##// END OF EJS Templates
jro_apps » redmine
RSS
Backported r2609 from trunk....
Jean-Philippe Lang -
r2563:aa38f755c649
parent child
Show More
Side by Side Unified
Context file:
r2563:aa38f755c649 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,194 +1,195
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2008 Jean-Philippe Lang
2 # Copyright (C) 2006-2008 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
23 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]
24
24
25 # Show user's account
25 # Show user's account
26 def show
26 def show
27 @user = User.active.find(params[:id])
27 @user = User.active.find(params[:id])
28 @custom_values = @user.custom_values
28 @custom_values = @user.custom_values
29
29
30 # show only public projects and private projects that the logged in user is also a member of
30 # show only public projects and private projects that the logged in user is also a member of
31 @memberships = @user.memberships.select do |membership|
31 @memberships = @user.memberships.select do |membership|
32 membership.project.is_public? || (User.current.member_of?(membership.project))
32 membership.project.is_public? || (User.current.member_of?(membership.project))
33 end
33 end
34
34
35 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
35 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
36 @events_by_day = events.group_by(&:event_date)
36 @events_by_day = events.group_by(&:event_date)
37
37
38 rescue ActiveRecord::RecordNotFound
38 rescue ActiveRecord::RecordNotFound
39 render_404
39 render_404
40 end
40 end
41
41
42 # Login request and validation
42 # Login request and validation
43 def login
43 def login
44 if request.get?
44 if request.get?
45 # Logout user
45 # Logout user
46 self.logged_user = nil
46 self.logged_user = nil
47 else
47 else
48 # Authenticate user
48 # Authenticate user
49 user = User.try_to_login(params[:username], params[:password])
49 user = User.try_to_login(params[:username], params[:password])
50 if user.nil?
50 if user.nil?
51 # Invalid credentials
51 # Invalid credentials
52 flash.now[:error] = l(:notice_account_invalid_creditentials)
52 flash.now[:error] = l(:notice_account_invalid_creditentials)
53 elsif user.new_record?
53 elsif user.new_record?
54 # Onthefly creation failed, display the registration form to fill/fix attributes
54 # Onthefly creation failed, display the registration form to fill/fix attributes
55 @user = user
55 @user = user
56 session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
56 session[:auth_source_registration] = {:login => user.login, :auth_source_id => user.auth_source_id }
57 render :action => 'register'
57 render :action => 'register'
58 else
58 else
59 # Valid user
59 # Valid user
60 self.logged_user = user
60 self.logged_user = user
61 # generate a key and set cookie if autologin
61 # generate a key and set cookie if autologin
62 if params[:autologin] && Setting.autologin?
62 if params[:autologin] && Setting.autologin?
63 token = Token.create(:user => user, :action => 'autologin')
63 token = Token.create(:user => user, :action => 'autologin')
64 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
64 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
65 end
65 end
66 call_hook(:controller_account_success_authentication_after, {:user => user })
66 redirect_back_or_default :controller => 'my', :action => 'page'
67 redirect_back_or_default :controller => 'my', :action => 'page'
67 end
68 end
68 end
69 end
69 end
70 end
70
71
71 # Log out current user and redirect to welcome page
72 # Log out current user and redirect to welcome page
72 def logout
73 def logout
73 cookies.delete :autologin
74 cookies.delete :autologin
74 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
75 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
75 self.logged_user = nil
76 self.logged_user = nil
76 redirect_to home_url
77 redirect_to home_url
77 end
78 end
78
79
79 # Enable user to choose a new password
80 # Enable user to choose a new password
80 def lost_password
81 def lost_password
81 redirect_to(home_url) && return unless Setting.lost_password?
82 redirect_to(home_url) && return unless Setting.lost_password?
82 if params[:token]
83 if params[:token]
83 @token = Token.find_by_action_and_value("recovery", params[:token])
84 @token = Token.find_by_action_and_value("recovery", params[:token])
84 redirect_to(home_url) && return unless @token and !@token.expired?
85 redirect_to(home_url) && return unless @token and !@token.expired?
85 @user = @token.user
86 @user = @token.user
86 if request.post?
87 if request.post?
87 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
88 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
88 if @user.save
89 if @user.save
89 @token.destroy
90 @token.destroy
90 flash[:notice] = l(:notice_account_password_updated)
91 flash[:notice] = l(:notice_account_password_updated)
91 redirect_to :action => 'login'
92 redirect_to :action => 'login'
92 return
93 return
93 end
94 end
94 end
95 end
95 render :template => "account/password_recovery"
96 render :template => "account/password_recovery"
96 return
97 return
97 else
98 else
98 if request.post?
99 if request.post?
