soundsoftware-site: .svn/pristine/a7/a757b81e7f3e085496f4684df875891a66fc60e7.svn-base annotate

annotate .svn/pristine/a7/a757b81e7f3e085496f4684df875891a66fc60e7.svn-base @ 1298:4f746d8966dd redmine_2.3_integration

Merge from redmine-2.3 branch to create new branch redmine-2.3-integration

author	Chris Cannam
date	Fri, 14 Jun 2013 09:28:30 +0100
parents	622f24f53b42
children

rev	line source
Chris@1295	1 # Redmine - project management software
Chris@1295	2 # Copyright (C) 2006-2013 Jean-Philippe Lang
Chris@1295	3 #
Chris@1295	4 # This program is free software; you can redistribute it and/or
Chris@1295	5 # modify it under the terms of the GNU General Public License
Chris@1295	6 # as published by the Free Software Foundation; either version 2
Chris@1295	7 # of the License, or (at your option) any later version.
Chris@1295	8 #
Chris@1295	9 # This program is distributed in the hope that it will be useful,
Chris@1295	10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@1295	11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@1295	12 # GNU General Public License for more details.
Chris@1295	13 #
Chris@1295	14 # You should have received a copy of the GNU General Public License
Chris@1295	15 # along with this program; if not, write to the Free Software
Chris@1295	16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@1295	17
Chris@1295	18 class AccountController < ApplicationController
Chris@1295	19 helper :custom_fields
Chris@1295	20 include CustomFieldsHelper
Chris@1295	21
Chris@1295	22 # prevents login action to be filtered by check_if_login_required application scope filter
Chris@1295	23 skip_before_filter :check_if_login_required
Chris@1295	24
Chris@1295	25 # Login request and validation
Chris@1295	26 def login
Chris@1295	27 if request.get?
Chris@1295	28 if User.current.logged?
Chris@1295	29 redirect_to home_url
Chris@1295	30 end
Chris@1295	31 else
Chris@1295	32 authenticate_user
Chris@1295	33 end
Chris@1295	34 rescue AuthSourceException => e
Chris@1295	35 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
Chris@1295	36 render_error :message => e.message
Chris@1295	37 end
Chris@1295	38
Chris@1295	39 # Log out current user and redirect to welcome page
Chris@1295	40 def logout
Chris@1295	41 if User.current.anonymous?
Chris@1295	42 redirect_to home_url
Chris@1295	43 elsif request.post?
Chris@1295	44 logout_user
Chris@1295	45 redirect_to home_url
Chris@1295	46 end
Chris@1295	47 # display the logout form
Chris@1295	48 end
Chris@1295	49
Chris@1295	50 # Lets user choose a new password
Chris@1295	51 def lost_password
Chris@1295	52 (redirect_to(home_url); return) unless Setting.lost_password?
Chris@1295	53 if params[:token]
Chris@1295	54 @token = Token.find_token("recovery", params[:token].to_s)
Chris@1295	55 if @token.nil? \|\| @token.expired?
Chris@1295	56 redirect_to home_url
Chris@1295	57 return
Chris@1295	58 end
Chris@1295	59 @user = @token.user
Chris@1295	60 unless @user && @user.active?
Chris@1295	61 redirect_to home_url
Chris@1295	62 return
Chris@1295	63 end
Chris@1295	64 if request.post?
Chris@1295	65 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
Chris@1295	66 if @user.save
Chris@1295	67 @token.destroy
Chris@1295	68 flash[:notice] = l(:notice_account_password_updated)
Chris@1295	69 redirect_to signin_path
Chris@1295	70 return
Chris@1295	71 end
Chris@1295	72 end
Chris@1295	73 render :template => "account/password_recovery"
Chris@1295	74 return
Chris@1295	75 else
Chris@1295	76 if request.post?
Chris@1295	77 user = User.find_by_mail(params[:mail].to_s)
Chris@1295	78 # user not found or not active
Chris@1295	79 unless user && user.active?
Chris@1295	80 flash.now[:error] = l(:notice_account_unknown_email)
Chris@1295	81 return
Chris@1295	82 end
Chris@1295	83 # user cannot change its password
Chris@1295	84 unless user.change_password_allowed?
Chris@1295	85 flash.now[:error] = l(:notice_can_t_change_password)
Chris@1295	86 return
Chris@1295	87 end
Chris@1295	88 # create a new token for password recovery
Chris@1295	89 token = Token.new(:user => user, :action => "recovery")
Chris@1295	90 if token.save
Chris@1295	91 Mailer.lost_password(token).deliver
Chris@1295	92 flash[:notice] = l(:notice_account_lost_email_sent)
Chris@1295	93 redirect_to signin_path
