Feature #21421 » 0006-Send-a-security-notification-when-certain-settings-a.patch
| app/models/setting.rb | ||
|---|---|---|
| 112 | 112 | |
| 113 | 113 |
def self.[]=(name, v) |
| 114 | 114 |
setting = find_or_default(name) |
| 115 |
previous_value = setting.value |
|
| 115 | 116 |
setting.value = (v ? v : "") |
| 116 | 117 |
@cached_settings[name] = nil |
| 117 | 118 |
setting.save |
| 119 |
if available_settings[setting.name]['security_notifications'] && setting.value != previous_value |
|
| 120 |
User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin| |
|
| 121 |
Mailer.security_notification(admin, |
|
| 122 |
message: :mail_body_security_notification_change, |
|
| 123 |
field: "setting_#{name}",
|
|
| 124 |
title: :label_settings, |
|
| 125 |
url: {controller: 'settings', action: 'index'}
|
|
| 126 |
).deliver |
|
| 127 |
end |
|
| 128 |
end |
|
| 118 | 129 |
setting.value |
| 119 | 130 |
end |
| 120 | 131 | |
| config/settings.yml | ||
|---|---|---|
| 27 | 27 |
default: |
| 28 | 28 |
login_required: |
| 29 | 29 |
default: 0 |
| 30 |
security_notifications: 1 |
|
| 30 | 31 |
self_registration: |
| 31 | 32 |
default: '2' |
| 33 |
security_notifications: 1 |
|
| 32 | 34 |
lost_password: |
| 33 | 35 |
default: 1 |
| 36 |
security_notifications: 1 |
|
| 34 | 37 |
unsubscribe: |
| 35 | 38 |
default: 1 |
| 36 | 39 |
password_min_length: |
| 37 | 40 |
format: int |
| 38 | 41 |
default: 8 |
| 42 |
security_notifications: 1 |
|
| 39 | 43 |
# Maximum password age in days |
| 40 | 44 |
password_max_age: |
| 41 | 45 |
format: int |
| 42 | 46 |
default: 0 |
| 47 |
security_notifications: 1 |
|
| 43 | 48 |
# Maximum number of additional email addresses per user |
| 44 | 49 |
max_additional_emails: |
| 45 | 50 |
format: int |
| ... | ... | |
| 48 | 53 |
session_lifetime: |
| 49 | 54 |
format: int |
| 50 | 55 |
default: 0 |
| 56 |
security_notifications: 1 |
|
| 51 | 57 |
# User session timeout in minutes |
| 52 | 58 |
session_timeout: |
| 53 | 59 |
format: int |
| 54 | 60 |
default: 0 |
| 61 |
security_notifications: 1 |
|
| 55 | 62 |
attachment_max_size: |
| 56 | 63 |
format: int |
| 57 | 64 |
default: 5120 |
| ... | ... | |
| 91 | 98 |
default: localhost:3000 |
| 92 | 99 |
protocol: |
| 93 | 100 |
default: http |
| 101 |
security_notifications: 1 |
|
| 94 | 102 |
feeds_limit: |
| 95 | 103 |
format: int |
| 96 | 104 |
default: 15 |
| ... | ... | |
| 114 | 122 |
- Cvs |
| 115 | 123 |
- Bazaar |
| 116 | 124 |
- Git |
| 125 |
security_notifications: 1 |
|
| 117 | 126 |
autofetch_changesets: |
| 118 | 127 |
default: 1 |
| 119 | 128 |
sys_api_enabled: |
| 120 | 129 |
default: 0 |
| 130 |
security_notifications: 1 |
|
| 121 | 131 |
sys_api_key: |
| 122 | 132 |
default: '' |
| 133 |
security_notifications: 1 |
|
| 123 | 134 |
commit_cross_project_ref: |
| 124 | 135 |
default: 0 |
| 125 | 136 |
commit_ref_keywords: |
| ... | ... | |
| 173 | 184 |
default: '' |
| 174 | 185 |
mail_handler_api_enabled: |
| 175 | 186 |
default: 0 |
| 187 |
security_notifications: 1 |
