##// END OF EJS Templates
jro_apps » redmine
RSS
lost_password option checking in account controller...
Jean-Philippe Lang -
r233:d185e2f9e015
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,130 +1,131
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 layout 'base'
19 layout 'base'
20 helper :custom_fields
20 helper :custom_fields
21 include CustomFieldsHelper
21 include CustomFieldsHelper
22
22
23 # prevents login action to be filtered by check_if_login_required application scope filter
23 # prevents login action to be filtered by check_if_login_required application scope filter
24 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]
24 skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register]
25 before_filter :require_login, :except => [:show, :login, :lost_password, :register]
25 before_filter :require_login, :only => :logout
26
26
27 # Show user's account
27 # Show user's account
28 def show
28 def show
29 @user = User.find(params[:id])
29 @user = User.find(params[:id])
30 @custom_values = @user.custom_values.find(:all, :include => :custom_field)
30 @custom_values = @user.custom_values.find(:all, :include => :custom_field)
31 rescue ActiveRecord::RecordNotFound
31 rescue ActiveRecord::RecordNotFound
32 render_404
32 render_404
33 end
33 end
34
34
35 # Login request and validation
35 # Login request and validation
36 def login
36 def login
37 if request.get?
37 if request.get?
38 # Logout user
38 # Logout user
39 self.logged_in_user = nil
39 self.logged_in_user = nil
40 else
40 else
41 # Authenticate user
41 # Authenticate user
42 user = User.try_to_login(params[:login], params[:password])
42 user = User.try_to_login(params[:login], params[:password])
43 if user
43 if user
44 self.logged_in_user = user
44 self.logged_in_user = user
45 redirect_back_or_default :controller => 'my', :action => 'page'
45 redirect_back_or_default :controller => 'my', :action => 'page'
46 else
46 else
47 flash.now[:notice] = l(:notice_account_invalid_creditentials)
47 flash.now[:notice] = l(:notice_account_invalid_creditentials)
48 end
48 end
49 end
49 end
50 end
50 end
51
51
52 # Log out current user and redirect to welcome page
52 # Log out current user and redirect to welcome page
53 def logout
53 def logout
54 self.logged_in_user = nil
54 self.logged_in_user = nil
55 redirect_to :controller => 'welcome'
55 redirect_to :controller => 'welcome'
56 end
56 end
57
57
58 # Enable user to choose a new password
58 # Enable user to choose a new password
59 def lost_password
59 def lost_password
60 redirect_to :controller => 'welcome' and return unless Setting.lost_password?
60 if params[:token]
61 if params[:token]
61 @token = Token.find_by_action_and_value("recovery", params[:token])
62 @token = Token.find_by_action_and_value("recovery", params[:token])
62 redirect_to :controller => 'welcome' and return unless @token and !@token.expired?
63 redirect_to :controller => 'welcome' and return unless @token and !@token.expired?
63 @user = @token.user
64 @user = @token.user
64 if request.post?
65 if request.post?
65 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
66 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
66 if @user.save
67 if @user.save
67 @token.destroy
68 @token.destroy
68 flash[:notice] = l(:notice_account_password_updated)
69 flash[:notice] = l(:notice_account_password_updated)
69 redirect_to :action => 'login'
70 redirect_to :action => 'login'
70 return
71 return
71 end
72 end
72 end
73 end
73 render :template => "account/password_recovery"
74 render :template => "account/password_recovery"
74 return
75 return
75 else
76 else
76 if request.post?
77 if request.post?
77 user = User.find_by_mail(params[:mail])
78 user = User.find_by_mail(params[:mail])
78 # user not found in db
79 # user not found in db
79 flash.now[:notice] = l(:notice_account_unknown_email) and return unless user
80 flash.now[:notice] = l(:notice_account_unknown_email) and return unless user
80 # user uses an external authentification
81 # user uses an external authentification
81 flash.now[:notice] = l(:notice_can_t_change_password) and return if user.auth_source_id
82 flash.now[:notice] = l(:notice_can_t_change_password) and return if user.auth_source_id
82 # create a new token for password recovery
83 # create a new token for password recovery
83 token = Token.new(:user => user, :action => "recovery")
84 token = Token.new(:user => user, :action => "recovery")
84 if token.save
85 if token.save
85 Mailer.deliver_lost_password(token)
86 Mailer.deliver_lost_password(token)
86 flash[:notice] = l(:notice_account_lost_email_sent)
87 flash[:notice] = l(:notice_account_lost_email_sent)
87 redirect_to :action => 'login'
88 redirect_to :action => 'login'
88 return
89 return
89 end
90 end
90 end
91 end
91 end
92 end
92 end
93 end
93
94
94 # User self-registration
95 # User self-registration
95 def register
96 def register
96 redirect_to :controller => 'welcome' and return unless Setting.self_registration?
97 redirect_to :controller => 'welcome' and return unless Setting.self_registration?
97 if params[:token]
98 if params[:token]
98 token = Token.find_by_action_and_value("register", params[:token])
99 token = Token.find_by_action_and_value("register", params[:token])
99 redirect_to :controller => 'welcome' and return unless token and !token.expired?
100 redirect_to :controller => 'welcome' and return unless token and !token.expired?
100 user = token.user
101 user = token.user
101 redirect_to :controller => 'welcome' and return unless user.status == User::STATUS_REGISTERED
102 redirect_to :controller => 'welcome' and return unless user.status == User::STATUS_REGISTERED
102 user.status = User::STATUS_ACTIVE
103 user.status = User::STATUS_ACTIVE
103 if user.save
104 if user.save
104 token.destroy
105 token.destroy
105 flash[:notice] = l(:notice_account_activated)
106 flash[:notice] = l(:notice_account_activated)
106 redirect_to :action => 'login'
107 redirect_to :action => 'login'
107 return
108 return
108 end
109 end
109 else
110 else
110 if request.get?
111 if request.get?
111 @user = User.new(:language => Setting.default_language)
112 @user = User.new(:language => Setting.default_language)
112 @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
113 @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }
113 else
114 else
114 @user = User.new(params[:user])
115 @user = User.new(params[:user])
115 @user.admin = false
116 @user.admin = false
116 @user.login = params[:user][:login]
117 @user.login = params[:user][:login]
117 @user.status = User::STATUS_REGISTERED
118 @user.status = User::STATUS_REGISTERED
118 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
119 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
119 @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
120 @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) }
120 @user.custom_values = @custom_values
121 @user.custom_values = @custom_values
121 token = Token.new(:user => @user, :action => "register")
122 token = Token.new(:user => @user, :action => "register")
122 if @user.save and token.save
123 if @user.save and token.save
123 Mailer.deliver_register(token)
124 Mailer.deliver_register(token)
124 flash[:notice] = l(:notice_account_register_done)
125 flash[:notice] = l(:notice_account_register_done)
125 redirect_to :controller => 'welcome' and return
126 redirect_to :controller => 'welcome' and return
126 end
127 end
127 end
128 end
128 end
129 end
129 end
130 end
130 end
131 end
General Comments 0
You need to be logged in to leave comments. Login now