jro_apps/redmine Files · app/controllers/account_controller.rb

Email notifications are now sent as Blind carbon copy by default. This can be changed in email notifications settings (new setting added)....

Email notifications are now sent as Blind carbon copy by default. This can be changed in email notifications settings (new setting added). Emission email address setting moved to the email notifications settings view. git-svn-id: http://redmine.rubyforge.org/svn/trunk@944 e93f8b46-1217-0410-a6f0-8f06a7374b81

Jean-Philippe Lang - - Load All Authors

File last commit:

r912:866e9e250371


                r931:bc060b31ae08

Download file

             account_controller.rb
        
                    175 lines
            
             | 6.5 KiB
            
                | text/x-ruby
            
             |
                RubyLexer
            
             / app / controllers / account_controller.rb
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # redMine - project management software

      # Copyright (C) 2006-2007  Jean-Philippe Lang

      #

      # This program is free software; you can redistribute it and/or

      # modify it under the terms of the GNU General Public License

      # as published by the Free Software Foundation; either version 2

      # of the License, or (at your option) any later version.

      # 

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      # 

      # You should have received a copy of the GNU General Public License

      # along with this program; if not, write to the Free Software

      # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

      class AccountController < ApplicationController

        layout 'base'	

        helper :custom_fields

        include CustomFieldsHelper   

        # prevents login action to be filtered by check_if_login_required application scope filter

        skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]

        # Show user's account

        def show

          @user = User.find_active(params[:id])

          @custom_values = @user.custom_values.find(:all, :include => :custom_field)

          # show only public projects and private projects that the logged in user is also a member of

          @memberships = @user.memberships.select do |membership|

            membership.project.is_public? || (User.current.role_for_project(membership.project))

          end

        rescue ActiveRecord::RecordNotFound

          render_404

        end

        # Login request and validation

        def login

          if request.get?

            # Logout user

            self.logged_user = nil

          else

            # Authenticate user

            user = User.try_to_login(params[:login], params[:password])

            if user

              self.logged_user = user

              # generate a key and set cookie if autologin

              if params[:autologin] && Setting.autologin?

                token = Token.create(:user => user, :action => 'autologin')

                cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }

              end

              redirect_back_or_default :controller => 'my', :action => 'page'

            else

              flash.now[:error] = l(:notice_account_invalid_creditentials)

            end

          end

        end

        # Log out current user and redirect to welcome page

        def logout

          cookies.delete :autologin

          Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?

          self.logged_user = nil

          redirect_to home_url

        end

        # Enable user to choose a new password

        def lost_password

          redirect_to(home_url) && return unless Setting.lost_password?

          if params[:token]

            @token = Token.find_by_action_and_value("recovery", params[:token])

            redirect_to(home_url) && return unless @token and !@token.expired?

            @user = @token.user

            if request.post?

              @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]

              if @user.save

                @token.destroy

                flash[:notice] = l(:notice_account_password_updated)

                redirect_to :action => 'login'

                return

              end 

            end

            render :template => "account/password_recovery"

            return

          else

            if request.post?

              user = User.find_by_mail(params[:mail])

              # user not found in db

              flash.now[:error] = l(:notice_account_unknown_email) and return unless user

              # user uses an external authentification

              flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id

              # create a new token for password recovery

              token = Token.new(:user => user, :action => "recovery")

              if token.save

                Mailer.deliver_lost_password(token)

                flash[:notice] = l(:notice_account_lost_email_sent)

                redirect_to :action => 'login'

                return

              end

            end

          end

        end

        # User self-registration

        def register

          redirect_to(home_url) && return unless Setting.self_registration?

          if request.get?

            @user = User.new(:language => Setting.default_language)

            @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, :customized => @user) }

          else

            @user = User.new(params[:user])

            @user.admin = false

            @user.login = params[:user][:login]

            @user.status = User::STATUS_REGISTERED

            @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]

            @custom_values = UserCustomField.find(:all).collect { |x| CustomValue.new(:custom_field => x, 

                                                                                      :customized => @user, 

                                                                                      :value => (params["custom_fields"] ? params["custom_fields"][x.id.to_s] : nil)) }

            @user.custom_values = @custom_values

            case Setting.self_registration

            when '1'

              # Email activation

              token = Token.new(:user => @user, :action => "register")

              if @user.save and token.save

                Mailer.deliver_register(token)

                flash[:notice] = l(:notice_account_register_done)

                redirect_to :action => 'login'

              end

            when '3'

              # Automatic activation

              @user.status = User::STATUS_ACTIVE

              if @user.save

                flash[:notice] = l(:notice_account_activated)

                redirect_to :action => 'login'

              end

            else

              # Manual activation by the administrator

              if @user.save

                # Sends an email to the administrators

                Mailer.deliver_account_activation_request(@user)

                flash[:notice] = l(:notice_account_pending)

                redirect_to :action => 'login'

              end

            end

          end

        end

        # Token based account activation

        def activate

          redirect_to(home_url) && return unless Setting.self_registration? && params[:token]

          token = Token.find_by_action_and_value('register', params[:token])

          redirect_to(home_url) && return unless token and !token.expired?

          user = token.user

          redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED

          user.status = User::STATUS_ACTIVE

          if user.save

            token.destroy

            flash[:notice] = l(:notice_account_activated)

          end

          redirect_to :action => 'login'

        end

      private

        def logged_user=(user)

          if user && user.is_a?(User)

