Mercurial > hg > soundsoftware-site

comparison .svn/pristine/a7/a757b81e7f3e085496f4684df875891a66fc60e7.svn-base @ 1298:4f746d8966dd redmine_2.3_integration

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge from redmine-2.3 branch to create new branch redmine-2.3-integration
author Chris Cannam
date Fri, 14 Jun 2013 09:28:30 +0100
parents 622f24f53b42
children
comparison
equal deleted inserted replaced
1297:0a574315af3e 1298:4f746d8966dd
1 # Redmine - project management software
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 class AccountController < ApplicationController
19 helper :custom_fields
20 include CustomFieldsHelper
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required
24
25 # Login request and validation
26 def login
27 if request.get?
28 if User.current.logged?
29 redirect_to home_url
30 end
31 else
32 authenticate_user
33 end
34 rescue AuthSourceException => e
35 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
36 render_error :message => e.message
37 end
38
39 # Log out current user and redirect to welcome page
40 def logout
41 if User.current.anonymous?
42 redirect_to home_url
43 elsif request.post?
44 logout_user
45 redirect_to home_url
46 end
47 # display the logout form
48 end
49
50 # Lets user choose a new password
51 def lost_password
52 (redirect_to(home_url); return) unless Setting.lost_password?
53 if params[:token]
54 @token = Token.find_token("recovery", params[:token].to_s)
55 if @token.nil? || @token.expired?
56 redirect_to home_url
57 return
58 end
59 @user = @token.user
60 unless @user && @user.active?
61 redirect_to home_url
62 return
63 end
64 if request.post?
65 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
66 if @user.save
67 @token.destroy
68 flash[:notice] = l(:notice_account_password_updated)
69 redirect_to signin_path
70 return
71 end
72 end
73 render :template => "account/password_recovery"
74 return
75 else
76 if request.post?
77 user = User.find_by_mail(params[:mail].to_s)
78 # user not found or not active
79 unless user && user.active?
80 flash.now[:error] = l(:notice_account_unknown_email)
81 return
82 end
83 # user cannot change its password
84 unless user.change_password_allowed?
85 flash.now[:error] = l(:notice_can_t_change_password)
86 return
87 end
88 # create a new token for password recovery
89 token = Token.new(:user => user, :action => "recovery")
90 if token.save
91 Mailer.lost_password(token).deliver
92 flash[:notice] = l(:notice_account_lost_email_sent)
93 redirect_to signin_path
94 return
95 end
96 end
97 end
98 end
99
100 # User self-registration
101 def register
102 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
103 if request.get?
104 session[:auth_source_registration] = nil
105 @user = User.new(:language => current_language.to_s)
106 else
107 user_params = params[:user] || {}
108 @user = User.new
109 @user.safe_attributes = user_params
110 @user.admin = false
111 @user.register
112 if session[:auth_source_registration]
113 @user.activate
114 @user.login = session[:auth_source_registration][:login]
115 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
116 if @user.save
117 session[:auth_source_registration] = nil
118 self.logged_user = @user
119 flash[:notice] = l(:notice_account_activated)
120 redirect_to my_account_path
121 end
122 else
123 @user.login = params[:user][:login]
124 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
125 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
126 end
127
128 case Setting.self_registration
129 when '1'
130 register_by_email_activation(@user)
131 when '3'
132 register_automatically(@user)
133 else
134 register_manually_by_administrator(@user)
135 end
136 end
137 end
138 end
139
140 # Token based account activation
141 def activate
142 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
143 token = Token.find_token('register', params[:token].to_s)
144 (redirect_to(home_url); return) unless token and !token.expired?
145 user = token.user
146 (redirect_to(home_url); return) unless user.registered?
147 user.activate
148 if user.save
149 token.destroy
150 flash[:notice] = l(:notice_account_activated)
151 end
152 redirect_to signin_path
153 end
154
155 private
156
157 def authenticate_user
158 if Setting.openid? && using_open_id?
159 open_id_authenticate(params[:openid_url])
160 else
161 password_authentication
162 end
163 end
164
165 def password_authentication
166 user = User.try_to_login(params[:username], params[:password])
167
168 if user.nil?
169 invalid_credentials
170 elsif user.new_record?
171 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
172 else
173 # Valid user
174 successful_authentication(user)
175 end
176 end
177
178 def open_id_authenticate(openid_url)
179 back_url = signin_url(:autologin => params[:autologin])
180
181 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => back_url, :method => :post) do |result, identity_url, registration|
182 if result.successful?
183 user = User.find_or_initialize_by_identity_url(identity_url)
184 if user.new_record?
185 # Self-registration off
186 (redirect_to(home_url); return) unless Setting.self_registration?
187
188 # Create on the fly
189 user.login = registration['nickname'] unless registration['nickname'].nil?
190 user.mail = registration['email'] unless registration['email'].nil?
191 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
192 user.random_password
193 user.register
194
195 case Setting.self_registration
196 when '1'
197 register_by_email_activation(user) do
198 onthefly_creation_failed(user)
199 end
200 when '3'
201 register_automatically(user) do
202 onthefly_creation_failed(user)
203 end
204 else
205 register_manually_by_administrator(user) do
206 onthefly_creation_failed(user)
207 end
208 end
209 else
210 # Existing record
211 if user.active?
212 successful_authentication(user)
213 else
214 account_pending
215 end
216 end
217 end
218 end
219 end
220
221 def successful_authentication(user)
222 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
223 # Valid user
224 self.logged_user = user
225 # generate a key and set cookie if autologin
226 if params[:autologin] && Setting.autologin?
227 set_autologin_cookie(user)
228 end
229 call_hook(:controller_account_success_authentication_after, {:user => user })
230 redirect_back_or_default my_page_path
231 end
232
233 def set_autologin_cookie(user)
234 token = Token.create(:user => user, :action => 'autologin')
235 cookie_options = {
236 :value => token.value,
237 :expires => 1.year.from_now,
238 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
239 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
240 :httponly => true
241 }
242 cookies[autologin_cookie_name] = cookie_options
243 end
244
245 # Onthefly creation failed, display the registration form to fill/fix attributes
246 def onthefly_creation_failed(user, auth_source_options = { })
247 @user = user
248 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
249 render :action => 'register'
250 end
251
252 def invalid_credentials
253 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
254 flash.now[:error] = l(:notice_account_invalid_creditentials)
255 end
256
257 # Register a user for email activation.
258 #
259 # Pass a block for behavior when a user fails to save
260 def register_by_email_activation(user, &block)
261 token = Token.new(:user => user, :action => "register")
262 if user.save and token.save
263 Mailer.register(token).deliver
264 flash[:notice] = l(:notice_account_register_done)
265 redirect_to signin_path
266 else
267 yield if block_given?
268 end
269 end
270
271 # Automatically register a user
272 #
273 # Pass a block for behavior when a user fails to save
274 def register_automatically(user, &block)
275 # Automatic activation
276 user.activate
277 user.last_login_on = Time.now
278 if user.save
279 self.logged_user = user
280 flash[:notice] = l(:notice_account_activated)
281 redirect_to my_account_path
282 else
283 yield if block_given?
284 end
285 end
286
287 # Manual activation by the administrator
288 #
289 # Pass a block for behavior when a user fails to save
290 def register_manually_by_administrator(user, &block)
291 if user.save
292 # Sends an email to the administrators
293 Mailer.account_activation_request(user).deliver
294 account_pending
295 else
296 yield if block_given?
297 end
298 end
299
300 def account_pending
301 flash[:notice] = l(:notice_account_pending)
302 redirect_to signin_path
303 end
304 end