0008-Allow-overriding-of-originator-and-remote_ip-causing-a-s.patch

Jan from Planio www.plan.io, 2015-12-13 09:38

Download (4.61 KB)

View differences:

app/controllers/account_controller.rb
77 77
            message: :mail_body_security_notification_change,
78 78
            field: :field_password,
79 79
            title: :button_change_password,
80
            remote_ip: request.remote_ip,
81
            originator: @user,
80 82
            url: {controller: 'my', action: 'password'}
81 83
          ).deliver
82 84
          flash[:notice] = l(:notice_account_password_updated)
app/models/mailer.rb
319 319
  end
320 320

  
321 321
  def security_notification(recipients, options={})
322
    redmine_headers 'Sender' => User.current.login
323 322
    @user = Array(recipients).detect{|r| r.is_a? User }
324 323
    set_language_if_valid(@user.try :language)
325 324
    @message = l(options[:message],
......
327 326
      value: options[:value]
328 327
    )
329 328
    @title = options[:title] && l(options[:title])
329
    @originator = options[:originator] || User.current
330
    @remote_ip = options[:remote_ip] || @originator.remote_ip
330 331
    @url = options[:url] && (options[:url].is_a?(Hash) ? url_for(options[:url]) : options[:url])
332
    redmine_headers 'Sender' => @originator.login
331 333
    mail :to => recipients,
332 334
      :subject => l(:mail_subject_security_notification)
333 335
  end
app/views/mailer/security_notification.html.erb
7 7
<%= content_tag :h1, @title -%>
8 8
<% end %></p>
9 9

  
10
<p><%= l(:field_user) %>: <strong><%= User.current.login %></strong><br/>
11
<%= l(:field_remote_ip) %>: <strong><%= User.current.remote_ip %></strong><br/>
10
<p><%= l(:field_user) %>: <strong><%= @originator.login %></strong><br/>
11
<%= l(:field_remote_ip) %>: <strong><%= @remote_ip %></strong><br/>
12 12
<%= l(:label_date) %>: <strong><%= format_time Time.now, true, @user %></strong></p>
13 13

  
app/views/mailer/security_notification.text.erb
2 2

  
3 3
<%= @url || @title %>
4 4

  
5
<%= l(:field_user) %>: <%= User.current.login %>
6
<%= l(:field_remote_ip) %>: <%= User.current.remote_ip %>
5
<%= l(:field_user) %>: <%= @originator.login %>
6
<%= l(:field_remote_ip) %>: <%= @remote_ip %>
7 7
<%= l(:label_date) %>: <%= format_time Time.now, true, @user %>
8 8

  
test/unit/mailer_test.rb
683 683
    end
684 684
  end
685 685

  
686
  def test_security_notification_with_overridden_originator_and_remote_ip
687
    set_language_if_valid User.find(1).language
688
    with_settings :emails_footer => "footer without link" do
689
      User.current.remote_ip = '192.168.1.1'
690
      assert Mailer.security_notification(User.find(1), message: :notice_account_password_updated, originator: User.find(2), remote_ip: '10.0.0.42').deliver
691
      mail = last_email
692
      assert_not_nil mail
693
      assert_mail_body_match User.find(2).login, mail
694
      assert_mail_body_match '10.0.0.42', mail
695
      assert_mail_body_match I18n.t(:notice_account_password_updated), mail
696
      assert_select_email do
697
        assert_select "h1", false
698
        assert_select "a", false
699
      end
700
    end
701
  end
702

  
686 703
  def test_security_notification_should_include_title
687 704
    set_language_if_valid User.find(2).language
688 705
    with_settings :emails_footer => "footer without link" do
689
-