Mercurial > hg > soundsoftware-site

annotate app/controllers/account_controller.rb @ 1483:7e57ccd5f44b insider

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Close obsolete branch insider
author Chris Cannam
date Sat, 10 Nov 2012 12:57:50 +0000
parents 5e80956cc792
children bb32da3bea34
rev   line source
Chris@0 1 # Redmine - project management software
Chris@909 2 # Copyright (C) 2006-2011 Jean-Philippe Lang
Chris@0 3 #
Chris@0 4 # This program is free software; you can redistribute it and/or
Chris@0 5 # modify it under the terms of the GNU General Public License
Chris@0 6 # as published by the Free Software Foundation; either version 2
Chris@0 7 # of the License, or (at your option) any later version.
Chris@909 8 #
Chris@0 9 # This program is distributed in the hope that it will be useful,
Chris@0 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@0 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@0 12 # GNU General Public License for more details.
Chris@909 13 #
Chris@0 14 # You should have received a copy of the GNU General Public License
Chris@0 15 # along with this program; if not, write to the Free Software
Chris@0 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@0 17
Chris@0 18 class AccountController < ApplicationController
Chris@0 19 helper :custom_fields
Chris@909 20 include CustomFieldsHelper
Chris@909 21
Chris@0 22 # prevents login action to be filtered by check_if_login_required application scope filter
Chris@0 23 skip_before_filter :check_if_login_required
Chris@0 24
Chris@0 25 # Login request and validation
Chris@0 26 def login
Chris@0 27 if request.get?
Chris@0 28 logout_user
Chris@0 29 else
Chris@0 30 authenticate_user
Chris@0 31 end
Chris@0 32 end
Chris@0 33
Chris@0 34 # Log out current user and redirect to welcome page
Chris@0 35 def logout
Chris@0 36 logout_user
Chris@0 37 redirect_to home_url
Chris@0 38 end
Chris@909 39
Chris@0 40 # Enable user to choose a new password
Chris@0 41 def lost_password
Chris@0 42 redirect_to(home_url) && return unless Setting.lost_password?
Chris@0 43 if params[:token]
Chris@0 44 @token = Token.find_by_action_and_value("recovery", params[:token])
Chris@0 45 redirect_to(home_url) && return unless @token and !@token.expired?
Chris@0 46 @user = @token.user
Chris@0 47 if request.post?
Chris@0 48 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
Chris@0 49 if @user.save
Chris@0 50 @token.destroy
Chris@0 51 flash[:notice] = l(:notice_account_password_updated)
Chris@0 52 redirect_to :action => 'login'
Chris@0 53 return
Chris@909 54 end
Chris@0 55 end
Chris@0 56 render :template => "account/password_recovery"
Chris@0 57 return
Chris@0 58 else
Chris@0 59 if request.post?
Chris@0 60 user = User.find_by_mail(params[:mail])
Chris@0 61 # user not found in db
Chris@0 62 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
Chris@0 63 # user uses an external authentification
Chris@0 64 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
Chris@0 65 # create a new token for password recovery
Chris@0 66 token = Token.new(:user => user, :action => "recovery")
Chris@0 67 if token.save
Chris@0 68 Mailer.deliver_lost_password(token)
Chris@0 69 flash[:notice] = l(:notice_account_lost_email_sent)
Chris@0 70 redirect_to :action => 'login'
Chris@0 71 return
Chris@0 72 end
Chris@0 73 end
Chris@0 74 end
Chris@0 75 end
Chris@909 76
Chris@0 77 # User self-registration
Chris@0 78 def register
Chris@0 79 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
luisf@60 80
Chris@0 81 if request.get?
