Mercurial > hg > soundsoftware-site

comparison .svn/pristine/3e/3e7a4b29a1b991aef04200318dd8a5df349fe39d.svn-base @ 1464:261b3d9a4903 redmine-2.4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine 2.4 branch rev 12663
author Chris Cannam
date Tue, 14 Jan 2014 14:37:42 +0000
parents
children
comparison
equal deleted inserted replaced
1296:038ba2d95de8 1464:261b3d9a4903
1 # Redmine - project management software
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 class AccountController < ApplicationController
19 helper :custom_fields
20 include CustomFieldsHelper
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required, :check_password_change
24
25 # Overrides ApplicationController#verify_authenticity_token to disable
26 # token verification on openid callbacks
27 def verify_authenticity_token
28 unless using_open_id?
29 super
30 end
31 end
32
33 # Login request and validation
34 def login
35 if request.get?
36 if User.current.logged?
37 redirect_to home_url
38 end
39 else
40 authenticate_user
41 end
42 rescue AuthSourceException => e
43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
44 render_error :message => e.message
45 end
46
47 # Log out current user and redirect to welcome page
48 def logout
49 if User.current.anonymous?
50 redirect_to home_url
51 elsif request.post?
52 logout_user
53 redirect_to home_url
54 end
55 # display the logout form
56 end
57
58 # Lets user choose a new password
59 def lost_password
60 (redirect_to(home_url); return) unless Setting.lost_password?
61 if params[:token]
62 @token = Token.find_token("recovery", params[:token].to_s)
63 if @token.nil? || @token.expired?
64 redirect_to home_url
65 return
66 end
67 @user = @token.user
68 unless @user && @user.active?
69 redirect_to home_url
70 return
71 end
72 if request.post?
73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
74 if @user.save
75 @token.destroy
76 flash[:notice] = l(:notice_account_password_updated)
77 redirect_to signin_path
78 return
79 end
80 end
81 render :template => "account/password_recovery"
82 return
83 else
84 if request.post?
85 user = User.find_by_mail(params[:mail].to_s)
86 # user not found
87 unless user
88 flash.now[:error] = l(:notice_account_unknown_email)
89 return
90 end
91 unless user.active?
92 handle_inactive_user(user, lost_password_path)
93 return
94 end
95 # user cannot change its password
96 unless user.change_password_allowed?
97 flash.now[:error] = l(:notice_can_t_change_password)
98 return
99 end
100 # create a new token for password recovery
101 token = Token.new(:user => user, :action => "recovery")
102 if token.save
103 Mailer.lost_password(token).deliver
104 flash[:notice] = l(:notice_account_lost_email_sent)
105 redirect_to signin_path
106 return
107 end
108 end
109 end
110 end
111
112 # User self-registration
113 def register
114 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
115 if request.get?
116 session[:auth_source_registration] = nil
117 @user = User.new(:language => current_language.to_s)
118 else
119 user_params = params[:user] || {}
120 @user = User.new
121 @user.safe_attributes = user_params
122 @user.admin = false
123 @user.register
124 if session[:auth_source_registration]
125 @user.activate
126 @user.login = session[:auth_source_registration][:login]
127 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
128 if @user.save
129 session[:auth_source_registration] = nil
130 self.logged_user = @user
131 flash[:notice] = l(:notice_account_activated)
132 redirect_to my_account_path
133 end
134 else
135 @user.login = params[:user][:login]
136 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
137 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
138 end
139
140 case Setting.self_registration
141 when '1'
142 register_by_email_activation(@user)
143 when '3'
144 register_automatically(@user)
145 else
146 register_manually_by_administrator(@user)
147 end
148 end
149 end
150 end
151
152 # Token based account activation
153 def activate
154 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
155 token = Token.find_token('register', params[:token].to_s)
156 (redirect_to(home_url); return) unless token and !token.expired?
157 user = token.user
158 (redirect_to(home_url); return) unless user.registered?
159 user.activate
160 if user.save
161 token.destroy
162 flash[:notice] = l(:notice_account_activated)
163 end
164 redirect_to signin_path
165 end
166
167 # Sends a new account activation email
168 def activation_email
169 if session[:registered_user_id] && Setting.self_registration == '1'
170 user_id = session.delete(:registered_user_id).to_i
171 user = User.find_by_id(user_id)
172 if user && user.registered?
173 register_by_email_activation(user)
174 return
175 end
176 end
177 redirect_to(home_url)
178 end
179
180 private
181
182 def authenticate_user
183 if Setting.openid? && using_open_id?
