##// END OF EJS Templates
jro_apps » redmine
RSS
Merged r3537 and r3572 from trunk....
Jean-Philippe Lang -
r3530:46be83cd5e51
parent child
Show More
Side by Side Unified
Context file:
r3530:46be83cd5e51 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,263 +1,268
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2009 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AccountController < ApplicationController
19 19 helper :custom_fields
20 20 include CustomFieldsHelper
21 21
22 22 # prevents login action to be filtered by check_if_login_required application scope filter
23 23 skip_before_filter :check_if_login_required
24 24
25 25 # Login request and validation
26 26 def login
27 27 if request.get?
28 # Logout user
29 self.logged_user = nil
28 logout_user
30 29 else
31 30 # Authenticate user
32 31 if Setting.openid? && using_open_id?
33 32 open_id_authenticate(params[:openid_url])
34 33 else
35 34 password_authentication
36 35 end
37 36 end
38 37 end
39 38
40 39 # Log out current user and redirect to welcome page
41 40 def logout
42 cookies.delete :autologin
43 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
44 self.logged_user = nil
41 logout_user
45 42 redirect_to home_url
46 43 end
47 44
48 45 # Enable user to choose a new password
49 46 def lost_password
50 47 redirect_to(home_url) && return unless Setting.lost_password?
51 48 if params[:token]
52 49 @token = Token.find_by_action_and_value("recovery", params[:token])
53 50 redirect_to(home_url) && return unless @token and !@token.expired?
54 51 @user = @token.user
55 52 if request.post?
56 53 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
57 54 if @user.save
58 55 @token.destroy
59 56 flash[:notice] = l(:notice_account_password_updated)
60 57 redirect_to :action => 'login'
61 58 return
62 59 end
63 60 end
64 61 render :template => "account/password_recovery"
65 62 return
66 63 else
67 64 if request.post?
68 65 user = User.find_by_mail(params[:mail])
69 66 # user not found in db
70 67 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
71 68 # user uses an external authentification
72 69 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
73 70 # create a new token for password recovery
74 71 token = Token.new(:user => user, :action => "recovery")
75 72 if token.save
76 73 Mailer.deliver_lost_password(token)
77 74 flash[:notice] = l(:notice_account_lost_email_sent)
78 75 redirect_to :action => 'login'
79 76 return
80 77 end
81 78 end
82 79 end
83 80 end
84 81
85 82 # User self-registration
86 83 def register
87 84 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
88 85 if request.get?
89 86 session[:auth_source_registration] = nil
90 87 @user = User.new(:language => Setting.default_language)
91 88 else
92 89 @user = User.new(params[:user])
93 90 @user.admin = false
94 91 @user.status = User::STATUS_REGISTERED
95 92 if session[:auth_source_registration]
96 93 @user.status = User::STATUS_ACTIVE
97 94 @user.login = session[:auth_source_registration][:login]
98 95 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
99 96 if @user.save
100 97 session[:auth_source_registration] = nil
101 98 self.logged_user = @user
102 99 flash[:notice] = l(:notice_account_activated)
103 100 redirect_to :controller => 'my', :action => 'account'
104 101 end
105 102 else
106 103 @user.login = params[:user][:login]
107 104 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
108 105
109 106 case Setting.self_registration
110 107 when '1'
111 108 register_by_email_activation(@user)
112 109 when '3'
113 110 register_automatically(@user)
114 111 else
115 112 register_manually_by_administrator(@user)
116 113 end
117 114 end
118 115 end
119 116 end
120 117
121 118 # Token based account activation
122 119 def activate
123 120 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
124 121 token = Token.find_by_action_and_value('register', params[:token])
125 122 redirect_to(home_url) && return unless token and !token.expired?
126 123 user = token.user
127 124 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
128 125 user.status = User::STATUS_ACTIVE
129 126 if user.save
130 127 token.destroy
131 128 flash[:notice] = l(:notice_account_activated)
132 129 end
133 130 redirect_to :action => 'login'
134 131 end
135 132
136 133 private
137 134
135 def logout_user
136 if User.current.logged?
