Commit 0b70895d93bb9909060ebc91c13756c25c176b02
Committed by
Gabriela Navarro
Gabriela Navarro
1 parent
0eb95949
Exists in
master
and in
21 other branches
Change private_token from session to user creation
Signed-off-by: Gabriela Navarro <navarro1703@gmail.com> Signed-off-by: Luciano Prestes Cavalcanti <luciano@luciano.luciano>
Showing
5 changed files
with
35 additions
and
5 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
| ... | ... | @@ -132,6 +132,13 @@ class ProfileEditorController < MyProfileController |
| 132 | 132 | redirect_to_previous_location |
| 133 | 133 | end |
| 134 | 134 | |
| 135 | + def reset_private_token | |
| 136 | + profile = environment.profiles.find(params[:id]) | |
| 137 | + profile.user.generate_private_token! | |
| 138 | + | |
| 139 | + redirect_to_previous_location | |
| 140 | + end | |
| 141 | + | |
| 135 | 142 | protected |
| 136 | 143 | |
| 137 | 144 | def redirect_to_previous_location | ... | ... |
app/controllers/public/account_controller.rb
| ... | ... | @@ -16,7 +16,7 @@ class AccountController < ApplicationController |
| 16 | 16 | def activate |
| 17 | 17 | @user = User.find_by_activation_code(params[:activation_code]) if params[:activation_code] |
| 18 | 18 | if @user |
| 19 | - unless @user.environment.enabled?('admin_must_approve_new_users') | |
| 19 | + unless @user.environment.enabled?('admin_must_approve_new_users') | |
| 20 | 20 | if @user.activate |
| 21 | 21 | @message = _("Your account has been activated, now you can log in!") |
| 22 | 22 | check_redirection |
| ... | ... | @@ -30,7 +30,7 @@ class AccountController < ApplicationController |
| 30 | 30 | @user.activation_code = nil |
| 31 | 31 | @user.save! |
| 32 | 32 | redirect_to :controller => :home |
| 33 | - end | |
| 33 | + end | |
| 34 | 34 | end |
| 35 | 35 | else |
| 36 | 36 | session[:notice] = _("It looks like you're trying to activate an account. Perhaps have already activated this account?") | ... | ... |
app/models/user.rb
| ... | ... | @@ -113,6 +113,7 @@ class User < ActiveRecord::Base |
| 113 | 113 | validates_uniqueness_of :login, :email, :case_sensitive => false, :scope => :environment_id |
| 114 | 114 | before_save :encrypt_password |
| 115 | 115 | before_save :normalize_email, if: proc{ |u| u.email.present? } |
| 116 | + before_save :generate_private_token_if_not_exist | |
| 116 | 117 | validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|user| !user.email.blank?}) |
| 117 | 118 | |
| 118 | 119 | validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n |
| ... | ... | @@ -122,19 +123,33 @@ class User < ActiveRecord::Base |
| 122 | 123 | environment ||= Environment.default |
| 123 | 124 | u = self.first :conditions => ['(login = ? OR email = ?) AND environment_id = ? AND activated_at IS NOT NULL', |
| 124 | 125 | login, login, environment.id] # need to get the salt |
| 125 | - u && u.authenticated?(password) ? u : nil | |
| 126 | + if u && u.authenticated?(password) | |
| 127 | + u.generate_private_token_if_not_exist | |
| 128 | + return u | |
| 129 | + end | |
| 130 | + return nil | |
| 126 | 131 | end |
| 127 | 132 | |
| 128 | 133 | def register_login |
| 129 | 134 | self.update_attribute :last_login_at, Time.now |
| 130 | 135 | end |
| 131 | 136 | |
| 132 | - def generate_private_token! | |
| 137 | + def generate_private_token | |
| 133 | 138 | self.private_token = SecureRandom.hex |
| 134 | 139 | self.private_token_generated_at = DateTime.now |
| 140 | + end | |
| 141 | + | |
| 142 | + def generate_private_token! | |
| 143 | + self.generate_private_token | |
| 135 | 144 | save(:validate => false) |
| 136 | 145 | end |
| 137 | 146 | |
| 147 | + def generate_private_token_if_not_exist | |
| 148 | + unless self.private_token | |
| 149 | + self.generate_private_token | |
| 150 | + end | |
| 151 | + end | |
| 152 | + | |
| 138 | 153 | TOKEN_VALIDITY = 2.weeks |
| 139 | 154 | def private_token_expired? |
| 140 | 155 | self.private_token.nil? || (self.private_token_generated_at + TOKEN_VALIDITY < DateTime.now) | ... | ... |
app/views/profile_editor/_person_form.html.erb
| 1 | 1 | <% @person ||= @profile %> |
| 2 | 2 | |
| 3 | +<div class="formfieldline"> | |
| 4 | + <%= label_tag("private_token", _("Private Token")) %> | |
| 5 | + <div class="formfield type-text"> | |
| 6 | + <%= text_field_tag("a", @profile.user.private_token, :size => 30) %> | |
| 7 | + </div> | |
| 8 | +</div> | |
| 9 | + | |
| 10 | +<%= link_to("Reset token", {:controller => :profile_editor, :action => :reset_private_token, :id => @person.id}, :class => "button with-text") %> | |
| 11 | + | |
| 3 | 12 | <% optional_field(@person, 'nickname') do %> |
| 4 | 13 | <%= f.text_field(:nickname, :maxlength => 16, :size => 30, :rel => _('Nickname')) %> |
| 5 | 14 | <div> | ... | ... |
lib/noosfero/api/session.rb