trustieforge/app/controllers/account_controller.rb

437 lines
14 KiB
Ruby

# Redmine - project management software
# Copyright (C) 2006-2013 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AccountController < ApplicationController
helper :custom_fields
include CustomFieldsHelper
# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_filter :check_if_login_required
# Login request and validation
def login
if request.get?
@login = params[:login] || true
if User.current.logged?
redirect_to user_path(User.current)
else
render :layout => 'login'
end
else
authenticate_user
end
end
# 服务协议
def agreement
render :layout => 'static_base'
end
def about_us
render :layout => 'static_base'
end
# Log out current user and redirect to welcome page
def logout
if User.current.anonymous?
redirect_to signin_path
elsif request.post?
logout_user
redirect_to signin_path
end
# display the logout form
end
def heartbeat
render :json => session[:user_id]
end
# Lets user choose a new password
def lost_password
(redirect_to(signin_path); return) unless Setting.lost_password?
if params[:token]
@token = Token.find_token("recovery", params[:token].to_s)
if @token.nil? || @token.expired?
redirect_to signin_path
return
end
@user = @token.user
unless @user && @user.active?
redirect_to signin_path
return
end
if request.post?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
if @user.save
@token.destroy
flash[:notice] = l(:notice_account_password_updated)
redirect_to signin_url
return
end
end
render :template => "account/password_recovery"
return
else
if request.post?
user = User.find_by_mail(params[:mail].to_s)
# user not found or not active
unless user && user.active?
flash.now[:error] = l(:notice_account_unknown_email)
render :layout => 'static_base'
return
end
# user cannot change its password
unless user.change_password_allowed?
flash.now[:error] = l(:notice_can_t_change_password)
return
end
# create a new token for password recovery
token = Token.new(:user => user, :action => "recovery")
if token.save
Mailer.run.lost_password(token)
flash[:notice] = l(:notice_account_lost_email_sent)
redirect_to lost_password_path
return
end
end
render :layout => 'static_base'
end
end
# User self-registration
def register
(redirect_to(signin_path); return) unless Setting.self_registration? || session[:auth_source_registration]
if request.get?
session[:auth_source_registration] = nil
@user = User.new(:language => current_language.to_s)
else
user_params = params[:user] || {}
if session[:auth_source_registration]
@user.activate
@user.login = session[:auth_source_registration][:login]
@user.auth_source_id = session[:auth_source_registration][:auth_source_id]
if @user.save
session[:auth_source_registration] = nil
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_path
end
else
us = UsersService.new
@user = us.register user_params.merge(:should_confirmation_password => true)
case Setting.self_registration
when '1'
#register_by_email_activation(@user)
unless @user.new_record?
flash[:notice] = l(:notice_account_register_done)
render action: 'email_valid', locals: {:mail => @user.mail}
end
when '3'
#register_automatically(@user)
if !@user.new_record?
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_url
else
redirect_to signin_path
end
else
#register_manually_by_administrator(@user)
unless @user.new_record?
account_pending
end
end
end
end
end
#should_confirmation_password是否验证密码
def create_and_save_user login,password,email,password_confirmation,should_confirmation_password
@user = User.new
@user.admin = false
@user.register
@user.login = login
@user.mail = email
if should_confirmation_password && !password.blank? && !password_confirmation.blank?
@user.password,@user.password_confirmation = password,password_confirmation
elsif !should_confirmation_password && !password.blank?
@user.password = password
else
@user.password = ""
end
case Setting.self_registration
when '1'
register_by_email_activation(@user)
when '3'
register_automatically(@user)
else
register_manually_by_administrator(@user)
end
if @user.id != nil
ue = @user.user_extensions ||= UserExtensions.new
ue.user_id = @user.id
ue.save
end
@user
end
# Token based account activation
def activate
(redirect_to(signin_path); return) unless Setting.self_registration? && params[:token].present?
token = Token.find_token('register', params[:token].to_s)
(redirect_to(signin_path); return) unless token and !token.expired?
user = token.user
(redirect_to(signin_path); return) unless user.registered?
user.activate
if user.save
token.destroy
flash[:notice] = l(:notice_account_activated)
end
redirect_to signin_url
end
def api_register login,password,email
users_service = UsersService.new
users_service.register({login: login, password: password, email: eamil})
end
def valid_ajax
req = Hash.new(false)
req[:message] = ''
valid_attr = params[:valid]
valid_value = params[:value]
faker = User.new
if valid_attr.eql?('login')
faker.login = valid_value
faker.valid?
req[:valid] = faker.errors[:login].blank?
req[:message] = faker.errors[:login]
end
if valid_attr.eql?('mail')
faker.mail = valid_value
faker.valid?
req[:valid] = faker.errors[:mail].blank?