137 cookies.delete :autologin
138 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
139 self.logged_user = nil
140 end
141 end
142
138 143 def password_authentication
139 144 user = User.try_to_login(params[:username], params[:password])
140 145
141 146 if user.nil?
142 147 invalid_credentials
143 148 elsif user.new_record?
144 149 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
145 150 else
146 151 # Valid user
147 152 successful_authentication(user)
148 153 end
149 154 end
150 155
151 156
152 157 def open_id_authenticate(openid_url)
153 158 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
154 159 if result.successful?
155 160 user = User.find_or_initialize_by_identity_url(identity_url)
156 161 if user.new_record?
157 162 # Self-registration off
158 163 redirect_to(home_url) && return unless Setting.self_registration?
159 164
160 165 # Create on the fly
161 166 user.login = registration['nickname'] unless registration['nickname'].nil?
162 167 user.mail = registration['email'] unless registration['email'].nil?
163 168 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
164 169 user.random_password
165 170 user.status = User::STATUS_REGISTERED
166 171
167 172 case Setting.self_registration
168 173 when '1'
169 174 register_by_email_activation(user) do
170 175 onthefly_creation_failed(user)
171 176 end
172 177 when '3'
173 178 register_automatically(user) do
174 179 onthefly_creation_failed(user)
175 180 end
176 181 else
177 182 register_manually_by_administrator(user) do
178 183 onthefly_creation_failed(user)
179 184 end
180 185 end
181 186 else
182 187 # Existing record
183 188 if user.active?
184 189 successful_authentication(user)
185 190 else
186 191 account_pending
187 192 end
188 193 end
189 194 end
190 195 end
191 196 end
192 197
193 198 def successful_authentication(user)
194 199 # Valid user
195 200 self.logged_user = user
196 201 # generate a key and set cookie if autologin
197 202 if params[:autologin] && Setting.autologin?
198 203 token = Token.create(:user => user, :action => 'autologin')
199 204 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
200 205 end
201 206 call_hook(:controller_account_success_authentication_after, {:user => user })
202 207 redirect_back_or_default :controller => 'my', :action => 'page'
203 208 end
204 209
205 210 # Onthefly creation failed, display the registration form to fill/fix attributes
206 211 def onthefly_creation_failed(user, auth_source_options = { })
207 212 @user = user
208 213 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
209 214 render :action => 'register'
210 215 end
211 216
212 217 def invalid_credentials
213 218 flash.now[:error] = l(:notice_account_invalid_creditentials)
214 219 end
215 220
216 221 # Register a user for email activation.
217 222 #
218 223 # Pass a block for behavior when a user fails to save
219 224 def register_by_email_activation(user, &block)
220 225 token = Token.new(:user => user, :action => "register")
221 226 if user.save and token.save
222 227 Mailer.deliver_register(token)
223 228 flash[:notice] = l(:notice_account_register_done)
224 229 redirect_to :action => 'login'
225 230 else
226 231 yield if block_given?
227 232 end
228 233 end
229 234
230 235 # Automatically register a user
231 236 #
232 237 # Pass a block for behavior when a user fails to save
233 238 def register_automatically(user, &block)
234 239 # Automatic activation
235 240 user.status = User::STATUS_ACTIVE
236 241 user.last_login_on = Time.now
237 242 if user.save
238 243 self.logged_user = user
239 244 flash[:notice] = l(:notice_account_activated)
240 245 redirect_to :controller => 'my', :action => 'account'
241 246 else
242 247 yield if block_given?
243 248 end
244 249 end
245 250
246 251 # Manual activation by the administrator
247 252 #
248 253 # Pass a block for behavior when a user fails to save
249 254 def register_manually_by_administrator(user, &block)
250 255 if user.save
251 256 # Sends an email to the administrators
252 257 Mailer.deliver_account_activation_request(user)
253 258 account_pending
254 259 else
255 260 yield if block_given?
256 261 end
257 262 end
258 263
259 264 def account_pending
260 265 flash[:notice] = l(:notice_account_pending)
261 266 redirect_to :action => 'login'
262 267 end
263 268 end
General Comments 0
You need to be logged in to leave comments. Login now