- Added Token unit tests.

- Added Token attribute 'persisten'.
- Added auth function 'authentication_check_action_token'.

app/controllers/application_controller.rb

@@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base
 
   helper_method :current_user,
                 :authentication_check,
+                :authentication_check_action_token,
                 :config_frontend,
                 :is_role,
                 :model_create_render,
@@ -193,6 +194,24 @@ class ApplicationController < ActionController::Base
     true
   end
 
+  def authentication_check_action_token(action)
+
+    user = Token.check(
+      :action => action,
+      :name   => params[:action_token],
+    )
+
+    if !user
+      puts params.inspect
+      response_access_deny
+      return
+    end
+
+    current_user_set( user )
+
+    true
+  end
+
   def is_role( role_name )
     return false if !current_user
     return true if current_user.is_role( role_name )

app/models/token.rb

@@ -12,7 +12,8 @@ class Token < ActiveRecord::Base
     return if !token
 
     # check if token is still valid
-    if token.created_at < 1.day.ago
+    if !token.persistent &&
+        token.created_at < 1.day.ago
 
       # delete token
       token.delete

db/migrate/20150220216145_token_persistent.rb

@@ -0,0 +1,8 @@
+class TokenPersistent < ActiveRecord::Migration
+  def up
+    add_column :tokens, :persistent, :boolean
+  end
+
+  def down
+  end
+end

test/unit/token_test.rb

@@ -0,0 +1,109 @@
+# encoding: utf-8
+require 'test_helper'
+
+class TokenTest < ActiveSupport::TestCase
+  test 'token' do
+
+    tests = [
+
+      # test 1
+      {
+        :test_name => 'invalid token',
+        :action    => 'PasswordReset',
+        :name      => '1NV4L1D',
+        :result    => nil,
+      },
+
+      # test 2
+      {
+        :test_name => 'fresh token',
+        :create    => {
+          :user_id => 2,
+          :action  => 'PasswordReset',
+        },
+        :action => 'PasswordReset',
+        :result => true,
+        :verify => {
+          :firstname => 'Nicole',
+          :lastname  => 'Braun',
+          :email     => 'nicole.braun@zammad.org',
+        }
+      },
+
+      # test 3
+      {
+        :test_name => 'two days but not persistent',
+        :create    => {
+          :user_id    => 2,
+          :action     => 'PasswordReset',
+          :created_at => 2.day.ago,
+        },
+        :action => 'PasswordReset',
+        :result => nil,
+      },
+
+      {
+        :test_name => 'two days but persistent',
+        :create    => {
+          :user_id    => 2,
+          :action     => 'iCal',
+          :created_at => 2.day.ago,
+          :persistent => true,
+        },
+        :action => 'iCal',
+        :result => true,
+        :verify => {
+          :firstname => 'Nicole',
+          :lastname  => 'Braun',
+          :email     => 'nicole.braun@zammad.org',
+        }
+      },
+    ]
+
+    tests.each { |test|
+
+      if test[:create]
+
+        #puts test[:test_name] + ': creating token '+ test[:create].inspect
+
+        token = Token.create(
+          :action     => test[:create][:action],
+          :user_id    => test[:create][:user_id],
+          :created_at => test[:create][:created_at].to_s,
+          :persistent => test[:create][:persistent]
+        )
+
+        #puts test[:test_name] + ': created token ' + token.inspect
+
+        test[:name] = token.name
+      end
+
+      user = Token.check(
+        :action => test[:action],
+        :name   => test[:name]
+      )
+
+      if test[:result] == true
+        if !user
+          assert( false, test[:test_name] + ': token verification failed' )
+        else
+          test[:verify].each {|key, value|
+            assert_equal( user[key], value, 'verify' )
+          }
+        end
+      else
+        assert_equal( test[:result], user, test[:test_name] + ': failed or not existing' )
+      end
+
+      if test[:name]
+        #puts test[:test_name] + ': deleting token '+ test[:name]
+
+        token = Token.where( :name => test[:name] ).first
+
+        if token
+          token.destroy
+        end
+      end
+    }
+  end
+end