Chris@1295	94 return
Chris@1295	95 end
Chris@1295	96 end
Chris@1295	97 end
Chris@1295	98 end
Chris@1295	99
Chris@1295	100 # User self-registration
Chris@1295	101 def register
Chris@1295	102 (redirect_to(home_url); return) unless Setting.self_registration? \|\| session[:auth_source_registration]
Chris@1295	103 if request.get?
Chris@1295	104 session[:auth_source_registration] = nil
Chris@1295	105 @user = User.new(:language => current_language.to_s)
Chris@1295	106 else
Chris@1295	107 user_params = params[:user] \|\| {}
Chris@1295	108 @user = User.new
Chris@1295	109 @user.safe_attributes = user_params
Chris@1295	110 @user.admin = false
Chris@1295	111 @user.register
Chris@1295	112 if session[:auth_source_registration]
Chris@1295	113 @user.activate
Chris@1295	114 @user.login = session[:auth_source_registration][:login]
Chris@1295	115 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
Chris@1295	116 if @user.save
Chris@1295	117 session[:auth_source_registration] = nil
Chris@1295	118 self.logged_user = @user
Chris@1295	119 flash[:notice] = l(:notice_account_activated)
Chris@1295	120 redirect_to my_account_path
Chris@1295	121 end
Chris@1295	122 else
Chris@1295	123 @user.login = params[:user][:login]
Chris@1295	124 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
Chris@1295	125 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
Chris@1295	126 end
Chris@1295	127
Chris@1295	128 case Setting.self_registration
Chris@1295	129 when '1'
Chris@1295	130 register_by_email_activation(@user)
Chris@1295	131 when '3'
Chris@1295	132 register_automatically(@user)
Chris@1295	133 else
Chris@1295	134 register_manually_by_administrator(@user)
Chris@1295	135 end
Chris@1295	136 end
Chris@1295	137 end
Chris@1295	138 end
Chris@1295	139
Chris@1295	140 # Token based account activation
Chris@1295	141 def activate
Chris@1295	142 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
Chris@1295	143 token = Token.find_token('register', params[:token].to_s)
Chris@1295	144 (redirect_to(home_url); return) unless token and !token.expired?
Chris@1295	145 user = token.user
Chris@1295	146 (redirect_to(home_url); return) unless user.registered?
Chris@1295	147 user.activate
Chris@1295	148 if user.save
Chris@1295	149 token.destroy
Chris@1295	150 flash[:notice] = l(:notice_account_activated)
Chris@1295	151 end
Chris@1295	152 redirect_to signin_path
Chris@1295	153 end
Chris@1295	154
Chris@1295	155 private
Chris@1295	156
Chris@1295	157 def authenticate_user
Chris@1295	158 if Setting.openid? && using_open_id?
Chris@1295	159 open_id_authenticate(params[:openid_url])
Chris@1295	160 else
Chris@1295	161 password_authentication
Chris@1295	162 end
Chris@1295	163 end
Chris@1295	164
Chris@1295	165 def password_authentication
Chris@1295	166 user = User.try_to_login(params[:username], params[:password])
Chris@1295	167
Chris@1295	168 if user.nil?
Chris@1295	169 invalid_credentials
Chris@1295	170 elsif user.new_record?
Chris@1295	171 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
Chris@1295	172 else
Chris@1295	173 # Valid user
Chris@1295	174 successful_authentication(user)
Chris@1295	175 end
Chris@1295	176 end
Chris@1295	177
Chris@1295	178 def open_id_authenticate(openid_url)
Chris@1295	179 back_url = signin_url(:autologin => params[:autologin])
Chris@1295	180
Chris@1295	181 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => back_url, :method => :post) do \|result, identity_url, registration\|
Chris@1295	182 if result.successful?
Chris@1295	183 user = User.find_or_initialize_by_identity_url(identity_url)
Chris@1295	184 if user.new_record?
Chris@1295	185 # Self-registration off
Chris@1295	186 (redirect_to(home_url); return) unless Setting.self_registration?
Chris@1295	187
Chris@1295	188 # Create on the fly
Chris@1295	189 user.login = registration['nickname'] unless registration['nickname'].nil?
Chris@1295	190 user.mail = registration['email'] unless registration['email'].nil?
Chris@1295	191 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
Chris@1295	192 user.random_password
Chris@1295	193 user.register
Chris@1295	194
Chris@1295	195 case Setting.self_registration
Chris@1295	196 when '1'
Chris@1295	197 register_by_email_activation(user) do
Chris@1295	198 onthefly_creation_failed(user)
