##// END OF EJS Templates
jro_apps » redmine
RSS
Use .skip_before_action instead of .skip_before_filter....
Jean-Philippe Lang -
r15274:2457f5914d90
parent child
Show More
Side by Side Unified
Context file:
r15274:2457f5914d90 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,361 +1,361
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required, :check_password_change
23 skip_before_action :check_if_login_required, :check_password_change
24 24
25 25 # Overrides ApplicationController#verify_authenticity_token to disable
26 26 # token verification on openid callbacks
27 27 def verify_authenticity_token
28 28 unless using_open_id?
29 29 super
30 30 end
31 31 end
32 32
33 33 # Login request and validation
34 34 def login
35 35 if request.get?
36 36 if User.current.logged?
37 37 redirect_back_or_default home_url, :referer => true
38 38 end
39 39 else
40 40 authenticate_user
41 41 end
42 42 rescue AuthSourceException => e
43 43 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
44 44 render_error :message => e.message
45 45 end
46 46
47 47 # Log out current user and redirect to welcome page
48 48 def logout
49 49 if User.current.anonymous?
50 50 redirect_to home_url
51 51 elsif request.post?
52 52 logout_user
53 53 redirect_to home_url
54 54 end
55 55 # display the logout form
56 56 end
57 57
58 58 # Lets user choose a new password
59 59 def lost_password
60 60 (redirect_to(home_url); return) unless Setting.lost_password?
61 61 if params[:token]
62 62 @token = Token.find_token("recovery", params[:token].to_s)
63 63 if @token.nil? || @token.expired?
64 64 redirect_to home_url
65 65 return
66 66 end
67 67 @user = @token.user
68 68 unless @user && @user.active?
69 69 redirect_to home_url
70 70 return
71 71 end
72 72 if request.post?
73 73 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
74 74 if @user.save
75 75 @token.destroy
76 76 Mailer.password_updated(@user)
77 77 flash[:notice] = l(:notice_account_password_updated)
78 78 redirect_to signin_path
79 79 return
80 80 end
81 81 end
82 82 render :template => "account/password_recovery"
83 83 return
84 84 else
85 85 if request.post?
86 86 email = params[:mail].to_s
87 87 user = User.find_by_mail(email)
88 88 # user not found
89 89 unless user
90 90 flash.now[:error] = l(:notice_account_unknown_email)
91 91 return
92 92 end
93 93 unless user.active?
94 94 handle_inactive_user(user, lost_password_path)
95 95 return
96 96 end
97 97 # user cannot change its password
98 98 unless user.change_password_allowed?
99 99 flash.now[:error] = l(:notice_can_t_change_password)
100 100 return
101 101 end
102 102 # create a new token for password recovery
103 103 token = Token.new(:user => user, :action => "recovery")
104 104 if token.save
105 105 # Don't use the param to send the email
106 106 recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail
107 107 Mailer.lost_password(token, recipent).deliver
108 108 flash[:notice] = l(:notice_account_lost_email_sent)
109 109 redirect_to signin_path
110 110 return
111 111 end
112 112 end
113 113 end
114 114 end
115 115
116 116 # User self-registration
117 117 def register
118 118 (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
119 119 if request.get?
120 120 session[:auth_source_registration] = nil
121 121 @user = User.new(:language => current_language.to_s)
122 122 else
123 123 user_params = params[:user] || {}
124 124 @user = User.new
125 125 @user.safe_attributes = user_params
126 126 @user.pref.attributes = params[:pref] if params[:pref]
127 127 @user.admin = false
128 128 @user.register
129 129 if session[:auth_source_registration]
130 130 @user.activate
131 131 @user.login = session[:auth_source_registration][:login]
132 132 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
133 133 if @user.save
134 134 session[:auth_source_registration] = nil
135 135 self.logged_user = @user
136 136 flash[:notice] = l(:notice_account_activated)
137 137 redirect_to my_account_path
138 138 end
139 139 else
140 140 @user.login = params[:user][:login]
141 141 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
142 142 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
143 143 end
144 144
145 145 case Setting.self_registration
146 146 when '1'
147 147 register_by_email_activation(@user)
148 148 when '3'
149 149 register_automatically(@user)
150 150 else
151 151 register_manually_by_administrator(@user)
152 152 end
153 153 end
154 154 end
155 155 end
156 156
157 157 # Token based account activation
158 158 def activate
159 159 (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
160 160 token = Token.find_token('register', params[:token].to_s)
161 161 (redirect_to(home_url); return) unless token and !token.expired?