184 open_id_authenticate(params[:openid_url])
185 else
186 password_authentication
187 end
188 end
189
190 def password_authentication
191 user = User.try_to_login(params[:username], params[:password], false)
192
193 if user.nil?
194 invalid_credentials
195 elsif user.new_record?
196 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
197 else
198 # Valid user
199 if user.active?
200 successful_authentication(user)
201 else
202 handle_inactive_user(user)
203 end
204 end
205 end
206
207 def open_id_authenticate(openid_url)
208 back_url = signin_url(:autologin => params[:autologin])
209 authenticate_with_open_id(
210 openid_url, :required => [:nickname, :fullname, :email],
211 :return_to => back_url, :method => :post
212 ) do |result, identity_url, registration|
213 if result.successful?
214 user = User.find_or_initialize_by_identity_url(identity_url)
215 if user.new_record?
216 # Self-registration off
217 (redirect_to(home_url); return) unless Setting.self_registration?
218 # Create on the fly
219 user.login = registration['nickname'] unless registration['nickname'].nil?
220 user.mail = registration['email'] unless registration['email'].nil?
221 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
222 user.random_password
223 user.register
224 case Setting.self_registration
225 when '1'
226 register_by_email_activation(user) do
227 onthefly_creation_failed(user)
228 end
229 when '3'
230 register_automatically(user) do
231 onthefly_creation_failed(user)
232 end
233 else
234 register_manually_by_administrator(user) do
235 onthefly_creation_failed(user)
236 end
237 end
238 else
239 # Existing record
240 if user.active?
241 successful_authentication(user)
242 else
243 handle_inactive_user(user)
244 end
245 end
246 end
247 end
248 end
249
250 def successful_authentication(user)
251 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
252 # Valid user
253 self.logged_user = user
254 # generate a key and set cookie if autologin
255 if params[:autologin] && Setting.autologin?
256 set_autologin_cookie(user)
257 end
258 call_hook(:controller_account_success_authentication_after, {:user => user })
259 redirect_back_or_default my_page_path
260 end
261
262 def set_autologin_cookie(user)
263 token = Token.create(:user => user, :action => 'autologin')
264 cookie_options = {
265 :value => token.value,
266 :expires => 1.year.from_now,
267 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
268 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
269 :httponly => true
270 }
271 cookies[autologin_cookie_name] = cookie_options
272 end
273
274 # Onthefly creation failed, display the registration form to fill/fix attributes
275 def onthefly_creation_failed(user, auth_source_options = { })
276 @user = user
277 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
278 render :action => 'register'
279 end
280
281 def invalid_credentials
282 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
283 flash.now[:error] = l(:notice_account_invalid_creditentials)
284 end
285
286 # Register a user for email activation.
287 #
288 # Pass a block for behavior when a user fails to save
289 def register_by_email_activation(user, &block)
290 token = Token.new(:user => user, :action => "register")
291 if user.save and token.save
292 Mailer.register(token).deliver
293 flash[:notice] = l(:notice_account_register_done, :email => user.mail)
294 redirect_to signin_path
295 else
296 yield if block_given?
297 end
298 end
299
300 # Automatically register a user
301 #
302 # Pass a block for behavior when a user fails to save
303 def register_automatically(user, &block)
304 # Automatic activation
305 user.activate
306 user.last_login_on = Time.now
307 if user.save
308 self.logged_user = user
309 flash[:notice] = l(:notice_account_activated)
310 redirect_to my_account_path
311 else
312 yield if block_given?
313 end
314 end
315
316 # Manual activation by the administrator
317 #
318 # Pass a block for behavior when a user fails to save
319 def register_manually_by_administrator(user, &block)
320 if user.save
321 # Sends an email to the administrators
322 Mailer.account_activation_request(user).deliver
323 account_pending(user)
324 else
325 yield if block_given?
326 end
327 end
328
329 def handle_inactive_user(user, redirect_path=signin_path)
330 if user.registered?
331 account_pending(user, redirect_path)
332 else
333 account_locked(user, redirect_path)
334 end
335 end
336
337 def account_pending(user, redirect_path=signin_path)
338 if Setting.self_registration == '1'
339 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
340 session[:registered_user_id] = user.id
341 else
342 flash[:error] = l(:notice_account_pending)
343 end
344 redirect_to redirect_path
345 end
346
347 def account_locked(user, redirect_path=signin_path)
348 flash[:error] = l(:notice_account_locked)
349 redirect_to redirect_path
350 end
351 end