@@ -11,7 +11,7 @@ RedmineApp::Application.configure do
   # Show full error reports and disable caching
   config.consider_all_requests_local = true
   config.action_controller.perform_caching             = false
-  config.cache_store = :file_store,  "#{Rails.root }/files/cache_store/"
+  # config.cache_store = :file_store,  "#{Rails.root }/files/cache_store/"
   # Don't care if the mailer can't send
   config.action_mailer.raise_delivery_errors = true
 

config/initializers/session_store.rb

@@ -1 +1 @@
-Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 20.minutes, :key => '_trustie_session', :domain => :all
+Rails.application.config.session_store ActionDispatch::Session::CacheStore, :expire_after => 90.minutes, :key => '_trustie_session', :domain => :all

db/schema.rb

@@ -654,16 +654,6 @@ ActiveRecord::Schema.define(:version => 20150428021035) do
 
   add_index "journal_details", ["journal_id"], :name => "journal_details_journal_id"
 
-  create_table "journal_details_copy", :force => true do |t|
-    t.integer "journal_id",               :default => 0,  :null => false
-    t.string  "property",   :limit => 30, :default => "", :null => false
-    t.string  "prop_key",   :limit => 30, :default => "", :null => false
-    t.text    "old_value"
-    t.text    "value"
-  end
-
-  add_index "journal_details_copy", ["journal_id"], :name => "journal_details_journal_id"
-
   create_table "journal_replies", :id => false, :force => true do |t|
     t.integer "journal_id"
     t.integer "user_id"