##// END OF EJS Templates
Merged r10412 from trunk....
Jean-Philippe Lang -
r10315:55220950d23b
parent child
Show More
@@ -1,296 +1,296
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2012 Jean-Philippe Lang
2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required
23 skip_before_filter :check_if_login_required
24
24
25 # Login request and validation
25 # Login request and validation
26 def login
26 def login
27 if request.get?
27 if request.get?
28 logout_user
28 logout_user
29 else
29 else
30 authenticate_user
30 authenticate_user
31 end
31 end
32 rescue AuthSourceException => e
32 rescue AuthSourceException => e
33 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
33 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
34 render_error :message => e.message
34 render_error :message => e.message
35 end
35 end
36
36
37 # Log out current user and redirect to welcome page
37 # Log out current user and redirect to welcome page
38 def logout
38 def logout
39 logout_user
39 logout_user
40 redirect_to home_url
40 redirect_to home_url
41 end
41 end
42
42
43 # Lets user choose a new password
43 # Lets user choose a new password
44 def lost_password
44 def lost_password
45 redirect_to(home_url) && return unless Setting.lost_password?
45 redirect_to(home_url) && return unless Setting.lost_password?
46 if params[:token]
46 if params[:token]
47 @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
47 @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
48 if @token.nil? || @token.expired?
48 if @token.nil? || @token.expired?
49 redirect_to home_url
49 redirect_to home_url
50 return
50 return
51 end
51 end
52 @user = @token.user
52 @user = @token.user
53 unless @user && @user.active?
53 unless @user && @user.active?
54 redirect_to home_url
54 redirect_to home_url
55 return
55 return
56 end
56 end
57 if request.post?
57 if request.post?
58 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
58 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
59 if @user.save
59 if @user.save
60 @token.destroy
60 @token.destroy
61 flash[:notice] = l(:notice_account_password_updated)
61 flash[:notice] = l(:notice_account_password_updated)
62 redirect_to signin_path
62 redirect_to signin_path
63 return
63 return
64 end
64 end
65 end
65 end
66 render :template => "account/password_recovery"
66 render :template => "account/password_recovery"
67 return
67 return
68 else
68 else
69 if request.post?
69 if request.post?
70 user = User.find_by_mail(params[:mail].to_s)
70 user = User.find_by_mail(params[:mail].to_s)
71 # user not found or not active
71 # user not found or not active
72 unless user && user.active?
72 unless user && user.active?
73 flash.now[:error] = l(:notice_account_unknown_email)
73 flash.now[:error] = l(:notice_account_unknown_email)
74 return
74 return
75 end
75 end
76 # user cannot change its password
76 # user cannot change its password
77 unless user.change_password_allowed?
77 unless user.change_password_allowed?
78 flash.now[:error] = l(:notice_can_t_change_password)
78 flash.now[:error] = l(:notice_can_t_change_password)
79 return
79 return
80 end
80 end
81 # create a new token for password recovery
81 # create a new token for password recovery
82 token = Token.new(:user => user, :action => "recovery")
82 token = Token.new(:user => user, :action => "recovery")
83 if token.save
83 if token.save
84 Mailer.lost_password(token).deliver
84 Mailer.lost_password(token).deliver
85 flash[:notice] = l(:notice_account_lost_email_sent)
85 flash[:notice] = l(:notice_account_lost_email_sent)
86 redirect_to signin_path
86 redirect_to signin_path
87 return
87 return
88 end
88 end
89 end
89 end
90 end
90 end
91 end
91 end
92
92
93 # User self-registration
93 # User self-registration
94 def register
94 def register
95 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
95 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
96 if request.get?
96 if request.get?