Chris@0 82 session[:auth_source_registration] = nil
Chris@0 83 @user = User.new(:language => Setting.default_language)
luisf@62 84
luisf@62 85 @ssamr_user_details = SsamrUserDetail.new
luisf@62 86
Chris@0 87 else
Chris@0 88 @user = User.new(params[:user])
Chris@0 89 @user.admin = false
luisf@60 90
Chris@14 91 @user.register
luisf@55 92
Chris@0 93 if session[:auth_source_registration]
Chris@14 94 @user.activate
Chris@0 95 @user.login = session[:auth_source_registration][:login]
Chris@0 96 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
Chris@0 97 if @user.save
Chris@0 98 session[:auth_source_registration] = nil
Chris@0 99 self.logged_user = @user
Chris@0 100 flash[:notice] = l(:notice_account_activated)
Chris@0 101 redirect_to :controller => 'my', :action => 'account'
Chris@0 102 end
Chris@0 103 else
Chris@0 104 @user.login = params[:user][:login]
Chris@0 105 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
Chris@0 106
luisf@62 107 @ssamr_user_details = SsamrUserDetail.new(params[:ssamr_user_details])
luisf@62 108
luisf@62 109 # associates the 2 objects
luisf@62 110 @user.ssamr_user_detail = @ssamr_user_details
luis@192 111 @selected_institution_id = params[:ssamr_user_details][:institution_id].to_i
luisf@62 112
luis@192 113
Chris@0 114 case Setting.self_registration
Chris@0 115 when '1'
Chris@0 116 register_by_email_activation(@user)
Chris@0 117 when '3'
Chris@0 118 register_automatically(@user)
Chris@0 119 else
Chris@0 120 register_manually_by_administrator(@user)
Chris@0 121 end
Chris@0 122 end
Chris@0 123 end
Chris@0 124 end
Chris@909 125
Chris@0 126 # Token based account activation
Chris@0 127 def activate
Chris@0 128 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
Chris@0 129 token = Token.find_by_action_and_value('register', params[:token])
Chris@0 130 redirect_to(home_url) && return unless token and !token.expired?
Chris@0 131 user = token.user
Chris@14 132 redirect_to(home_url) && return unless user.registered?
Chris@14 133 user.activate
Chris@0 134 if user.save
Chris@0 135 token.destroy
Chris@0 136 flash[:notice] = l(:notice_account_activated)
Chris@0 137 end
Chris@0 138 redirect_to :action => 'login'
Chris@0 139 end
Chris@909 140
Chris@0 141 private
Chris@909 142
Chris@0 143 def logout_user
Chris@0 144 if User.current.logged?
Chris@0 145 cookies.delete :autologin
Chris@0 146 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
Chris@0 147 self.logged_user = nil
Chris@0 148 end
Chris@0 149 end
Chris@909 150
Chris@0 151 def authenticate_user
Chris@0 152 if Setting.openid? && using_open_id?
Chris@0 153 open_id_authenticate(params[:openid_url])
Chris@0 154 else
Chris@0 155 password_authentication
Chris@0 156 end
Chris@0 157 end
Chris@0 158
Chris@0 159 def password_authentication
Chris@0 160 user = User.try_to_login(params[:username], params[:password])
Chris@0 161
Chris@0 162 if user.nil?
Chris@0 163 invalid_credentials
Chris@0 164 elsif user.new_record?
Chris@0 165 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
Chris@0 166 else
Chris@0 167 # Valid user
Chris@0 168 successful_authentication(user)
Chris@0 169 end
Chris@0 170 end
Chris@0 171
Chris@0 172 def open_id_authenticate(openid_url)
Chris@0 173 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
Chris@0 174 if result.successful?
Chris@0 175 user = User.find_or_initialize_by_identity_url(identity_url)
Chris@0 176 if user.new_record?
Chris@0 177 # Self-registration off
Chris@0 178 redirect_to(home_url) && return unless Setting.self_registration?
Chris@0 179
Chris@0 180 # Create on the fly
Chris@0 181 user.login = registration['nickname'] unless registration['nickname'].nil?
Chris@0 182 user.mail = registration['email'] unless registration['email'].nil?
Chris@0 183 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
Chris@0 184 user.random_password
Chris@14 185 user.register
Chris@0 186
Chris@0 187 case Setting.self_registration
Chris@0 188 when '1'
Chris@0 189 register_by_email_activation(user) do
Chris@0 190 onthefly_creation_failed(user)
Chris@0 191 end
Chris@0 192 when '3'
Chris@0 193 register_automatically(user) do
Chris@0 194 onthefly_creation_failed(user)
Chris@0 195 end
Chris@0 196 else
Chris@0 197 register_manually_by_administrator(user) do
Chris@0 198 onthefly_creation_failed(user)
Chris@0 199 end
Chris@909 200 end
Chris@0 201 else
Chris@0 202 # Existing record
Chris@0 203 if user.active?
