account_controller.rb
5.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
class AccountController < PublicController
# say something nice, you goof! something sweet.
def index
unless logged_in?
render :action => 'index_anonymous'
end
end
# action to perform login to the application
def login
@user = User.new
return unless request.post?
self.current_user = User.authenticate(params[:user][:login], params[:user][:password])
if logged_in?
if params[:remember_me] == "1"
self.current_user.remember_me
cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
end
go_to_user_initial_page
flash[:notice] = _("Logged in successfully")
else
flash[:notice] = _('Incorrect username or password')
redirect_to :back
end
end
def logout_popup
render :action => 'logout_popup', :layout => false
end
def login_popup
render :action => 'login', :layout => false
end
# action to register an user to the application
def signup
begin
@user = User.new(params[:user])
@user.terms_of_use = environment.terms_of_use
@terms_of_use = environment.terms_of_use
if request.post? && answer_correct
@user.save!
@user.person.environment = environment
@user.person.save!
self.current_user = @user
owner_role = Role.find_by_name('owner')
@user.person.affiliate(@user.person, [owner_role]) if owner_role
post_activate_enterprise if params[:enterprise_code]
go_to_user_initial_page
flash[:notice] = _("Thanks for signing up!")
else
activate_enterprise if params[:enterprise_code]
end
rescue ActiveRecord::RecordInvalid
if params[:enterprise_code]
render :action => 'activate_enterprise'
else
render :action => 'signup'
end
end
end
# action to perform logout from the application
def logout
self.current_user.forget_me if logged_in?
cookies.delete :auth_token
reset_session
flash[:notice] = _("You have been logged out.")
redirect_back_or_default(:controller => 'account', :action => 'index')
end
def change_password
if request.post?
@user = current_user
begin
@user.change_password!(params[:current_password],
params[:new_password],
params[:new_password_confirmation])
flash[:notice] = _('Your password has been changed successfully!')
redirect_to :action => 'index'
rescue User::IncorrectPassword => e
flash[:notice] = _('The supplied current password is incorrect.')
render :action => 'change_password'
end
else
render :action => 'change_password'
end
end
# The user requests a password change. She forgot her old password.
#
# Posts back.
def forgot_password
@change_password = ChangePassword.new(params[:change_password])
if request.post?
begin
@change_password.save!
render :action => 'password_recovery_sent'
rescue ActiveRecord::RecordInvalid => e
nil # just pass and render at the end of the action
end
end
end
# The user has a code for a ChangePassword request object.
#
# Posts back.
def new_password
@change_password = ChangePassword.find_by_code(params[:code])
unless @change_password
render :action => 'invalid_change_password_code', :status => 403
return
end
if request.post?
begin
@change_password.update_attributes!(params[:change_password])
@change_password.finish
render :action => 'new_password_ok'
rescue ActiveRecord::RecordInvalid => e
nil # just render new_password
end
end
end
protected
def activate_enterprise
enterprise = load_enterprise
@enterprise = enterprise
unless enterprise
render :action => 'invalid_enterprise_code'
return
end
if enterprise.enabled
render :action => 'already_activated'
return
end
# Reaches here only if answer is not correct
if request.post? && !answer_correct
enterprise.block
end
@question = enterprise.question
if !@question || enterprise.blocked?
render :action => 'blocked'
return
end
render :action => 'activate_enterprise'
end
def post_activate_enterprise
activation = load_enterprise_activation
if activation
activation.requestor = user
activation.finish
end
end
def load_enterprise_activation
EnterpriseActivation.find_by_code(params[:enterprise_code])
end
def load_enterprise
activation = load_enterprise_activation
if activation.nil?
nil
else
activation.enterprise
end
end
def answer_correct
return true unless params[:enterprise_code]
enterprise = load_enterprise
return false unless enterprise.question
return false if enterprise.enabled
params[:answer] == enterprise.send(enterprise.question).to_s
end
def go_to_user_initial_page
redirect_back_or_default(:controller => "profile_editor", :profile => current_user.login, :action => 'index')
end
end