Chris@1295	199 end
Chris@1295	200 when '3'
Chris@1295	201 register_automatically(user) do
Chris@1295	202 onthefly_creation_failed(user)
Chris@1295	203 end
Chris@1295	204 else
Chris@1295	205 register_manually_by_administrator(user) do
Chris@1295	206 onthefly_creation_failed(user)
Chris@1295	207 end
Chris@1295	208 end
Chris@1295	209 else
Chris@1295	210 # Existing record
Chris@1295	211 if user.active?
Chris@1295	212 successful_authentication(user)
Chris@1295	213 else
Chris@1295	214 account_pending
Chris@1295	215 end
Chris@1295	216 end
Chris@1295	217 end
Chris@1295	218 end
Chris@1295	219 end
Chris@1295	220
Chris@1295	221 def successful_authentication(user)
Chris@1295	222 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
Chris@1295	223 # Valid user
Chris@1295	224 self.logged_user = user
Chris@1295	225 # generate a key and set cookie if autologin
Chris@1295	226 if params[:autologin] && Setting.autologin?
Chris@1295	227 set_autologin_cookie(user)
Chris@1295	228 end
Chris@1295	229 call_hook(:controller_account_success_authentication_after, {:user => user })
Chris@1295	230 redirect_back_or_default my_page_path
Chris@1295	231 end
Chris@1295	232
Chris@1295	233 def set_autologin_cookie(user)
Chris@1295	234 token = Token.create(:user => user, :action => 'autologin')
Chris@1295	235 cookie_options = {
Chris@1295	236 :value => token.value,
Chris@1295	237 :expires => 1.year.from_now,
Chris@1295	238 :path => (Redmine::Configuration['autologin_cookie_path'] \|\| '/'),
Chris@1295	239 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
Chris@1295	240 :httponly => true
Chris@1295	241 }
Chris@1295	242 cookies[autologin_cookie_name] = cookie_options
Chris@1295	243 end
Chris@1295	244
Chris@1295	245 # Onthefly creation failed, display the registration form to fill/fix attributes
Chris@1295	246 def onthefly_creation_failed(user, auth_source_options = { })
Chris@1295	247 @user = user
Chris@1295	248 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
Chris@1295	249 render :action => 'register'
Chris@1295	250 end
Chris@1295	251
Chris@1295	252 def invalid_credentials
Chris@1295	253 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
Chris@1295	254 flash.now[:error] = l(:notice_account_invalid_creditentials)
Chris@1295	255 end
Chris@1295	256
Chris@1295	257 # Register a user for email activation.
Chris@1295	258 #
Chris@1295	259 # Pass a block for behavior when a user fails to save
Chris@1295	260 def register_by_email_activation(user, &block)
Chris@1295	261 token = Token.new(:user => user, :action => "register")
Chris@1295	262 if user.save and token.save
Chris@1295	263 Mailer.register(token).deliver
Chris@1295	264 flash[:notice] = l(:notice_account_register_done)
Chris@1295	265 redirect_to signin_path
Chris@1295	266 else
Chris@1295	267 yield if block_given?
Chris@1295	268 end
Chris@1295	269 end
Chris@1295	270
Chris@1295	271 # Automatically register a user
Chris@1295	272 #
Chris@1295	273 # Pass a block for behavior when a user fails to save
Chris@1295	274 def register_automatically(user, &block)
Chris@1295	275 # Automatic activation
Chris@1295	276 user.activate
Chris@1295	277 user.last_login_on = Time.now
Chris@1295	278 if user.save
Chris@1295	279 self.logged_user = user
Chris@1295	280 flash[:notice] = l(:notice_account_activated)
Chris@1295	281 redirect_to my_account_path
Chris@1295	282 else
Chris@1295	283 yield if block_given?
Chris@1295	284 end
Chris@1295	285 end
Chris@1295	286
Chris@1295	287 # Manual activation by the administrator
Chris@1295	288 #
Chris@1295	289 # Pass a block for behavior when a user fails to save
Chris@1295	290 def register_manually_by_administrator(user, &block)
Chris@1295	291 if user.save
Chris@1295	292 # Sends an email to the administrators
Chris@1295	293 Mailer.account_activation_request(user).deliver
Chris@1295	294 account_pending
Chris@1295	295 else
Chris@1295	296 yield if block_given?
Chris@1295	297 end
Chris@1295	298 end
Chris@1295	299
Chris@1295	300 def account_pending
Chris@1295	301 flash[:notice] = l(:notice_account_pending)
Chris@1295	302 redirect_to signin_path
Chris@1295	303 end
Chris@1295	304 end

Mercurial > hg > soundsoftware-site

annotate .svn/pristine/a7/a757b81e7f3e085496f4684df875891a66fc60e7.svn-base @ 1298:4f746d8966dd redmine_2.3_integration