Mercurial > hg > soundsoftware-site
comparison app/controllers/account_controller.rb @ 1115:433d4f72a19b redmine-2.2
Update to Redmine SVN revision 11137 on 2.2-stable branch
| author | Chris Cannam |
|---|---|
| date | Mon, 07 Jan 2013 12:01:42 +0000 |
| parents | cbb26bc654de |
| children | bb32da3bea34 622f24f53b42 261b3d9a4903 |
comparison
equal
deleted
inserted
replaced
| 929:5f33065ddc4b | 1115:433d4f72a19b |
|---|---|
| 1 # Redmine - project management software | 1 # Redmine - project management software |
| 2 # Copyright (C) 2006-2011 Jean-Philippe Lang | 2 # Copyright (C) 2006-2012 Jean-Philippe Lang |
| 3 # | 3 # |
| 4 # This program is free software; you can redistribute it and/or | 4 # This program is free software; you can redistribute it and/or |
| 5 # modify it under the terms of the GNU General Public License | 5 # modify it under the terms of the GNU General Public License |
| 6 # as published by the Free Software Foundation; either version 2 | 6 # as published by the Free Software Foundation; either version 2 |
| 7 # of the License, or (at your option) any later version. | 7 # of the License, or (at your option) any later version. |
| 27 if request.get? | 27 if request.get? |
| 28 logout_user | 28 logout_user |
| 29 else | 29 else |
| 30 authenticate_user | 30 authenticate_user |
| 31 end | 31 end |
| 32 rescue AuthSourceException => e | |
| 33 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}" | |
| 34 render_error :message => e.message | |
| 32 end | 35 end |
| 33 | 36 |
| 34 # Log out current user and redirect to welcome page | 37 # Log out current user and redirect to welcome page |
| 35 def logout | 38 def logout |
| 36 logout_user | 39 logout_user |
| 37 redirect_to home_url | 40 redirect_to home_url |
| 38 end | 41 end |
| 39 | 42 |
| 40 # Enable user to choose a new password | 43 # Lets user choose a new password |
| 41 def lost_password | 44 def lost_password |
| 42 redirect_to(home_url) && return unless Setting.lost_password? | 45 redirect_to(home_url) && return unless Setting.lost_password? |
| 43 if params[:token] | 46 if params[:token] |
| 44 @token = Token.find_by_action_and_value("recovery", params[:token]) | 47 @token = Token.find_by_action_and_value("recovery", params[:token].to_s) |
| 45 redirect_to(home_url) && return unless @token and !@token.expired? | 48 if @token.nil? || @token.expired? |
| 49 redirect_to home_url | |
| 50 return | |
| 51 end | |
| 46 @user = @token.user | 52 @user = @token.user |
| 53 unless @user && @user.active? | |
| 54 redirect_to home_url | |
| 55 return | |
| 56 end | |
| 47 if request.post? | 57 if request.post? |
| 48 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] | 58 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] |
| 49 if @user.save | 59 if @user.save |
| 50 @token.destroy | 60 @token.destroy |
| 51 flash[:notice] = l(:notice_account_password_updated) | 61 flash[:notice] = l(:notice_account_password_updated) |
| 52 redirect_to :action => 'login' | 62 redirect_to signin_path |
| 53 return | 63 return |
| 54 end | 64 end |
| 55 end | 65 end |
| 56 render :template => "account/password_recovery" | 66 render :template => "account/password_recovery" |
| 57 return | 67 return |
| 58 else | 68 else |
| 59 if request.post? | 69 if request.post? |
| 60 user = User.find_by_mail(params[:mail]) | 70 user = User.find_by_mail(params[:mail].to_s) |
| 61 # user not found in db | 71 # user not found or not active |
| 62 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user | 72 unless user && user.active? |
| 63 # user uses an external authentification | 73 flash.now[:error] = l(:notice_account_unknown_email) |
| 64 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id | 74 return |
| 75 end | |
| 76 # user cannot change its password | |
| 77 unless user.change_password_allowed? | |
| 78 flash.now[:error] = l(:notice_can_t_change_password) | |
| 79 return | |
| 80 end | |
| 65 # create a new token for password recovery | 81 # create a new token for password recovery |
| 66 token = Token.new(:user => user, :action => "recovery") | 82 token = Token.new(:user => user, :action => "recovery") |
| 67 if token.save | 83 if token.save |
| 68 Mailer.deliver_lost_password(token) | 84 Mailer.lost_password(token).deliver |
| 69 flash[:notice] = l(:notice_account_lost_email_sent) | 85 flash[:notice] = l(:notice_account_lost_email_sent) |
| 70 redirect_to :action => 'login' | 86 redirect_to signin_path |
| 71 return | 87 return |
| 72 end | 88 end |
| 73 end | 89 end |
| 74 end | 90 end |
| 75 end | 91 end |
| 79 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration] | 95 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration] |
| 80 if request.get? | 96 if request.get? |
| 81 session[:auth_source_registration] = nil | 97 session[:auth_source_registration] = nil |
| 82 @user = User.new(:language => Setting.default_language) | 98 @user = User.new(:language => Setting.default_language) |
| 83 else | 99 else |
| 84 @user = User.new(params[:user]) | 100 user_params = params[:user] || {} |
| 101 @user = User.new | |
| 102 @user.safe_attributes = user_params | |
| 85 @user.admin = false | 103 @user.admin = false |
| 86 @user.register | 104 @user.register |
