Mercurial > hg > soundsoftware-site

annotate app/controllers/account_controller.rb @ 1628:9c5f8e24dadc live tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Quieten this cron script
author Chris Cannam
date Tue, 25 Aug 2020 11:38:49 +0100
parents 2354ddf5a483
children
rev   line source
Chris@0 1 # Redmine - project management software
Chris@1494 2 # Copyright (C) 2006-2014 Jean-Philippe Lang
Chris@0 3 #
Chris@0 4 # This program is free software; you can redistribute it and/or
Chris@0 5 # modify it under the terms of the GNU General Public License
Chris@0 6 # as published by the Free Software Foundation; either version 2
Chris@0 7 # of the License, or (at your option) any later version.
Chris@909 8 #
Chris@0 9 # This program is distributed in the hope that it will be useful,
Chris@0 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@0 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@0 12 # GNU General Public License for more details.
Chris@909 13 #
Chris@0 14 # You should have received a copy of the GNU General Public License
Chris@0 15 # along with this program; if not, write to the Free Software
Chris@0 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@0 17
Chris@0 18 class AccountController < ApplicationController
Chris@0 19 helper :custom_fields
Chris@909 20 include CustomFieldsHelper
Chris@909 21
Chris@0 22 # prevents login action to be filtered by check_if_login_required application scope filter
Chris@1464 23 skip_before_filter :check_if_login_required, :check_password_change
Chris@1464 24
Chris@1464 25 # Overrides ApplicationController#verify_authenticity_token to disable
Chris@1464 26 # token verification on openid callbacks
Chris@1464 27 def verify_authenticity_token
Chris@1464 28 unless using_open_id?
Chris@1464 29 super
Chris@1464 30 end
Chris@1464 31 end
Chris@0 32
Chris@0 33 # Login request and validation
Chris@0 34 def login
Chris@0 35 if request.get?
Chris@1464 36 if User.current.logged?
Chris@1517 37 redirect_back_or_default home_url, :referer => true
Chris@1464 38 end
Chris@0 39 else
Chris@0 40 authenticate_user
Chris@0 41 end
chris@1521 42 rescue AuthSource::AuthSourceException => e
Chris@1115 43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
Chris@1115 44 render_error :message => e.message
Chris@0 45 end
Chris@0 46
Chris@0 47 # Log out current user and redirect to welcome page
Chris@0 48 def logout
Chris@1464 49 if User.current.anonymous?
Chris@1464 50 redirect_to home_url
Chris@1464 51 elsif request.post?
Chris@1464 52 logout_user
Chris@1464 53 redirect_to home_url
Chris@1464 54 end
Chris@1464 55 # display the logout form
Chris@0 56 end
Chris@909 57
Chris@1115 58 # Lets user choose a new password
Chris@0 59 def lost_password
Chris@1464 60 (redirect_to(home_url); return) unless Setting.lost_password?
Chris@0 61 if params[:token]
Chris@1464 62 @token = Token.find_token("recovery", params[:token].to_s)
Chris@1115 63 if @token.nil? || @token.expired?
Chris@1115 64 redirect_to home_url
Chris@1115 65 return
Chris@1115 66 end
Chris@0 67 @user = @token.user
Chris@1115 68 unless @user && @user.active?
Chris@1115 69 redirect_to home_url
Chris@1115 70 return
Chris@1115 71 end
Chris@0 72 if request.post?
Chris@0 73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
Chris@0 74 if @user.save
Chris@0 75 @token.destroy
Chris@0 76 flash[:notice] = l(:notice_account_password_updated)
Chris@1115 77 redirect_to signin_path
Chris@0 78 return
Chris@909 79 end
Chris@0 80 end
Chris@0 81 render :template => "account/password_recovery"
Chris@0 82 return
Chris@0 83 else
Chris@0 84 if request.post?