Chris@0 204 successful_authentication(user)
Chris@0 205 else
Chris@0 206 account_pending
Chris@0 207 end
Chris@0 208 end
Chris@0 209 end
Chris@0 210 end
Chris@0 211 end
Chris@909 212
Chris@0 213 def successful_authentication(user)
Chris@0 214 # Valid user
Chris@0 215 self.logged_user = user
Chris@0 216 # generate a key and set cookie if autologin
Chris@0 217 if params[:autologin] && Setting.autologin?
Chris@210 218 set_autologin_cookie(user)
Chris@0 219 end
Chris@0 220 call_hook(:controller_account_success_authentication_after, {:user => user })
Chris@0 221 redirect_back_or_default :controller => 'my', :action => 'page'
Chris@0 222 end
Chris@909 223
Chris@210 224 def set_autologin_cookie(user)
Chris@210 225 token = Token.create(:user => user, :action => 'autologin')
Chris@210 226 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
Chris@210 227 cookie_options = {
Chris@210 228 :value => token.value,
Chris@210 229 :expires => 1.year.from_now,
Chris@210 230 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
Chris@210 231 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
Chris@210 232 :httponly => true
Chris@210 233 }
Chris@210 234 cookies[cookie_name] = cookie_options
Chris@210 235 end
Chris@0 236
Chris@0 237 # Onthefly creation failed, display the registration form to fill/fix attributes
Chris@0 238 def onthefly_creation_failed(user, auth_source_options = { })
Chris@0 239 @user = user
Chris@0 240 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
Chris@0 241 render :action => 'register'
Chris@0 242 end
Chris@0 243
Chris@0 244 def invalid_credentials
Chris@0 245 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
Chris@0 246 flash.now[:error] = l(:notice_account_invalid_creditentials)
Chris@0 247 end
Chris@0 248
Chris@0 249 # Register a user for email activation.
Chris@0 250 #
Chris@0 251 # Pass a block for behavior when a user fails to save
Chris@0 252 def register_by_email_activation(user, &block)
Chris@0 253 token = Token.new(:user => user, :action => "register")
Chris@0 254 if user.save and token.save
Chris@0 255 Mailer.deliver_register(token)
Chris@0 256 flash[:notice] = l(:notice_account_register_done)
Chris@0 257 redirect_to :action => 'login'
Chris@0 258 else
Chris@0 259 yield if block_given?
Chris@0 260 end
Chris@0 261 end
Chris@909 262
Chris@0 263 # Automatically register a user
Chris@0 264 #
Chris@0 265 # Pass a block for behavior when a user fails to save
Chris@0 266 def register_automatically(user, &block)
Chris@0 267 # Automatic activation
Chris@14 268 user.activate
Chris@0 269 user.last_login_on = Time.now
Chris@0 270 if user.save
Chris@0 271 self.logged_user = user
Chris@0 272 flash[:notice] = l(:notice_account_activated)
Chris@0 273 redirect_to :controller => 'my', :action => 'account'
Chris@0 274 else
Chris@0 275 yield if block_given?
Chris@0 276 end
Chris@0 277 end
Chris@909 278
Chris@0 279 # Manual activation by the administrator
Chris@0 280 #
Chris@0 281 # Pass a block for behavior when a user fails to save
Chris@0 282 def register_manually_by_administrator(user, &block)
Chris@0 283 if user.save
luisf@62 284
luisf@62 285 @ssamr_user_details.save!
luisf@62 286
Chris@0 287 # Sends an email to the administrators
Chris@0 288 Mailer.deliver_account_activation_request(user)
Chris@0 289 account_pending
Chris@0 290 else
Chris@0 291 yield if block_given?
Chris@0 292 end
Chris@0 293 end
Chris@0 294
Chris@0 295 def account_pending
Chris@0 296 flash[:notice] = l(:notice_account_pending)
Chris@0 297 redirect_to :action => 'login'
Chris@0 298 end
Chris@0 299 end