account_controller.rb
5.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
class AccountController < ApplicationController
inverse_captcha :field => 'e_mail'
require_ssl :except => [ :login_popup, :logout_popup ]
# say something nice, you goof! something sweet.
def index
unless logged_in?
render :action => 'index_anonymous'
end
end
# action to perform login to the application
def login
@user = User.new
return unless request.post?
self.current_user = User.authenticate(params[:user][:login], params[:user][:password]) if params[:user]
if logged_in?
if params[:remember_me] == "1"
self.current_user.remember_me
cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
end
go_to_user_initial_page if redirect?
flash[:notice] = _("Logged in successfully")
else
flash[:notice] = _('Incorrect username or password')
redirect_to :back if redirect?
end
end
def logout_popup
render :action => 'logout_popup', :layout => false
end
def login_popup
@user = User.new
render :action => 'login', :layout => false
end
# action to register an user to the application
def signup
begin
@user = User.new(params[:user])
@user.terms_of_use = environment.terms_of_use
@user.environment = environment
@terms_of_use = environment.terms_of_use
if request.post? && params[self.icaptcha_field].blank?
@user.save!
self.current_user = @user
owner_role = Role.find_by_name('owner')
@user.person.affiliate(@user.person, [owner_role]) if owner_role
go_to_user_initial_page if redirect?
flash[:notice] = _("Thanks for signing up!")
end
rescue ActiveRecord::RecordInvalid
render :action => 'signup'
end
end
# action to perform logout from the application
def logout
self.current_user.forget_me if logged_in?
cookies.delete :auth_token
reset_session
flash[:notice] = _("You have been logged out.")
redirect_back_or_default(:controller => 'account', :action => 'index')
end
def change_password
if request.post?
@user = current_user
begin
@user.change_password!(params[:current_password],
params[:new_password],
params[:new_password_confirmation])
flash[:notice] = _('Your password has been changed successfully!')
redirect_to :action => 'index'
rescue User::IncorrectPassword => e
flash[:notice] = _('The supplied current password is incorrect.')
render :action => 'change_password'
end
else
render :action => 'change_password'
end
end
# The user requests a password change. She forgot her old password.
#
# Posts back.
def forgot_password
@change_password = ChangePassword.new(params[:change_password])
if request.post?
begin
@change_password.save!
render :action => 'password_recovery_sent'
rescue ActiveRecord::RecordInvalid => e
nil # just pass and render at the end of the action
end
end
end
# The user has a code for a ChangePassword request object.
#
# Posts back.
def new_password
@change_password = ChangePassword.find_by_code(params[:code])
unless @change_password
render :action => 'invalid_change_password_code', :status => 403
return
end
if request.post?
begin
@change_password.update_attributes!(params[:change_password])
@change_password.finish
render :action => 'new_password_ok'
rescue ActiveRecord::RecordInvalid => e
nil # just render new_password
end
end
end
def activation_question
@enterprise = load_enterprise
unless @enterprise
render :action => 'invalid_enterprise_code'
return
end
if @enterprise.enabled
render :action => 'already_activated'
return
end
@question = @enterprise.question
if !@question || @enterprise.blocked?
render :action => 'blocked'
return
end
end
def accept_terms
@enterprise = load_enterprise
@question = @enterprise.question
check_answer
@terms_of_enterprise_use = environment.terms_of_enterprise_use
end
def activate_enterprise
@enterprise = load_enterprise
@question = @enterprise.question
return unless check_answer
return unless check_acceptance_of_terms
load_user
activation = load_enterprise_activation
if activation && user
activation.requestor = user
activation.finish
redirect_to :controller => 'profile_editor', :action => 'index', :profile => @enterprise.identifier
end
end
protected
def redirect?
!@cannot_redirect
end
def no_redirect
@cannot_redirect = true
end
def load_user
unless logged_in?
no_redirect
if params[:new_user]
signup
else
login
end
end
true
end
def check_answer
unless answer_correct
@enterprise.block
render :action => 'blocked'
return
end
true
end
def check_acceptance_of_terms
unless params[:terms_accepted]
redirect_to :action => 'index'
return
end
true
end
def load_enterprise_activation
@enterprise_activation ||= EnterpriseActivation.find_by_code(params[:enterprise_code])
end
def load_enterprise
activation = load_enterprise_activation
if activation.nil?
nil
else
activation.enterprise
end
end
def answer_correct
return true unless params[:enterprise_code]
enterprise = load_enterprise
return false unless enterprise.question
return false if enterprise.enabled
params[:answer] == enterprise.send(enterprise.question).to_s
end
def go_to_user_initial_page
redirect_back_or_default(:controller => "profile_editor", :profile => current_user.login, :action => 'index')
end
end