##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed openid redirect....
Jean-Philippe Lang -
r9396:d8c70d7a1190
parent child
Show More
Side by Side Unified
Context file:
r9396:d8c70d7a1190 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,279 +1,279
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
2 # Copyright (C) 2006-2011 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class AccountController < ApplicationController
18 class AccountController < ApplicationController
19 helper :custom_fields
19 helper :custom_fields
20 include CustomFieldsHelper
20 include CustomFieldsHelper
21
21
22 # prevents login action to be filtered by check_if_login_required application scope filter
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required
23 skip_before_filter :check_if_login_required
24
24
25 # Login request and validation
25 # Login request and validation
26 def login
26 def login
27 if request.get?
27 if request.get?
28 logout_user
28 logout_user
29 else
29 else
30 authenticate_user
30 authenticate_user
31 end
31 end
32 rescue AuthSourceException => e
32 rescue AuthSourceException => e
33 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
33 logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
34 render_error :message => e.message
34 render_error :message => e.message
35 end
35 end
36
36
37 # Log out current user and redirect to welcome page
37 # Log out current user and redirect to welcome page
38 def logout
38 def logout
39 logout_user
39 logout_user
40 redirect_to home_url
40 redirect_to home_url
41 end
41 end
42
42
43 # Enable user to choose a new password
43 # Enable user to choose a new password
44 def lost_password
44 def lost_password
45 redirect_to(home_url) && return unless Setting.lost_password?
45 redirect_to(home_url) && return unless Setting.lost_password?
46 if params[:token]
46 if params[:token]
47 @token = Token.find_by_action_and_value("recovery", params[:token])
47 @token = Token.find_by_action_and_value("recovery", params[:token])
48 redirect_to(home_url) && return unless @token and !@token.expired?
48 redirect_to(home_url) && return unless @token and !@token.expired?
49 @user = @token.user
49 @user = @token.user
50 if request.post?
50 if request.post?
51 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
51 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
52 if @user.save
52 if @user.save
53 @token.destroy
53 @token.destroy
54 flash[:notice] = l(:notice_account_password_updated)
54 flash[:notice] = l(:notice_account_password_updated)
55 redirect_to :action => 'login'
55 redirect_to :action => 'login'
56 return
56 return
57 end
57 end
58 end
58 end
59 render :template => "account/password_recovery"
59 render :template => "account/password_recovery"
60 return
60 return
61 else
61 else
62 if request.post?
62 if request.post?
63 user = User.find_by_mail(params[:mail])
63 user = User.find_by_mail(params[:mail])
64 # user not found in db
64 # user not found in db
65 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
65 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
66 # user uses an external authentification
66 # user uses an external authentification
67 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
67 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
68 # create a new token for password recovery
68 # create a new token for password recovery
69 token = Token.new(:user => user, :action => "recovery")
69 token = Token.new(:user => user, :action => "recovery")
70 if token.save
70 if token.save
71 Mailer.deliver_lost_password(token)
71 Mailer.deliver_lost_password(token)
72 flash[:notice] = l(:notice_account_lost_email_sent)
72 flash[:notice] = l(:notice_account_lost_email_sent)
73 redirect_to :action => 'login'
73 redirect_to :action => 'login'
74 return
74 return
75 end
75 end
76 end
76 end
77 end
77 end
78 end
78 end
79
79
80 # User self-registration
80 # User self-registration
81 def register
81 def register
82 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
82 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
83 if request.get?
83 if request.get?
84 session[:auth_source_registration] = nil
84 session[:auth_source_registration] = nil
85 @user = User.new(:language => Setting.default_language)
85 @user = User.new(:language => Setting.default_language)
86 else
86 else
87 @user = User.new
87 @user = User.new
88 @user.safe_attributes = params[:user]
88 @user.safe_attributes = params[:user]
89 @user.admin = false
89 @user.admin = false
90 @user.register
90 @user.register
91 if session[:auth_source_registration]
91 if session[:auth_source_registration]
92 @user.activate
92 @user.activate
93 @user.login = session[:auth_source_registration][:login]
93 @user.login = session[:auth_source_registration][:login]
94 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
94 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
95 if @user.save
95 if @user.save
96 session[:auth_source_registration] = nil
96 session[:auth_source_registration] = nil
97 self.logged_user = @user
97 self.logged_user = @user
98 flash[:notice] = l(:notice_account_activated)
98 flash[:notice] = l(:notice_account_activated)
99 redirect_to :controller => 'my', :action => 'account'
99 redirect_to :controller => 'my', :action => 'account'
100 end
100 end
101 else
101 else
102 @user.login = params[:user][:login]
102 @user.login = params[:user][:login]
103 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
103 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
104
104
105 case Setting.self_registration
105 case Setting.self_registration
106 when '1'
106 when '1'
107 register_by_email_activation(@user)
107 register_by_email_activation(@user)
108 when '3'
108 when '3'
109 register_automatically(@user)
109 register_automatically(@user)
110 else
110 else
111 register_manually_by_administrator(@user)
111 register_manually_by_administrator(@user)
112 end
112 end
113 end
113 end
114 end
114 end
115 end
115 end
116
116
117 # Token based account activation
117 # Token based account activation
118 def activate
118 def activate
119 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
119 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
120 token = Token.find_by_action_and_value('register', params[:token])
120 token = Token.find_by_action_and_value('register', params[:token])
121 redirect_to(home_url) && return unless token and !token.expired?