Chris@1115 85 user = User.find_by_mail(params[:mail].to_s)
Chris@1464 86 # user not found
Chris@1464 87 unless user
Chris@1115 88 flash.now[:error] = l(:notice_account_unknown_email)
Chris@1115 89 return
Chris@1115 90 end
Chris@1464 91 unless user.active?
Chris@1464 92 handle_inactive_user(user, lost_password_path)
Chris@1464 93 return
Chris@1464 94 end
Chris@1115 95 # user cannot change its password
Chris@1115 96 unless user.change_password_allowed?
Chris@1115 97 flash.now[:error] = l(:notice_can_t_change_password)
Chris@1115 98 return
Chris@1115 99 end
Chris@0 100 # create a new token for password recovery
Chris@0 101 token = Token.new(:user => user, :action => "recovery")
Chris@0 102 if token.save
Chris@1115 103 Mailer.lost_password(token).deliver
Chris@0 104 flash[:notice] = l(:notice_account_lost_email_sent)
Chris@1115 105 redirect_to signin_path
Chris@0 106 return
Chris@0 107 end
Chris@0 108 end
Chris@0 109 end
Chris@0 110 end
Chris@909 111
Chris@0 112 # User self-registration
Chris@0 113 def register
Chris@1464 114 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
luisf@60 115
Chris@0 116 if request.get?
Chris@0 117 session[:auth_source_registration] = nil
Chris@909 118 @user = User.new(:language => Setting.default_language)
luisf@62 119
luisf@62 120 @ssamr_user_details = SsamrUserDetail.new
luisf@62 121
Chris@0 122 else
Chris@1115 123 user_params = params[:user] || {}
Chris@1115 124 @user = User.new
Chris@1115 125 @user.safe_attributes = user_params
Chris@0 126 @user.admin = false
luisf@60 127
Chris@14 128 @user.register
luisf@55 129
Chris@0 130 if session[:auth_source_registration]
Chris@14 131 @user.activate
Chris@0 132 @user.login = session[:auth_source_registration][:login]
Chris@0 133 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
Chris@0 134 if @user.save
Chris@0 135 session[:auth_source_registration] = nil
Chris@0 136 self.logged_user = @user
Chris@0 137 flash[:notice] = l(:notice_account_activated)
Chris@1464 138 redirect_to my_account_path
Chris@0 139 end
Chris@0 140 else
Chris@0 141 @user.login = params[:user][:login]
Chris@1115 142 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
Chris@1115 143 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
Chris@1115 144 end
Chris@0 145
luisf@62 146 @ssamr_user_details = SsamrUserDetail.new(params[:ssamr_user_details])
luisf@62 147
luisf@62 148 # associates the 2 objects
luisf@62 149 @user.ssamr_user_detail = @ssamr_user_details
luis@192 150 @selected_institution_id = params[:ssamr_user_details][:institution_id].to_i
luisf@62 151
luis@192 152
Chris@0 153 case Setting.self_registration
Chris@0 154 when '1'
Chris@0 155 register_by_email_activation(@user)
Chris@0 156 when '3'
Chris@0 157 register_automatically(@user)
Chris@0 158 else
Chris@0 159 register_manually_by_administrator(@user)
Chris@0 160 end
Chris@0 161 end
Chris@0 162 end
Chris@0 163 end
Chris@909 164
Chris@0 165 # Token based account activation
Chris@0 166 def activate
Chris@1464 167 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
Chris@1464 168 token = Token.find_token('register', params[:token].to_s)
Chris@1464 169 (redirect_to(home_url); return) unless token and !token.expired?
Chris@0 170 user = token.user
Chris@1464 171 (redirect_to(home_url); return) unless user.registered?
Chris@14 172 user.activate
Chris@0 173 if user.save
Chris@0 174 token.destroy
Chris@0 175 flash[:notice] = l(:notice_account_activated)
Chris@0 176 end
Chris@1115 177 redirect_to signin_path
Chris@0 178 end
Chris@909 179
Chris@1464 180 # Sends a new account activation email
Chris@1464 181 def activation_email
Chris@1464 182 if session[:registered_user_id] && Setting.self_registration == '1'
Chris@1464 183 user_id = session.delete(:registered_user_id).to_i
Chris@1464 184 user = User.find_by_id(user_id)
Chris@1464 185 if user && user.registered?