97 session[:auth_source_registration] = nil
97 session[:auth_source_registration] = nil
98 @user = User.new(:language => Setting.default_language)
98 @user = User.new(:language => Setting.default_language)
99 else
99 else
100 user_params = params[:user] || {}
100 user_params = params[:user] || {}
101 @user = User.new
101 @user = User.new
102 @user.safe_attributes = user_params
102 @user.safe_attributes = user_params
103 @user.admin = false
103 @user.admin = false
104 @user.register
104 @user.register
105 if session[:auth_source_registration]
105 if session[:auth_source_registration]
106 @user.activate
106 @user.activate
107 @user.login = session[:auth_source_registration][:login]
107 @user.login = session[:auth_source_registration][:login]
108 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
108 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
109 if @user.save
109 if @user.save
110 session[:auth_source_registration] = nil
110 session[:auth_source_registration] = nil
111 self.logged_user = @user
111 self.logged_user = @user
112 flash[:notice] = l(:notice_account_activated)
112 flash[:notice] = l(:notice_account_activated)
113 redirect_to :controller => 'my', :action => 'account'
113 redirect_to :controller => 'my', :action => 'account'
114 end
114 end
115 else
115 else
116 @user.login = params[:user][:login]
116 @user.login = params[:user][:login]
117 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
117 unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
118 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
118 @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
119 end
119 end
120
120
121 case Setting.self_registration
121 case Setting.self_registration
122 when '1'
122 when '1'
123 register_by_email_activation(@user)
123 register_by_email_activation(@user)
124 when '3'
124 when '3'
125 register_automatically(@user)
125 register_automatically(@user)
126 else
126 else
127 register_manually_by_administrator(@user)
127 register_manually_by_administrator(@user)
128 end
128 end
129 end
129 end
130 end
130 end
131 end
131 end
132
132
133 # Token based account activation
133 # Token based account activation
134 def activate
134 def activate
135 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
135 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
136 token = Token.find_by_action_and_value('register', params[:token])
136 token = Token.find_by_action_and_value('register', params[:token])
137 redirect_to(home_url) && return unless token and !token.expired?
137 redirect_to(home_url) && return unless token and !token.expired?
138 user = token.user
138 user = token.user
139 redirect_to(home_url) && return unless user.registered?
139 redirect_to(home_url) && return unless user.registered?
140 user.activate
140 user.activate
141 if user.save
141 if user.save
142 token.destroy
142 token.destroy
143 flash[:notice] = l(:notice_account_activated)
143 flash[:notice] = l(:notice_account_activated)
144 end
144 end
145 redirect_to signin_path
145 redirect_to signin_path
146 end
146 end
147
147
148 private
148 private
149
149
150 def authenticate_user
150 def authenticate_user
151 if Setting.openid? && using_open_id?
151 if Setting.openid? && using_open_id?
152 open_id_authenticate(params[:openid_url])
152 open_id_authenticate(params[:openid_url])
153 else
153 else
154 password_authentication
154 password_authentication
155 end
155 end
156 end
156 end
157
157
158 def password_authentication
158 def password_authentication
159 user = User.try_to_login(params[:username], params[:password])
159 user = User.try_to_login(params[:username], params[:password])
160
160
161 if user.nil?
161 if user.nil?
162 invalid_credentials
162 invalid_credentials
163 elsif user.new_record?
163 elsif user.new_record?
164 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
164 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
165 else
165 else
166 # Valid user
166 # Valid user
167 successful_authentication(user)
167 successful_authentication(user)
168 end
168 end
169 end
169 end
170
170
171 def open_id_authenticate(openid_url)
171 def open_id_authenticate(openid_url)
172 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
172 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
173 if result.successful?
173 if result.successful?
174 user = User.find_or_initialize_by_identity_url(identity_url)
174 user = User.find_or_initialize_by_identity_url(identity_url)
175 if user.new_record?
175 if user.new_record?
176 # Self-registration off
176 # Self-registration off
177 redirect_to(home_url) && return unless Setting.self_registration?
177 redirect_to(home_url) && return unless Setting.self_registration?
178
178
179 # Create on the fly
179 # Create on the fly
180 user.login = registration['nickname'] unless registration['nickname'].nil?
180 user.login = registration['nickname'] unless registration['nickname'].nil?
181 user.mail = registration['email'] unless registration['email'].nil?
181 user.mail = registration['email'] unless registration['email'].nil?
182 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
182 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
183 user.random_password
183 user.random_password
184 user.register
184 user.register
185
185
186 case Setting.self_registration
186 case Setting.self_registration
187 when '1'
187 when '1'
188 register_by_email_activation(user) do
188 register_by_email_activation(user) do
189 onthefly_creation_failed(user)
189 onthefly_creation_failed(user)
190 end
190 end
191 when '3'
191 when '3'
192 register_automatically(user) do
192 register_automatically(user) do
193 onthefly_creation_failed(user)
193 onthefly_creation_failed(user)
194 end
194 end
195 else
195 else
196 register_manually_by_administrator(user) do
196 register_manually_by_administrator(user) do
197 onthefly_creation_failed(user)
197 onthefly_creation_failed(user)
198 end
198 end
199 end
199 end
200 else
200 else
201 # Existing record
201 # Existing record
202 if user.active?
202 if user.active?
203 successful_authentication(user)
203 successful_authentication(user)
204 else
204 else
205 account_pending
205 account_pending
206 end
206 end
207 end
207 end
208 end
208 end
209 end
209 end
210 end
210 end
211
211
212 def successful_authentication(user)
212 def successful_authentication(user)
213 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
213 logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
214 # Valid user
214 # Valid user
215 self.logged_user = user
215 self.logged_user = user
216 # generate a key and set cookie if autologin
216 # generate a key and set cookie if autologin
217 if params[:autologin] && Setting.autologin?