121 redirect_to(home_url) && return unless token and !token.expired?
122 user = token.user
122 user = token.user
123 redirect_to(home_url) && return unless user.registered?
123 redirect_to(home_url) && return unless user.registered?
124 user.activate
124 user.activate
125 if user.save
125 if user.save
126 token.destroy
126 token.destroy
127 flash[:notice] = l(:notice_account_activated)
127 flash[:notice] = l(:notice_account_activated)
128 end
128 end
129 redirect_to :action => 'login'
129 redirect_to :action => 'login'
130 end
130 end
131
131
132 private
132 private
133
133
134 def authenticate_user
134 def authenticate_user
135 if Setting.openid? && using_open_id?
135 if Setting.openid? && using_open_id?
136 open_id_authenticate(params[:openid_url])
136 open_id_authenticate(params[:openid_url])
137 else
137 else
138 password_authentication
138 password_authentication
139 end
139 end
140 end
140 end
141
141
142 def password_authentication
142 def password_authentication
143 user = User.try_to_login(params[:username], params[:password])
143 user = User.try_to_login(params[:username], params[:password])
144
144
145 if user.nil?
145 if user.nil?
146 invalid_credentials
146 invalid_credentials
147 elsif user.new_record?
147 elsif user.new_record?
148 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
148 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
149 else
149 else
150 # Valid user
150 # Valid user
151 successful_authentication(user)
151 successful_authentication(user)
152 end
152 end
153 end
153 end
154
154
155 def open_id_authenticate(openid_url)
155 def open_id_authenticate(openid_url)
156 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
156 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url, :method => :post) do |result, identity_url, registration|
157 if result.successful?
157 if result.successful?
158 user = User.find_or_initialize_by_identity_url(identity_url)
158 user = User.find_or_initialize_by_identity_url(identity_url)
159 if user.new_record?
159 if user.new_record?
160 # Self-registration off
160 # Self-registration off
161 redirect_to(home_url) && return unless Setting.self_registration?
161 redirect_to(home_url) && return unless Setting.self_registration?
162
162
163 # Create on the fly
163 # Create on the fly
164 user.login = registration['nickname'] unless registration['nickname'].nil?
164 user.login = registration['nickname'] unless registration['nickname'].nil?
165 user.mail = registration['email'] unless registration['email'].nil?
165 user.mail = registration['email'] unless registration['email'].nil?
166 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
166 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
167 user.random_password
167 user.random_password
168 user.register
168 user.register
169
169
170 case Setting.self_registration
170 case Setting.self_registration
171 when '1'
171 when '1'
172 register_by_email_activation(user) do
172 register_by_email_activation(user) do
173 onthefly_creation_failed(user)
173 onthefly_creation_failed(user)
174 end
174 end
175 when '3'
175 when '3'
176 register_automatically(user) do
176 register_automatically(user) do
177 onthefly_creation_failed(user)
177 onthefly_creation_failed(user)
178 end
178 end
179 else
179 else
180 register_manually_by_administrator(user) do
180 register_manually_by_administrator(user) do
181 onthefly_creation_failed(user)
181 onthefly_creation_failed(user)
182 end
182 end
183 end
183 end
184 else
184 else
185 # Existing record
185 # Existing record
186 if user.active?
186 if user.active?
187 successful_authentication(user)
187 successful_authentication(user)
188 else
188 else
189 account_pending
189 account_pending
190 end
190 end
191 end
191 end
192 end
192 end
193 end
193 end
194 end
194 end
195
195
196 def successful_authentication(user)
196 def successful_authentication(user)
197 # Valid user
197 # Valid user
198 self.logged_user = user
198 self.logged_user = user
199 # generate a key and set cookie if autologin
199 # generate a key and set cookie if autologin
200 if params[:autologin] && Setting.autologin?