Chris@1464 186 register_by_email_activation(user)
Chris@1464 187 return
Chris@1464 188 end
Chris@1464 189 end
Chris@1464 190 redirect_to(home_url)
Chris@1464 191 end
Chris@1464 192
Chris@0 193 private
Chris@909 194
Chris@0 195 def authenticate_user
Chris@0 196 if Setting.openid? && using_open_id?
Chris@0 197 open_id_authenticate(params[:openid_url])
Chris@0 198 else
Chris@0 199 password_authentication
Chris@0 200 end
Chris@0 201 end
Chris@0 202
Chris@0 203 def password_authentication
Chris@1464 204 user = User.try_to_login(params[:username], params[:password], false)
Chris@0 205
Chris@0 206 if user.nil?
Chris@0 207 invalid_credentials
Chris@0 208 elsif user.new_record?
Chris@0 209 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
Chris@0 210 else
Chris@0 211 # Valid user
Chris@1464 212 if user.active?
Chris@1464 213 successful_authentication(user)
Chris@1464 214 else
Chris@1464 215 handle_inactive_user(user)
Chris@1464 216 end
Chris@0 217 end
Chris@0 218 end
Chris@0 219
Chris@0 220 def open_id_authenticate(openid_url)
Chris@1464 221 back_url = signin_url(:autologin => params[:autologin])
Chris@1464 222 authenticate_with_open_id(
Chris@1464 223 openid_url, :required => [:nickname, :fullname, :email],
Chris@1464 224 :return_to => back_url, :method => :post
Chris@1464 225 ) do |result, identity_url, registration|
Chris@0 226 if result.successful?
Chris@0 227 user = User.find_or_initialize_by_identity_url(identity_url)
Chris@0 228 if user.new_record?
Chris@0 229 # Self-registration off
Chris@1464 230 (redirect_to(home_url); return) unless Setting.self_registration?
Chris@0 231 # Create on the fly
Chris@0 232 user.login = registration['nickname'] unless registration['nickname'].nil?
Chris@0 233 user.mail = registration['email'] unless registration['email'].nil?
Chris@0 234 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
Chris@0 235 user.random_password
Chris@14 236 user.register
Chris@0 237 case Setting.self_registration
Chris@0 238 when '1'
Chris@0 239 register_by_email_activation(user) do
Chris@0 240 onthefly_creation_failed(user)
Chris@0 241 end
Chris@0 242 when '3'
Chris@0 243 register_automatically(user) do
Chris@0 244 onthefly_creation_failed(user)
Chris@0 245 end
Chris@0 246 else
Chris@0 247 register_manually_by_administrator(user) do
Chris@0 248 onthefly_creation_failed(user)
Chris@0 249 end
Chris@909 250 end
Chris@0 251 else
Chris@0 252 # Existing record
Chris@0 253 if user.active?
Chris@0 254 successful_authentication(user)
Chris@0 255 else
Chris@1464 256 handle_inactive_user(user)
Chris@0 257 end
Chris@0 258 end
Chris@0 259 end
Chris@0 260 end
Chris@0 261 end
Chris@909 262
Chris@0 263 def successful_authentication(user)
Chris@1115 264 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
Chris@0 265 # Valid user
Chris@0 266 self.logged_user = user
Chris@0 267 # generate a key and set cookie if autologin
Chris@0 268 if params[:autologin] && Setting.autologin?
