Mercurial > hg > soundsoftware-site
diff app/controllers/account_controller.rb @ 1115:433d4f72a19b redmine-2.2
Update to Redmine SVN revision 11137 on 2.2-stable branch
| author | Chris Cannam |
|---|---|
| date | Mon, 07 Jan 2013 12:01:42 +0000 |
| parents | cbb26bc654de |
| children | bb32da3bea34 622f24f53b42 261b3d9a4903 |
line wrap: on
line diff
--- a/app/controllers/account_controller.rb Wed Jun 27 14:54:18 2012 +0100 +++ b/app/controllers/account_controller.rb Mon Jan 07 12:01:42 2013 +0000 @@ -1,5 +1,5 @@ # Redmine - project management software -# Copyright (C) 2006-2011 Jean-Philippe Lang +# Copyright (C) 2006-2012 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -29,6 +29,9 @@ else authenticate_user end + rescue AuthSourceException => e + logger.error "An error occured when authenticating #{params[:username]}: #{e.message}" + render_error :message => e.message end # Log out current user and redirect to welcome page @@ -37,19 +40,26 @@ redirect_to home_url end - # Enable user to choose a new password + # Lets user choose a new password def lost_password redirect_to(home_url) && return unless Setting.lost_password? if params[:token] - @token = Token.find_by_action_and_value("recovery", params[:token]) - redirect_to(home_url) && return unless @token and !@token.expired? + @token = Token.find_by_action_and_value("recovery", params[:token].to_s) + if @token.nil? || @token.expired? + redirect_to home_url + return + end @user = @token.user + unless @user && @user.active? + redirect_to home_url + return + end if request.post? @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] if @user.save @token.destroy flash[:notice] = l(:notice_account_password_updated) - redirect_to :action => 'login' + redirect_to signin_path return end end @@ -57,17 +67,23 @@ return else if request.post? - user = User.find_by_mail(params[:mail]) - # user not found in db - (flash.now[:error] = l(:notice_account_unknown_email); return) unless user - # user uses an external authentification - (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id + user = User.find_by_mail(params[:mail].to_s) + # user not found or not active + unless user && user.active? + flash.now[:error] = l(:notice_account_unknown_email) + return + end + # user cannot change its password + unless user.change_password_allowed? + flash.now[:error] = l(:notice_can_t_change_password) + return + end # create a new token for password recovery token = Token.new(:user => user, :action => "recovery") if token.save - Mailer.deliver_lost_password(token) + Mailer.lost_password(token).deliver flash[:notice] = l(:notice_account_lost_email_sent) - redirect_to :action => 'login' + redirect_to signin_path return end end @@ -81,7 +97,9 @@ session[:auth_source_registration] = nil @user = User.new(:language => Setting.default_language) else - @user = User.new(params[:user]) + user_params = params[:user] || {} + @user = User.new + @user.safe_attributes = user_params @user.admin = false @user.register if session[:auth_source_registration] @@ -96,7 +114,9 @@ end else @user.login = params[:user][:login] - @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] + unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank? + @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation] + end case Setting.self_registration when '1' @@ -122,19 +142,11 @@ token.destroy flash[:notice] = l(:notice_account_activated) end - redirect_to :action => 'login' + redirect_to signin_path end private - def logout_user - if User.current.logged? - cookies.delete :autologin - Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) - self.logged_user = nil - end - end - def authenticate_user if Setting.openid? && using_open_id? open_id_authenticate(params[:openid_url]) @@ -157,7 +169,7 @@ end def open_id_authenticate(openid_url) - authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration| + authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration| if result.successful? user = User.find_or_initialize_by_identity_url(identity_url) if user.new_record? @@ -198,6 +210,7 @@ end def successful_authentication(user) + logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}" # Valid user self.logged_user = user # generate a key and set cookie if autologin @@ -239,9 +252,9 @@ def register_by_email_activation(user, &block) token = Token.new(:user => user, :action => "register") if user.save and token.save - Mailer.deliver_register(token) + Mailer.register(token).deliver flash[:notice] = l(:notice_account_register_done) - redirect_to :action => 'login' + redirect_to signin_path else yield if block_given? end @@ -269,7 +282,7 @@ def register_manually_by_administrator(user, &block) if user.save # Sends an email to the administrators - Mailer.deliver_account_activation_request(user) + Mailer.account_activation_request(user).deliver account_pending else yield if block_given? @@ -278,6 +291,6 @@ def account_pending flash[:notice] = l(:notice_account_pending) - redirect_to :action => 'login' + redirect_to signin_path end end