req[:message] = faker.errors[:mail]
end
req[:message] = l(:modal_valid_passing) if req[:message].blank?
render :json => req
end
def email_valid
end
def resendmail
user = User.find(params[:user]) if params[:user]
token = Token.new(:user => user, :action => "register")
if token.save
Mailer.run.register(token)
else
yield if block_given?
end
end
private
def authenticate_user
if Setting.openid? && using_open_id?
open_id_authenticate(params[:openid_url])
else
password_authentication
end
end
def password_authentication
user, last_login_on = User.try_to_login(params[:username], params[:password])
if user.nil?
invalid_credentials
elsif user.status == 2
invalid_credentials_new
elsif user.new_record?
onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
else
# Valid user
successful_authentication(user, last_login_on)
end
end
def open_id_authenticate(openid_url)
back_url = signin_url(:autologin => params[:autologin])
authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => back_url, :method => :post) do |result, identity_url, registration|
if result.successful?
user = User.find_or_initialize_by_identity_url(identity_url)
if user.new_record?
# Self-registration off
(redirect_to(signin_path); return) unless Setting.self_registration?
# Create on the fly
user.login = registration['nickname'] unless registration['nickname'].nil?
user.mail = registration['email'] unless registration['email'].nil?
user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
user.random_password
user.register
case Setting.self_registration
when '1'
register_by_email_activation(user) do
onthefly_creation_failed(user)
end
when '3'
register_automatically(user) do
onthefly_creation_failed(user)
end
else
register_manually_by_administrator(user) do
onthefly_creation_failed(user)
end
end
else
# Existing record
if user.active?
successful_authentication(user)
else
account_pending
end
end
end
end
end
def successful_authentication(user, last_login_on)
logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
# Valid user
self.logged_user = user
# generate a key and set cookie if autologin
if params[:autologin] && Setting.autologin?
set_autologin_cookie(user)
end
call_hook(:controller_account_success_authentication_after, {:user => user })
code = /\d*/
#根据home_url生产正则表达式
eval("code = " + "/^" + home_url.gsub(/\//,"\\\/") + "\\\/*(welcome)?\\\/*(\\\/index\\\/*.*)?\$/")
if (code=~params[:back_url] || params[:back_url].to_s.include?('lost_password')) && last_login_on != ''
redirect_to user_activities_path(user,host: Setting.host_user)
else
if last_login_on == ''
redirect_to my_account_url
else
#by young
#redirect_back_or_default my_page_path
redirect_back_or_default User.current
#redirect_to my_account_url
#redirect_to User.current
end
end
end
def set_autologin_cookie(user)
token = Token.get_or_create_permanent_login_token(user)
cookie_options = {
:value => token.value,
:expires => 1.month.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
:httponly => true
}
if Redmine::Configuration['cookie_domain'].present?
cookie_options = cookie_options.merge(domain: Redmine::Configuration['cookie_domain'])
end
cookies[autologin_cookie_name] = cookie_options
end
# Onthefly creation failed, display the registration form to fill/fix attributes
def onthefly_creation_failed(user, auth_source_options = { })
@user = user
session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
render :action => 'register'
end
def invalid_credentials
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
flash[:error] = l(:notice_account_invalid_creditentials)
# render :layout => 'login'
redirect_to signin_path(:login=>true)
end
def invalid_credentials_new
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
flash[:error] = l(:notice_account_invalid_creditentials_new)
render signin_path(:login=>true)
end
# Register a user for email activation.
#
# Pass a block for behavior when a user fails to save
def register_by_email_activation(user, &block)
token = Token.new(:user => user, :action => "register")
if user.save and token.save
UserStatus.create(:user_id => user.id, :changsets_count => 0, :watchers_count => 0)
Mailer.run.register(token)
flash[:notice] = l(:notice_account_register_done)
render action: 'email_valid', locals: {:mail => user.mail}
else
yield if block_given?
end
end
# Automatically register a user
#
# Pass a block for behavior when a user fails to save
def register_automatically(user, &block)
# Automatic activation
user.activate
user.last_login_on = Time.now
if user.save
UserStatus.create(:user_id => user.id, :changsets_count => 0, :watchers_count => 0)
self.logged_user = user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_url
else
yield if block_given?
end
end
# Manual activation by the administrator
#
# Pass a block for behavior when a user fails to save
def register_manually_by_administrator(user, &block)
if user.save
UserStatus.create(:user_id => user.id ,:changsets_count => 0, :watchers_count => 0)
# Sends an email to the administrators
Mailer.run.account_activation_request(user)
account_pending
else
yield if block_given?
end
end
def account_pending
flash[:notice] = l(:notice_account_pending)
redirect_to signin_url
end
end