200 if params[:autologin] && Setting.autologin?
201 set_autologin_cookie(user)
201 set_autologin_cookie(user)
202 end
202 end
203 call_hook(:controller_account_success_authentication_after, {:user => user })
203 call_hook(:controller_account_success_authentication_after, {:user => user })
204 redirect_back_or_default :controller => 'my', :action => 'page'
204 redirect_back_or_default :controller => 'my', :action => 'page'
205 end
205 end
206
206
207 def set_autologin_cookie(user)
207 def set_autologin_cookie(user)
208 token = Token.create(:user => user, :action => 'autologin')
208 token = Token.create(:user => user, :action => 'autologin')
209 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
209 cookie_name = Redmine::Configuration['autologin_cookie_name'] || 'autologin'
210 cookie_options = {
210 cookie_options = {
211 :value => token.value,
211 :value => token.value,
212 :expires => 1.year.from_now,
212 :expires => 1.year.from_now,
213 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
213 :path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
214 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
214 :secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
215 :httponly => true
215 :httponly => true
216 }
216 }
217 cookies[cookie_name] = cookie_options
217 cookies[cookie_name] = cookie_options
218 end
218 end
219
219
220 # Onthefly creation failed, display the registration form to fill/fix attributes
220 # Onthefly creation failed, display the registration form to fill/fix attributes
221 def onthefly_creation_failed(user, auth_source_options = { })
221 def onthefly_creation_failed(user, auth_source_options = { })
222 @user = user
222 @user = user
223 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
223 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
224 render :action => 'register'
224 render :action => 'register'
225 end
225 end
226
226
227 def invalid_credentials
227 def invalid_credentials
228 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
228 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
229 flash.now[:error] = l(:notice_account_invalid_creditentials)
229 flash.now[:error] = l(:notice_account_invalid_creditentials)
230 end
230 end
231
231
232 # Register a user for email activation.
232 # Register a user for email activation.
233 #
233 #
234 # Pass a block for behavior when a user fails to save
234 # Pass a block for behavior when a user fails to save
235 def register_by_email_activation(user, &block)
235 def register_by_email_activation(user, &block)
236 token = Token.new(:user => user, :action => "register")
236 token = Token.new(:user => user, :action => "register")
237 if user.save and token.save
237 if user.save and token.save
238 Mailer.deliver_register(token)
238 Mailer.deliver_register(token)
239 flash[:notice] = l(:notice_account_register_done)
239 flash[:notice] = l(:notice_account_register_done)
240 redirect_to :action => 'login'
240 redirect_to :action => 'login'
241 else
241 else
242 yield if block_given?
242 yield if block_given?
243 end
243 end
244 end
244 end
245
245
246 # Automatically register a user
246 # Automatically register a user
247 #
247 #
248 # Pass a block for behavior when a user fails to save
248 # Pass a block for behavior when a user fails to save
249 def register_automatically(user, &block)
249 def register_automatically(user, &block)
250 # Automatic activation
250 # Automatic activation
251 user.activate
251 user.activate
252 user.last_login_on = Time.now
252 user.last_login_on = Time.now
253 if user.save
253 if user.save
254 self.logged_user = user
254 self.logged_user = user
255 flash[:notice] = l(:notice_account_activated)
255 flash[:notice] = l(:notice_account_activated)
256 redirect_to :controller => 'my', :action => 'account'
256 redirect_to :controller => 'my', :action => 'account'
257 else
257 else
258 yield if block_given?
258 yield if block_given?
259 end
259 end
260 end
260 end
261
261
262 # Manual activation by the administrator
262 # Manual activation by the administrator
263 #
263 #
264 # Pass a block for behavior when a user fails to save
264 # Pass a block for behavior when a user fails to save
265 def register_manually_by_administrator(user, &block)
265 def register_manually_by_administrator(user, &block)
266 if user.save
266 if user.save
267 # Sends an email to the administrators
267 # Sends an email to the administrators
268 Mailer.deliver_account_activation_request(user)
268 Mailer.deliver_account_activation_request(user)
269 account_pending
269 account_pending
270 else
270 else
271 yield if block_given?
271 yield if block_given?
272 end
272 end
273 end
273 end
274
274
275 def account_pending
275 def account_pending
276 flash[:notice] = l(:notice_account_pending)
276 flash[:notice] = l(:notice_account_pending)
277 redirect_to :action => 'login'
277 redirect_to :action => 'login'
278 end
278 end
279 end
279 end
General Comments 0
You need to be logged in to leave comments. Login now