217 if params[:autologin] && Setting.autologin?
218 set_autologin_cookie(user)
218 set_autologin_cookie(user)
219 end
219 end
220 call_hook(:controller_account_success_authentication_after, {:user => user })
220 call_hook(:controller_account_success_authentication_after, {:user => user })
221 redirect_back_or_default :controller => 'my', :action => 'page'
221 redirect_back_or_default :controller => 'my', :action => 'page'
222 end
222 end
223
223
224 def set_autologin_cookie(user)
224 def set_autologin_cookie(user)
225 token = Token.create(:user => user, :action => 'autologin')
225 token = Token.create(:user => user, :action => 'autologin')
226 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
226 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
227 cookie_options = {
227 cookie_options = {
228 :value => token.value,
228 :value => token.value,
229 :expires => 1.year.from_now,
229 :expires => 1.year.from_now,
230 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
230 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
231 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
231 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
232 :httponly => true
232 :httponly => true
233 }
233 }
234 cookies[cookie_name] = cookie_options
234 cookies[cookie_name] = cookie_options
235 end
235 end
236
236
237 # Onthefly creation failed, display the registration form to fill/fix attributes
237 # Onthefly creation failed, display the registration form to fill/fix attributes
238 def onthefly_creation_failed(user, auth_source_options = { })
238 def onthefly_creation_failed(user, auth_source_options = { })
239 @user = user
239 @user = user
240 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
240 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
241 render register_path
241 render :action => 'register'
242 end
242 end
243
243
244 def invalid_credentials
244 def invalid_credentials
245 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
245 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
246 flash.now[:error] = l(:notice_account_invalid_creditentials)
246 flash.now[:error] = l(:notice_account_invalid_creditentials)
247 end
247 end
248
248
249 # Register a user for email activation.
249 # Register a user for email activation.
250 #
250 #
251 # Pass a block for behavior when a user fails to save
251 # Pass a block for behavior when a user fails to save
252 def register_by_email_activation(user, &block)
252 def register_by_email_activation(user, &block)
253 token = Token.new(:user => user, :action => "register")
253 token = Token.new(:user => user, :action => "register")
254 if user.save and token.save
254 if user.save and token.save
255 Mailer.register(token).deliver
255 Mailer.register(token).deliver
256 flash[:notice] = l(:notice_account_register_done)
256 flash[:notice] = l(:notice_account_register_done)
257 redirect_to signin_path
257 redirect_to signin_path
258 else
258 else
259 yield if block_given?
259 yield if block_given?
260 end
260 end
261 end
261 end
262
262
263 # Automatically register a user
263 # Automatically register a user
264 #
264 #
265 # Pass a block for behavior when a user fails to save
265 # Pass a block for behavior when a user fails to save
266 def register_automatically(user, &block)
266 def register_automatically(user, &block)
267 # Automatic activation
267 # Automatic activation
268 user.activate
268 user.activate
269 user.last_login_on = Time.now
269 user.last_login_on = Time.now
270 if user.save
270 if user.save
271 self.logged_user = user
271 self.logged_user = user
272 flash[:notice] = l(:notice_account_activated)
272 flash[:notice] = l(:notice_account_activated)
273 redirect_to :controller => 'my', :action => 'account'
273 redirect_to :controller => 'my', :action => 'account'
274 else
274 else
275 yield if block_given?
275 yield if block_given?
276 end
276 end
277 end
277 end
278
278
279 # Manual activation by the administrator
279 # Manual activation by the administrator
280 #
280 #
281 # Pass a block for behavior when a user fails to save
281 # Pass a block for behavior when a user fails to save
282 def register_manually_by_administrator(user, &block)
282 def register_manually_by_administrator(user, &block)
283 if user.save
283 if user.save
284 # Sends an email to the administrators
284 # Sends an email to the administrators
285 Mailer.account_activation_request(user).deliver
285 Mailer.account_activation_request(user).deliver
286 account_pending
286 account_pending
287 else
287 else
288 yield if block_given?
288 yield if block_given?
289 end
289 end
290 end
290 end
291
291
292 def account_pending
292 def account_pending
293 flash[:notice] = l(:notice_account_pending)
293 flash[:notice] = l(:notice_account_pending)
294 redirect_to signin_path
294 redirect_to signin_path
295 end
295 end
296 end
296 end
General Comments 0
You need to be logged in to leave comments. Login now