0006-Send-a-security-notification-when-certain-settings-a.patch

Jan from Planio www.plan.io, 2015-12-13 07:10

Download (5.64 KB)

View differences:

app/models/setting.rb
112 112

  
113 113
  def self.[]=(name, v)
114 114
    setting = find_or_default(name)
115
    previous_value = setting.value
115 116
    setting.value = (v ? v : "")
116 117
    @cached_settings[name] = nil
117 118
    setting.save
119
    if available_settings[setting.name]['security_notifications'] && setting.value != previous_value
120
      User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
121
        Mailer.security_notification(admin,
122
          message: :mail_body_security_notification_change,
123
          field: "setting_#{name}",
124
          title: :label_settings,
125
          url: {controller: 'settings', action: 'index'}
126
        ).deliver
127
      end
128
    end
118 129
    setting.value
119 130
  end
120 131

  
config/settings.yml
27 27
  default:
28 28
login_required:
29 29
  default: 0
30
  security_notifications: 1
30 31
self_registration:
31 32
  default: '2'
33
  security_notifications: 1
32 34
lost_password:
33 35
  default: 1
36
  security_notifications: 1
34 37
unsubscribe:
35 38
  default: 1
36 39
password_min_length:
37 40
  format: int
38 41
  default: 8
42
  security_notifications: 1
39 43
# Maximum password age in days
40 44
password_max_age:
41 45
  format: int
42 46
  default: 0
47
  security_notifications: 1
43 48
# Maximum number of additional email addresses per user
44 49
max_additional_emails:
45 50
  format: int
......
48 53
session_lifetime:
49 54
  format: int
50 55
  default: 0
56
  security_notifications: 1
51 57
# User session timeout in minutes
52 58
session_timeout:
53 59
  format: int
54 60
  default: 0
61
  security_notifications: 1
55 62
attachment_max_size:
56 63
  format: int
57 64
  default: 5120
......
91 98
  default: localhost:3000
92 99
protocol:
93 100
  default: http
101
  security_notifications: 1
94 102
feeds_limit:
95 103
  format: int
96 104
  default: 15
......
114 122
  - Cvs
115 123
  - Bazaar
116 124
  - Git
125
  security_notifications: 1
117 126
autofetch_changesets:
118 127
  default: 1
119 128
sys_api_enabled:
120 129
  default: 0
130
  security_notifications: 1
121 131
sys_api_key:
122 132
  default: ''
133
  security_notifications: 1
123 134
commit_cross_project_ref:
124 135
  default: 0
125 136
commit_ref_keywords:
......
173 184
  default: ''
174 185
mail_handler_api_enabled:
175 186
  default: 0
187
  security_notifications: 1
176 188
mail_handler_api_key:
177 189
  default:
190
  security_notifications: 1
178 191
issue_list_default_columns:
179 192
  serialized: true
180 193
  default:
......
235 248
  default: 0
236 249
openid:
237 250
  default: 0
251
  security_notifications: 1
238 252
gravatar_default:
239 253
  default: ''
240 254
start_of_week:
241 255
  default: ''
242 256
rest_api_enabled:
243 257
  default: 0
258
  security_notifications: 1
244 259
jsonp_enabled:
245 260
  default: 0
261
  security_notifications: 1
246 262
default_notification_option:
247 263
  default: 'only_my_events'
248 264
emails_header:
test/functional/settings_controller_test.rb
136 136
    ], Setting.commit_update_keywords)
137 137
  end
138 138

  
139
  def test_post_edit_should_send_security_notification_for_notified_settings
140
    ActionMailer::Base.deliveries.clear
141
    post :edit, :settings => {
142
      :login_required => 1
143
    }
144

  
145
    assert_not_nil (mail = ActionMailer::Base.deliveries.last)
146
    assert_mail_body_match '0.0.0.0', mail
147
    assert_mail_body_match I18n.t(:mail_body_security_notification_change, field: I18n.t(:setting_login_required)), mail
148
    assert_select_email do
149
      assert_select 'a[href^=?]', 'http://localhost:3000/settings', :text => 'Settings'
150
    end
151
    # All admins should receive this
152
    User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
153
      assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
154
    end
155
  end
156

  
157
  def test_post_edit_should_not_send_security_notification_for_non_notified_settings
158
    ActionMailer::Base.deliveries.clear
159
    post :edit, :settings => {
160
      :app_title => 'MineRed'
161
    }
162

  
163
    assert_nil (mail = ActionMailer::Base.deliveries.last)
164
  end
165

  
166
  def test_post_edit_should_not_send_security_notification_for_unchanged_settings
167
    ActionMailer::Base.deliveries.clear
168
    post :edit, :settings => {
169
      :login_required => 0
170
    }
171

  
172
    assert_nil (mail = ActionMailer::Base.deliveries.last)
173
  end
174

  
175

  
139 176
  def test_get_plugin_settings
140 177
    ActionController::Base.append_view_path(File.join(Rails.root, "test/fixtures/plugins"))
141 178
    Redmine::Plugin.register :foo do
test/unit/mailer_test.rb
41 41
  def test_generated_links_in_emails
42 42
    Setting.host_name = 'mydomain.foo'
43 43
    Setting.protocol = 'https'
44
    ActionMailer::Base.deliveries.clear
44 45

  
45 46
    journal = Journal.find(3)
46 47
    assert Mailer.deliver_issue_edit(journal)
47
-