162 162 user = token.user
163 163 (redirect_to(home_url); return) unless user.registered?
164 164 user.activate
165 165 if user.save
166 166 token.destroy
167 167 flash[:notice] = l(:notice_account_activated)
168 168 end
169 169 redirect_to signin_path
170 170 end
171 171
172 172 # Sends a new account activation email
173 173 def activation_email
174 174 if session[:registered_user_id] && Setting.self_registration == '1'
175 175 user_id = session.delete(:registered_user_id).to_i
176 176 user = User.find_by_id(user_id)
177 177 if user && user.registered?
178 178 register_by_email_activation(user)
179 179 return
180 180 end
181 181 end
182 182 redirect_to(home_url)
183 183 end
184 184
185 185 private
186 186
187 187 def authenticate_user
188 188 if Setting.openid? && using_open_id?
189 189 open_id_authenticate(params[:openid_url])
190 190 else
191 191 password_authentication
192 192 end
193 193 end
194 194
195 195 def password_authentication
196 196 user = User.try_to_login(params[:username], params[:password], false)
197 197
198 198 if user.nil?
199 199 invalid_credentials
200 200 elsif user.new_record?
201 201 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
202 202 else
203 203 # Valid user
204 204 if user.active?
205 205 successful_authentication(user)
206 206 update_sudo_timestamp! # activate Sudo Mode
207 207 else
208 208 handle_inactive_user(user)
209 209 end
210 210 end
211 211 end
212 212
213 213 def open_id_authenticate(openid_url)
214 214 back_url = signin_url(:autologin => params[:autologin])
215 215 authenticate_with_open_id(
216 216 openid_url, :required => [:nickname, :fullname, :email],
217 217 :return_to => back_url, :method => :post
218 218 ) do |result, identity_url, registration|
219 219 if result.successful?
220 220 user = User.find_or_initialize_by_identity_url(identity_url)
221 221 if user.new_record?
222 222 # Self-registration off
223 223 (redirect_to(home_url); return) unless Setting.self_registration?
224 224 # Create on the fly
225 225 user.login = registration['nickname'] unless registration['nickname'].nil?
226 226 user.mail = registration['email'] unless registration['email'].nil?
227 227 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
228 228 user.random_password
229 229 user.register
230 230 case Setting.self_registration
231 231 when '1'
232 232 register_by_email_activation(user) do
233 233 onthefly_creation_failed(user)
234 234 end
235 235 when '3'
236 236 register_automatically(user) do
237 237 onthefly_creation_failed(user)
238 238 end
239 239 else
240 240 register_manually_by_administrator(user) do
241 241 onthefly_creation_failed(user)
242 242 end
243 243 end
244 244 else
245 245 # Existing record
246 246 if user.active?
247 247 successful_authentication(user)
248 248 else
249 249 handle_inactive_user(user)
250 250 end
251 251 end
252 252 end
253 253 end
254 254 end
255 255
256 256 def successful_authentication(user)
257 257 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
258 258 # Valid user
259 259 self.logged_user = user
260 260 # generate a key and set cookie if autologin
261 261 if params[:autologin] && Setting.autologin?
262 262 set_autologin_cookie(user)
263 263 end
264 264 call_hook(:controller_account_success_authentication_after, {:user => user })
265 265 redirect_back_or_default my_page_path
266 266 end
267 267
268 268 def set_autologin_cookie(user)
269 269 token = Token.create(:user => user, :action => 'autologin')
270 270 secure = Redmine::Configuration['autologin_cookie_secure']
271 271 if secure.nil?
272 272 secure = request.ssl?
273 273 end
274 274 cookie_options = {
275 275 :value => token.value,
276 276 :expires => 1.year.from_now,
277 277 :path => (Redmine::Configuration['autologin_cookie_path'] || RedmineApp::Application.config.relative_url_root || '/'),
278 278 :secure => secure,
279 279 :httponly => true
280 280 }
281 281 cookies[autologin_cookie_name] = cookie_options
282 282 end
283 283
284 284 # Onthefly creation failed, display the registration form to fill/fix attributes
285 285 def onthefly_creation_failed(user, auth_source_options = { })
286 286 @user = user
287 287 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
288 288 render :action => 'register'
289 289 end
290 290
291 291 def invalid_credentials
292 292 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
293 293 flash.now[:error] = l(:notice_account_invalid_credentials)
294 294 end
295 295
296 296 # Register a user for email activation.