Chris@210 269 set_autologin_cookie(user)
Chris@0 270 end
Chris@0 271 call_hook(:controller_account_success_authentication_after, {:user => user })
Chris@1464 272 redirect_back_or_default my_page_path
Chris@0 273 end
Chris@909 274
Chris@210 275 def set_autologin_cookie(user)
Chris@210 276 token = Token.create(:user => user, :action => 'autologin')
Chris@210 277 cookie_options = {
Chris@210 278 :value => token.value,
Chris@210 279 :expires => 1.year.from_now,
Chris@210 280 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
Chris@210 281 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
Chris@210 282 :httponly => true
Chris@210 283 }
Chris@1464 284 cookies[autologin_cookie_name] = cookie_options
Chris@210 285 end
Chris@0 286
Chris@0 287 # Onthefly creation failed, display the registration form to fill/fix attributes
Chris@0 288 def onthefly_creation_failed(user, auth_source_options = { })
Chris@0 289 @user = user
Chris@0 290 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
Chris@0 291 render :action => 'register'
Chris@0 292 end
Chris@0 293
Chris@0 294 def invalid_credentials
Chris@0 295 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
Chris@0 296 flash.now[:error] = l(:notice_account_invalid_creditentials)
Chris@0 297 end
Chris@0 298
Chris@0 299 # Register a user for email activation.
Chris@0 300 #
Chris@0 301 # Pass a block for behavior when a user fails to save
Chris@0 302 def register_by_email_activation(user, &block)
Chris@0 303 token = Token.new(:user => user, :action => "register")
Chris@0 304 if user.save and token.save
Chris@1115 305 Mailer.register(token).deliver
Chris@1464 306 flash[:notice] = l(:notice_account_register_done, :email => user.mail)
Chris@1115 307 redirect_to signin_path
Chris@0 308 else
Chris@0 309 yield if block_given?
Chris@0 310 end
Chris@0 311 end
Chris@909 312
Chris@0 313 # Automatically register a user
Chris@0 314 #
Chris@0 315 # Pass a block for behavior when a user fails to save
Chris@0 316 def register_automatically(user, &block)
Chris@0 317 # Automatic activation
Chris@14 318 user.activate
Chris@0 319 user.last_login_on = Time.now
Chris@0 320 if user.save
Chris@0 321 self.logged_user = user
Chris@0 322 flash[:notice] = l(:notice_account_activated)
Chris@1464 323 redirect_to my_account_path
Chris@0 324 else
Chris@0 325 yield if block_given?
Chris@0 326 end
Chris@0 327 end
Chris@909 328
Chris@0 329 # Manual activation by the administrator
Chris@0 330 #
Chris@0 331 # Pass a block for behavior when a user fails to save
Chris@0 332 def register_manually_by_administrator(user, &block)
Chris@0 333 if user.save
luisf@62 334
luisf@62 335 @ssamr_user_details.save!
luisf@62 336
Chris@0 337 # Sends an email to the administrators
Chris@1115 338 Mailer.account_activation_request(user).deliver
Chris@1464 339 account_pending(user)
Chris@0 340 else
Chris@0 341 yield if block_given?
Chris@0 342 end
Chris@0 343 end
Chris@0 344
Chris@1464 345 def handle_inactive_user(user, redirect_path=signin_path)
Chris@1464 346 if user.registered?
Chris@1464 347 account_pending(user, redirect_path)
Chris@1464 348 else
Chris@1464 349 account_locked(user, redirect_path)
Chris@1464 350 end
Chris@1464 351 end
Chris@1464 352
Chris@1464 353 def account_pending(user, redirect_path=signin_path)
Chris@1464 354 if Setting.self_registration == '1'
Chris@1464 355 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
Chris@1464 356 session[:registered_user_id] = user.id
Chris@1464 357 else
Chris@1464 358 flash[:error] = l(:notice_account_pending)
Chris@1464 359 end
Chris@1464 360 redirect_to redirect_path
Chris@1464 361 end
Chris@1464 362
Chris@1464 363 def account_locked(user, redirect_path=signin_path)
Chris@1464 364 flash[:error] = l(:notice_account_locked)
Chris@1464 365 redirect_to redirect_path
Chris@0 366 end
Chris@0 367 end