99 user = User.find_by_mail(params[:mail])
100 user = User.find_by_mail(params[:mail])
100 # user not found in db
101 # user not found in db
101 flash.now[:error] = l(:notice_account_unknown_email) and return unless user
102 flash.now[:error] = l(:notice_account_unknown_email) and return unless user
102 # user uses an external authentification
103 # user uses an external authentification
103 flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
104 flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
104 # create a new token for password recovery
105 # create a new token for password recovery
105 token = Token.new(:user => user, :action => "recovery")
106 token = Token.new(:user => user, :action => "recovery")
106 if token.save
107 if token.save
107 Mailer.deliver_lost_password(token)
108 Mailer.deliver_lost_password(token)
108 flash[:notice] = l(:notice_account_lost_email_sent)
109 flash[:notice] = l(:notice_account_lost_email_sent)
109 redirect_to :action => 'login'
110 redirect_to :action => 'login'
110 return
111 return
111 end
112 end
112 end
113 end
113 end
114 end
114 end
115 end
115
116
116 # User self-registration
117 # User self-registration
117 def register
118 def register
118 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
119 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
119 if request.get?
120 if request.get?
120 session[:auth_source_registration] = nil
121 session[:auth_source_registration] = nil
121 @user = User.new(:language => Setting.default_language)
122 @user = User.new(:language => Setting.default_language)
122 else
123 else
123 @user = User.new(params[:user])
124 @user = User.new(params[:user])
124 @user.admin = false
125 @user.admin = false
125 @user.status = User::STATUS_REGISTERED
126 @user.status = User::STATUS_REGISTERED
126 if session[:auth_source_registration]
127 if session[:auth_source_registration]
127 @user.status = User::STATUS_ACTIVE
128 @user.status = User::STATUS_ACTIVE
128 @user.login = session[:auth_source_registration][:login]
129 @user.login = session[:auth_source_registration][:login]
129 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
130 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
130 if @user.save
131 if @user.save
131 session[:auth_source_registration] = nil
132 session[:auth_source_registration] = nil
132 self.logged_user = @user
133 self.logged_user = @user
133 flash[:notice] = l(:notice_account_activated)
134 flash[:notice] = l(:notice_account_activated)
134 redirect_to :controller => 'my', :action => 'account'
135 redirect_to :controller => 'my', :action => 'account'
135 end
136 end
136 else
137 else
137 @user.login = params[:user][:login]
138 @user.login = params[:user][:login]
138 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
139 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
139 case Setting.self_registration
140 case Setting.self_registration
140 when '1'
141 when '1'
141 # Email activation
142 # Email activation
142 token = Token.new(:user => @user, :action => "register")
143 token = Token.new(:user => @user, :action => "register")
143 if @user.save and token.save
144 if @user.save and token.save
144 Mailer.deliver_register(token)
145 Mailer.deliver_register(token)
145 flash[:notice] = l(:notice_account_register_done)
146 flash[:notice] = l(:notice_account_register_done)
146 redirect_to :action => 'login'
147 redirect_to :action => 'login'
147 end
148 end
148 when '3'
149 when '3'
149 # Automatic activation
150 # Automatic activation
150 @user.status = User::STATUS_ACTIVE
151 @user.status = User::STATUS_ACTIVE
151 if @user.save
152 if @user.save
152 self.logged_user = @user
153 self.logged_user = @user
153 flash[:notice] = l(:notice_account_activated)
154 flash[:notice] = l(:notice_account_activated)
154 redirect_to :controller => 'my', :action => 'account'
155 redirect_to :controller => 'my', :action => 'account'
155 end
156 end
156 else
157 else
157 # Manual activation by the administrator
158 # Manual activation by the administrator
158 if @user.save
159 if @user.save
159 # Sends an email to the administrators
160 # Sends an email to the administrators
160 Mailer.deliver_account_activation_request(@user)
161 Mailer.deliver_account_activation_request(@user)
161 flash[:notice] = l(:notice_account_pending)
162 flash[:notice] = l(:notice_account_pending)
162 redirect_to :action => 'login'
163 redirect_to :action => 'login'
163 end
164 end
164 end
165 end
165 end
166 end
166 end
167 end
167 end
168 end
168
169
169 # Token based account activation
170 # Token based account activation
170 def activate
171 def activate
171 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
172 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
172 token = Token.find_by_action_and_value('register', params[:token])
173 token = Token.find_by_action_and_value('register', params[:token])
173 redirect_to(home_url) && return unless token and !token.expired?
174 redirect_to(home_url) && return unless token and !token.expired?
174 user = token.user
175 user = token.user
175 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
176 redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
176 user.status = User::STATUS_ACTIVE
177 user.status = User::STATUS_ACTIVE
177 if user.save
178 if user.save
178 token.destroy
179 token.destroy
179 flash[:notice] = l(:notice_account_activated)
180 flash[:notice] = l(:notice_account_activated)
180 end
181 end
181 redirect_to :action => 'login'
182 redirect_to :action => 'login'
182 end
183 end
183
184
184 private
185 private
185 def logged_user=(user)
186 def logged_user=(user)
186 if user && user.is_a?(User)
187 if user && user.is_a?(User)
187 User.current = user
188 User.current = user
188 session[:user_id] = user.id
189 session[:user_id] = user.id
189 else
190 else
190 User.current = User.anonymous
191 User.current = User.anonymous
191 session[:user_id] = nil
192 session[:user_id] = nil
192 end
193 end
193 end
194 end
194 end
195 end
General Comments 0
You need to be logged in to leave comments. Login now