| 87 if session[:auth_source_registration] | 105 if session[:auth_source_registration] |
| 88 @user.activate | 106 @user.activate |
| 89 @user.login = session[:auth_source_registration][:login] | 107 @user.login = session[:auth_source_registration][:login] |
| 94 flash[:notice] = l(:notice_account_activated) | 112 flash[:notice] = l(:notice_account_activated) |
| 95 redirect_to :controller => 'my', :action => 'account' | 113 redirect_to :controller => 'my', :action => 'account' |
| 96 end | 114 end |
| 97 else | 115 else |
| 98 @user.login = params[:user][:login] | 116 @user.login = params[:user][:login] |
| 99 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] | 117 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank? |
| 118 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation] | |
| 119 end | |
| 100 | 120 |
| 101 case Setting.self_registration | 121 case Setting.self_registration |
| 102 when '1' | 122 when '1' |
| 103 register_by_email_activation(@user) | 123 register_by_email_activation(@user) |
| 104 when '3' | 124 when '3' |
| 120 user.activate | 140 user.activate |
| 121 if user.save | 141 if user.save |
| 122 token.destroy | 142 token.destroy |
| 123 flash[:notice] = l(:notice_account_activated) | 143 flash[:notice] = l(:notice_account_activated) |
| 124 end | 144 end |
| 125 redirect_to :action => 'login' | 145 redirect_to signin_path |
| 126 end | 146 end |
| 127 | 147 |
| 128 private | 148 private |
| 129 | |
| 130 def logout_user | |
| 131 if User.current.logged? | |
| 132 cookies.delete :autologin | |
| 133 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) | |
| 134 self.logged_user = nil | |
| 135 end | |
| 136 end | |
| 137 | 149 |
| 138 def authenticate_user | 150 def authenticate_user |
| 139 if Setting.openid? && using_open_id? | 151 if Setting.openid? && using_open_id? |
| 140 open_id_authenticate(params[:openid_url]) | 152 open_id_authenticate(params[:openid_url]) |
| 141 else | 153 else |
| 155 successful_authentication(user) | 167 successful_authentication(user) |
| 156 end | 168 end |
| 157 end | 169 end |
| 158 | 170 |
| 159 def open_id_authenticate(openid_url) | 171 def open_id_authenticate(openid_url) |
| 160 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration| | 172 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration| |
| 161 if result.successful? | 173 if result.successful? |
| 162 user = User.find_or_initialize_by_identity_url(identity_url) | 174 user = User.find_or_initialize_by_identity_url(identity_url) |
| 163 if user.new_record? | 175 if user.new_record? |
| 164 # Self-registration off | 176 # Self-registration off |
| 165 redirect_to(home_url) && return unless Setting.self_registration? | 177 redirect_to(home_url) && return unless Setting.self_registration? |
| 196 end | 208 end |
| 197 end | 209 end |
| 198 end | 210 end |
| 199 | 211 |
| 200 def successful_authentication(user) | 212 def successful_authentication(user) |
| 213 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}" | |
| 201 # Valid user | 214 # Valid user |
| 202 self.logged_user = user | 215 self.logged_user = user |
| 203 # generate a key and set cookie if autologin | 216 # generate a key and set cookie if autologin |
| 204 if params[:autologin] && Setting.autologin? | 217 if params[:autologin] && Setting.autologin? |
| 205 set_autologin_cookie(user) | 218 set_autologin_cookie(user) |
| 237 # | 250 # |
| 238 # Pass a block for behavior when a user fails to save | 251 # Pass a block for behavior when a user fails to save |
| 239 def register_by_email_activation(user, &block) | 252 def register_by_email_activation(user, &block) |
| 240 token = Token.new(:user => user, :action => "register") | 253 token = Token.new(:user => user, :action => "register") |
| 241 if user.save and token.save | 254 if user.save and token.save |
| 242 Mailer.deliver_register(token) | 255 Mailer.register(token).deliver |
| 243 flash[:notice] = l(:notice_account_register_done) | 256 flash[:notice] = l(:notice_account_register_done) |
| 244 redirect_to :action => 'login' | 257 redirect_to signin_path |
| 245 else | 258 else |
| 246 yield if block_given? | 259 yield if block_given? |
| 247 end | 260 end |
| 248 end | 261 end |
| 249 | 262 |
| 267 # | 280 # |
| 268 # Pass a block for behavior when a user fails to save | 281 # Pass a block for behavior when a user fails to save |
| 269 def register_manually_by_administrator(user, &block) | 282 def register_manually_by_administrator(user, &block) |
| 270 if user.save | 283 if user.save |
| 271 # Sends an email to the administrators | 284 # Sends an email to the administrators |
| 272 Mailer.deliver_account_activation_request(user) | 285 Mailer.account_activation_request(user).deliver |
| 273 account_pending | 286 account_pending |
| 274 else | 287 else |
| 275 yield if block_given? | 288 yield if block_given? |
| 276 end | 289 end |
| 277 end | 290 end |
| 278 | 291 |
| 279 def account_pending | 292 def account_pending |
| 280 flash[:notice] = l(:notice_account_pending) | 293 flash[:notice] = l(:notice_account_pending) |
| 281 redirect_to :action => 'login' | 294 redirect_to signin_path |
| 282 end | 295 end |
| 283 end | 296 end |