|
| 176 | 188 |
mail_handler_api_key: |
| 177 | 189 |
default: |
| 190 |
security_notifications: 1 |
|
| 178 | 191 |
issue_list_default_columns: |
| 179 | 192 |
serialized: true |
| 180 | 193 |
default: |
| ... | ... | |
| 235 | 248 |
default: 0 |
| 236 | 249 |
openid: |
| 237 | 250 |
default: 0 |
| 251 |
security_notifications: 1 |
|
| 238 | 252 |
gravatar_default: |
| 239 | 253 |
default: '' |
| 240 | 254 |
start_of_week: |
| 241 | 255 |
default: '' |
| 242 | 256 |
rest_api_enabled: |
| 243 | 257 |
default: 0 |
| 258 |
security_notifications: 1 |
|
| 244 | 259 |
jsonp_enabled: |
| 245 | 260 |
default: 0 |
| 261 |
security_notifications: 1 |
|
| 246 | 262 |
default_notification_option: |
| 247 | 263 |
default: 'only_my_events' |
| 248 | 264 |
emails_header: |
| test/functional/settings_controller_test.rb | ||
|---|---|---|
| 136 | 136 |
], Setting.commit_update_keywords) |
| 137 | 137 |
end |
| 138 | 138 | |
| 139 |
def test_post_edit_should_send_security_notification_for_notified_settings |
|
| 140 |
ActionMailer::Base.deliveries.clear |
|
| 141 |
post :edit, :settings => {
|
|
| 142 |
:login_required => 1 |
|
| 143 |
} |
|
| 144 | ||
| 145 |
assert_not_nil (mail = ActionMailer::Base.deliveries.last) |
|
| 146 |
assert_mail_body_match '0.0.0.0', mail |
|
| 147 |
assert_mail_body_match I18n.t(:mail_body_security_notification_change, field: I18n.t(:setting_login_required)), mail |
|
| 148 |
assert_select_email do |
|
| 149 |
assert_select 'a[href^=?]', 'http://localhost:3000/settings', :text => 'Settings' |
|
| 150 |
end |
|
| 151 |
# All admins should receive this |
|
| 152 |
User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin| |
|
| 153 |
assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
|
|
| 154 |
end |
|
| 155 |
end |
|
| 156 | ||
| 157 |
def test_post_edit_should_not_send_security_notification_for_non_notified_settings |
|
| 158 |
ActionMailer::Base.deliveries.clear |
|
| 159 |
post :edit, :settings => {
|
|
| 160 |
:app_title => 'MineRed' |
|
| 161 |
} |
|
| 162 | ||
| 163 |
assert_nil (mail = ActionMailer::Base.deliveries.last) |
|
| 164 |
end |
|
| 165 | ||
| 166 |
def test_post_edit_should_not_send_security_notification_for_unchanged_settings |
|
| 167 |
ActionMailer::Base.deliveries.clear |
|
| 168 |
post :edit, :settings => {
|
|
| 169 |
:login_required => 0 |
|
| 170 |
} |
|
| 171 | ||
| 172 |
assert_nil (mail = ActionMailer::Base.deliveries.last) |
|
| 173 |
end |
|
| 174 | ||
| 175 | ||
| 139 | 176 |
def test_get_plugin_settings |
| 140 | 177 |
ActionController::Base.append_view_path(File.join(Rails.root, "test/fixtures/plugins")) |
| 141 | 178 |
Redmine::Plugin.register :foo do |
| test/unit/mailer_test.rb | ||
|---|---|---|
| 41 | 41 |
def test_generated_links_in_emails |
| 42 | 42 |
Setting.host_name = 'mydomain.foo' |
| 43 | 43 |
Setting.protocol = 'https' |
| 44 |
ActionMailer::Base.deliveries.clear |
|
| 44 | 45 | |
| 45 | 46 |
journal = Journal.find(3) |
| 46 | 47 |
assert Mailer.deliver_issue_edit(journal) |