soundsoftware-site: app/controllers/account

comparison app/controllers/account_controller.rb @ 1338:25603efa57b5

Merge from live branch

author	Chris Cannam
date	Thu, 20 Jun 2013 13:14:14 +0100
parents	bb32da3bea34
children	4f746d8966dd 51364c0cd58f

comparison

equal deleted inserted replaced

-:1b1138f6f55e
+:25603efa57b5
 # Redmine - project management software
-# Copyright (C) 2006-2011  Jean-Philippe Lang
+# Copyright (C) 2006-2012  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
 if request.get?
 logout_user
 else
 authenticate_user
 end
+rescue AuthSourceException => e
+logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
+render_error :message => e.message
 end
 # Log out current user and redirect to welcome page
 def logout
 logout_user
 redirect_to home_url
 end
-# Enable user to choose a new password
+# Lets user choose a new password
 def lost_password
 redirect_to(home_url) && return unless Setting.lost_password?
 if params[:token]
-@token = Token.find_by_action_and_value("recovery", params[:token])
+@token = Token.find_by_action_and_value("recovery", params[:token].to_s)
-redirect_to(home_url) && return unless @token and !@token.expired?
+if @token.nil? || @token.expired?
+redirect_to home_url
+return
+end
 @user = @token.user
+unless @user && @user.active?
+redirect_to home_url
+return
+end
 if request.post?
 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
 if @user.save
 @token.destroy
 flash[:notice] = l(:notice_account_password_updated)
-redirect_to :action => 'login'
+redirect_to signin_path
 return
 end
 end
 render :template => "account/password_recovery"
 return
 else
 if request.post?
-user = User.find_by_mail(params[:mail])
+user = User.find_by_mail(params[:mail].to_s)
-# user not found in db
+# user not found or not active
-(flash.now[:error] = l(:notice_account_unknown_email); return) unless user
+unless user && user.active?
-# user uses an external authentification
+flash.now[:error] = l(:notice_account_unknown_email)
-(flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
+return
+end
+# user cannot change its password
+unless user.change_password_allowed?
+flash.now[:error] = l(:notice_can_t_change_password)
+return
+end
 # create a new token for password recovery
 token = Token.new(:user => user, :action => "recovery")
 if token.save
-Mailer.deliver_lost_password(token)
+Mailer.lost_password(token).deliver
 flash[:notice] = l(:notice_account_lost_email_sent)
-redirect_to :action => 'login'
+redirect_to signin_path
 return
 end
 end
 end
 end
 @user = User.new(:language => Setting.default_language)
 @ssamr_user_details = SsamrUserDetail.new
 else
-@user = User.new(params[:user])
+user_params = params[:user] || {}
+@user = User.new
+@user.safe_attributes = user_params
 @user.admin = false
 @user.register
 if session[:auth_source_registration]
 flash[:notice] = l(:notice_account_activated)
 redirect_to :controller => 'my', :action => 'account'
 end
 else
 @user.login = params[:user][:login]
-@user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
+unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
+@user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
+end
 @ssamr_user_details = SsamrUserDetail.new(params[:ssamr_user_details])
 # associates the 2 objects
 @user.ssamr_user_detail = @ssamr_user_details
 user.activate
 if user.save
 token.destroy
 flash[:notice] = l(:notice_account_activated)
 end
-redirect_to :action => 'login'
+redirect_to signin_path
 end
 private
-def logout_user
-if User.current.logged?
-cookies.delete :autologin
-Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
-self.logged_user = nil
-end
-end
 def authenticate_user
 if Setting.openid? && using_open_id?
 open_id_authenticate(params[:openid_url])
 else
 successful_authentication(user)
 end
 end
 def open_id_authenticate(openid_url)
-authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
+authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
 if result.successful?
 user = User.find_or_initialize_by_identity_url(identity_url)
 if user.new_record?
 # Self-registration off
 redirect_to(home_url) && return unless Setting.self_registration?
 end
 end
 end
 def successful_authentication(user)
+logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
 # Valid user
 self.logged_user = user
 # generate a key and set cookie if autologin
 if params[:autologin] && Setting.autologin?
 set_autologin_cookie(user)
 #
 # Pass a block for behavior when a user fails to save
 def register_by_email_activation(user, &block)
 token = Token.new(:user => user, :action => "register")
 if user.save and token.save
-Mailer.deliver_register(token)
+Mailer.register(token).deliver
 flash[:notice] = l(:notice_account_register_done)
-redirect_to :action => 'login'
+redirect_to signin_path
 else
 yield if block_given?
 end
 end
 if user.save
 @ssamr_user_details.save!
 # Sends an email to the administrators
-Mailer.deliver_account_activation_request(user)
+Mailer.account_activation_request(user).deliver
 account_pending
 else
 yield if block_given?
 end
 end
 def account_pending
 flash[:notice] = l(:notice_account_pending)
-redirect_to :action => 'login'
+redirect_to signin_path
 end
 end

Mercurial > hg > soundsoftware-site

comparison app/controllers/account_controller.rb @ 1338:25603efa57b5