297 297 #
298 298 # Pass a block for behavior when a user fails to save
299 299 def register_by_email_activation(user, &block)
300 300 token = Token.new(:user => user, :action => "register")
301 301 if user.save and token.save
302 302 Mailer.register(token).deliver
303 303 flash[:notice] = l(:notice_account_register_done, :email => ERB::Util.h(user.mail))
304 304 redirect_to signin_path
305 305 else
306 306 yield if block_given?
307 307 end
308 308 end
309 309
310 310 # Automatically register a user
311 311 #
312 312 # Pass a block for behavior when a user fails to save
313 313 def register_automatically(user, &block)
314 314 # Automatic activation
315 315 user.activate
316 316 user.last_login_on = Time.now
317 317 if user.save
318 318 self.logged_user = user
319 319 flash[:notice] = l(:notice_account_activated)
320 320 redirect_to my_account_path
321 321 else
322 322 yield if block_given?
323 323 end
324 324 end
325 325
326 326 # Manual activation by the administrator
327 327 #
328 328 # Pass a block for behavior when a user fails to save
329 329 def register_manually_by_administrator(user, &block)
330 330 if user.save
331 331 # Sends an email to the administrators
332 332 Mailer.account_activation_request(user).deliver
333 333 account_pending(user)
334 334 else
335 335 yield if block_given?
336 336 end
337 337 end
338 338
339 339 def handle_inactive_user(user, redirect_path=signin_path)
340 340 if user.registered?
341 341 account_pending(user, redirect_path)
342 342 else
343 343 account_locked(user, redirect_path)
344 344 end
345 345 end
346 346
347 347 def account_pending(user, redirect_path=signin_path)
348 348 if Setting.self_registration == '1'
349 349 flash[:error] = l(:notice_account_not_activated_yet, :url => activation_email_path)
350 350 session[:registered_user_id] = user.id
351 351 else
352 352 flash[:error] = l(:notice_account_pending)
353 353 end
354 354 redirect_to redirect_path
355 355 end
356 356
357 357 def account_locked(user, redirect_path=signin_path)
358 358 flash[:error] = l(:notice_account_locked)
359 359 redirect_to redirect_path
360 360 end
361 361 end
Show file before | Show file after | Hide comments
@@ -1,211 +1,211
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class MyController < ApplicationController
19 19 before_action :require_login
20 20 # let user change user's password when user has to
21 skip_before_filter :check_password_change, :only => :password
21 skip_before_action :check_password_change, :only => :password
22 22
23 23 require_sudo_mode :account, only: :post
24 24 require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
25 25
26 26 helper :issues
27 27 helper :users
28 28 helper :custom_fields
29 29
30 30 BLOCKS = { 'issuesassignedtome' => :label_assigned_to_me_issues,
31 31 'issuesreportedbyme' => :label_reported_issues,
32 32 'issueswatched' => :label_watched_issues,
33 33 'news' => :label_news_latest,
34 34 'calendar' => :label_calendar,
35 35 'documents' => :label_document_plural,
36 36 'timelog' => :label_spent_time
37 37 }.merge(Redmine::Views::MyPage::Block.additional_blocks).freeze
38 38
39 39 DEFAULT_LAYOUT = { 'left' => ['issuesassignedtome'],
40 40 'right' => ['issuesreportedbyme']
41 41 }.freeze
42 42
43 43 def index
44 44 page
45 45 render :action => 'page'
46 46 end
47 47
48 48 # Show user's page
49 49 def page
50 50 @user = User.current
51 51 @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT
52 52 end
53 53
54 54 # Edit user's account
55 55 def account
56 56 @user = User.current
57 57 @pref = @user.pref
58 58 if request.post?
59 59 @user.safe_attributes = params[:user] if params[:user]
60 60 @user.pref.attributes = params[:pref] if params[:pref]
61 61 if @user.save
62 62 @user.pref.save
63 63 set_language_if_valid @user.language
64 64 flash[:notice] = l(:notice_account_updated)
65 65 redirect_to my_account_path
66 66 return
67 67 end
68 68 end
69 69 end
70 70
71 71 # Destroys user's account
72 72 def destroy
73 73 @user = User.current
74 74 unless @user.own_account_deletable?
75 75 redirect_to my_account_path
76 76 return
77 77 end
78 78
79 79 if request.post? && params[:confirm]
80 80 @user.destroy
81 81 if @user.destroyed?