            User.current = user

            session[:user_id] = user.id

          else

            User.current = User.anonymous

            session[:user_id] = nil

          end

        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# redMine - project management software
				# Copyright (C) 2006-2007 Jean-Philippe Lang
				#
				# This program is free software; you can redistribute it and/or
				# modify it under the terms of the GNU General Public License
				# as published by the Free Software Foundation; either version 2
				# of the License, or (at your option) any later version.
				#
				# This program is distributed in the hope that it will be useful,
				# but WITHOUT ANY WARRANTY; without even the implied warranty of
				# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				# GNU General Public License for more details.
				#
				# You should have received a copy of the GNU General Public License
				# along with this program; if not, write to the Free Software
				# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

				class AccountController < ApplicationController
				layout 'base'
				helper :custom_fields
				include CustomFieldsHelper

				# prevents login action to be filtered by check_if_login_required application scope filter
				skip_before_filter :check_if_login_required, :only => [:login, :lost_password, :register, :activate]

				# Show user's account
				def show
				@user = User.find_active(params[:id])
				@custom_values = @user.custom_values.find(:all, :include => :custom_field)

				# show only public projects and private projects that the logged in user is also a member of
				@memberships = @user.memberships.select do \|membership\|
				membership.project.is_public? \|\| (User.current.role_for_project(membership.project))
				end
				rescue ActiveRecord::RecordNotFound
				render_404
				end

				# Login request and validation
				def login
				if request.get?
				# Logout user
				self.logged_user = nil
				else
				# Authenticate user
				user = User.try_to_login(params[:login], params[:password])
				if user
				self.logged_user = user
				# generate a key and set cookie if autologin
				if params[:autologin] && Setting.autologin?
				token = Token.create(:user => user, :action => 'autologin')
				cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
				end
				redirect_back_or_default :controller => 'my', :action => 'page'
				else
				flash.now[:error] = l(:notice_account_invalid_creditentials)
				end
				end
				end

				# Log out current user and redirect to welcome page
				def logout
				cookies.delete :autologin
				Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
				self.logged_user = nil
				redirect_to home_url
				end

				# Enable user to choose a new password
				def lost_password
				redirect_to(home_url) && return unless Setting.lost_password?
				if params[:token]
				@token = Token.find_by_action_and_value("recovery", params[:token])
				redirect_to(home_url) && return unless @token and !@token.expired?
				@user = @token.user
				if request.post?
				@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
				if @user.save
				@token.destroy
				flash[:notice] = l(:notice_account_password_updated)
				redirect_to :action => 'login'
				return
				end
				end
				render :template => "account/password_recovery"
				return
				else
				if request.post?
				user = User.find_by_mail(params[:mail])
				# user not found in db
				flash.now[:error] = l(:notice_account_unknown_email) and return unless user
				# user uses an external authentification
				flash.now[:error] = l(:notice_can_t_change_password) and return if user.auth_source_id
				# create a new token for password recovery
				token = Token.new(:user => user, :action => "recovery")
				if token.save
				Mailer.deliver_lost_password(token)
				flash[:notice] = l(:notice_account_lost_email_sent)
				redirect_to :action => 'login'
				return
				end
				end
				end
				end

				# User self-registration
				def register
				redirect_to(home_url) && return unless Setting.self_registration?
				if request.get?
				@user = User.new(:language => Setting.default_language)
				@custom_values = UserCustomField.find(:all).collect { \|x\| CustomValue.new(:custom_field => x, :customized => @user) }
				else
				@user = User.new(params[:user])
				@user.admin = false
				@user.login = params[:user][:login]
				@user.status = User::STATUS_REGISTERED
				@user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
				@custom_values = UserCustomField.find(:all).collect { \|x\| CustomValue.new(:custom_field => x,
				:customized => @user,
				:value => (params["custom_fields"] ? params["custom_fields"][x.id.to_s] : nil)) }
				@user.custom_values = @custom_values
				case Setting.self_registration
				when '1'
				# Email activation
				token = Token.new(:user => @user, :action => "register")
				if @user.save and token.save
				Mailer.deliver_register(token)
				flash[:notice] = l(:notice_account_register_done)
				redirect_to :action => 'login'
				end
				when '3'
				# Automatic activation
				@user.status = User::STATUS_ACTIVE
				if @user.save
				flash[:notice] = l(:notice_account_activated)
				redirect_to :action => 'login'
				end
				else
				# Manual activation by the administrator
				if @user.save
				# Sends an email to the administrators
				Mailer.deliver_account_activation_request(@user)
				flash[:notice] = l(:notice_account_pending)
				redirect_to :action => 'login'
				end
				end
				end
				end

				# Token based account activation
				def activate
				redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
				token = Token.find_by_action_and_value('register', params[:token])
				redirect_to(home_url) && return unless token and !token.expired?
				user = token.user
				redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
				user.status = User::STATUS_ACTIVE
				if user.save
				token.destroy
				flash[:notice] = l(:notice_account_activated)
				end
				redirect_to :action => 'login'
				end

				private
				def logged_user=(user)
				if user && user.is_a?(User)
				User.current = user
				session[:user_id] = user.id
				else
				User.current = User.anonymous
				session[:user_id] = nil
				end
				end
				end