82 82 logout_user
83 83 flash[:notice] = l(:notice_account_deleted)
84 84 end
85 85 redirect_to home_path
86 86 end
87 87 end
88 88
89 89 # Manage user's password
90 90 def password
91 91 @user = User.current
92 92 unless @user.change_password_allowed?
93 93 flash[:error] = l(:notice_can_t_change_password)
94 94 redirect_to my_account_path
95 95 return
96 96 end
97 97 if request.post?
98 98 if !@user.check_password?(params[:password])
99 99 flash.now[:error] = l(:notice_account_wrong_password)
100 100 elsif params[:password] == params[:new_password]
101 101 flash.now[:error] = l(:notice_new_password_must_be_different)
102 102 else
103 103 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
104 104 @user.must_change_passwd = false
105 105 if @user.save
106 106 # The session token was destroyed by the password change, generate a new one
107 107 session[:tk] = @user.generate_session_token
108 108 Mailer.password_updated(@user)
109 109 flash[:notice] = l(:notice_account_password_updated)
110 110 redirect_to my_account_path
111 111 end
112 112 end
113 113 end
114 114 end
115 115
116 116 # Create a new feeds key
117 117 def reset_rss_key
118 118 if request.post?
119 119 if User.current.rss_token
120 120 User.current.rss_token.destroy
121 121 User.current.reload
122 122 end
123 123 User.current.rss_key
124 124 flash[:notice] = l(:notice_feeds_access_key_reseted)
125 125 end
126 126 redirect_to my_account_path
127 127 end
128 128
129 129 def show_api_key
130 130 @user = User.current
131 131 end
132 132
133 133 # Create a new API key
134 134 def reset_api_key
135 135 if request.post?
136 136 if User.current.api_token
137 137 User.current.api_token.destroy
138 138 User.current.reload
139 139 end
140 140 User.current.api_key
141 141 flash[:notice] = l(:notice_api_access_key_reseted)
142 142 end
143 143 redirect_to my_account_path
144 144 end
145 145
146 146 # User's page layout configuration
147 147 def page_layout
148 148 @user = User.current
149 149 @blocks = @user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
150 150 @block_options = []
151 151 BLOCKS.each do |k, v|
152 152 unless @blocks.values.flatten.include?(k)
153 153 @block_options << [l("my.blocks.#{v}", :default => [v, v.to_s.humanize]), k.dasherize]
154 154 end
155 155 end
156 156 end
157 157
158 158 # Add a block to user's page
159 159 # The block is added on top of the page
160 160 # params[:block] : id of the block to add
161 161 def add_block
162 162 block = params[:block].to_s.underscore
163 163 if block.present? && BLOCKS.key?(block)
164 164 @user = User.current
165 165 layout = @user.pref[:my_page_layout] || {}
166 166 # remove if already present in a group
167 167 %w(top left right).each {|f| (layout[f] ||= []).delete block }
168 168 # add it on top
169 169 layout['top'].unshift block
170 170 @user.pref[:my_page_layout] = layout
171 171 @user.pref.save
172 172 end
173 173 redirect_to my_page_layout_path
174 174 end
175 175
176 176 # Remove a block to user's page
177 177 # params[:block] : id of the block to remove
178 178 def remove_block
179 179 block = params[:block].to_s.underscore
180 180 @user = User.current
181 181 # remove block in all groups
182 182 layout = @user.pref[:my_page_layout] || {}
183 183 %w(top left right).each {|f| (layout[f] ||= []).delete block }
184 184 @user.pref[:my_page_layout] = layout
185 185 @user.pref.save
186 186 redirect_to my_page_layout_path
187 187 end
188 188
189 189 # Change blocks order on user's page
190 190 # params[:group] : group to order (top, left or right)
191 191 # params[:list-(top|left|right)] : array of block ids of the group
192 192 def order_blocks
193 193 group = params[:group]
194 194 @user = User.current
195 195 if group.is_a?(String)
196 196 group_items = (params["blocks"] || []).collect(&:underscore)
197 197 group_items.each {|s| s.sub!(/^block_/, '')}
198 198 if group_items and group_items.is_a? Array
199 199 layout = @user.pref[:my_page_layout] || {}
200 200 # remove group blocks if they are presents in other groups
201 201 %w(top left right).each {|f|
202 202 layout[f] = (layout[f] || []) - group_items
203 203 }
204 204 layout[group] = group_items
205 205 @user.pref[:my_page_layout] = layout
206 206 @user.pref.save
207 207 end
208 208 end
209 209 render :nothing => true
210 210 end
211 211 end
General Comments 0
You need to be logged in to leave comments. Login now