Class: AccountController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• AccountController

Includes:

CustomFieldsHelper

Defined in:

app/controllers/account_controller.rb

Overview

Redmine - project management software Copyright (C) 2006-2016 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Constant Summary

Constants included from CustomFieldsHelper

CustomFieldsHelper::CUSTOM_FIELDS_TABS

Instance Method Summary

• #activate ⇒ Object

  Token based account activation.

• #activation_email ⇒ Object

  Sends a new account activation email.

• #login ⇒ Object

  Login request and validation.

• #logout ⇒ Object

  Log out current user and redirect to welcome page.

• #lost_password ⇒ Object

  Lets user choose a new password.

• #register ⇒ Object

  User self-registration.

• #verify_authenticity_token ⇒ Object

  Overrides ApplicationController#verify_authenticity_token to disable token verification on openid callbacks.

Methods included from CustomFieldsHelper

#custom_field_formats_for_select, #custom_field_label_tag, #custom_field_name_tag, #custom_field_tag, #custom_field_tag_for_bulk_edit, #custom_field_tag_id, #custom_field_tag_name, #custom_field_tag_with_label, #custom_field_title, #custom_field_type_options, #edit_tag_style_tag, #format_value, #render_api_custom_values, #render_custom_field_format_partial, #render_custom_field_values, #render_custom_fields_tabs, #show_value

Methods inherited from ApplicationController

#_include_layout?, accept_api_auth, #accept_api_auth?, accept_rss_auth, #accept_rss_auth?, #api_key_from_request, #api_offset_and_limit, #api_request?, #api_switch_user_from_request, #authorize, #authorize_global, #autologin_cookie_name, #back_url, #check_if_login_required, #check_password_change, #check_project_privacy, #deny_access, #filename_for_content_disposition, #find_attachments, #find_current_user, #find_issue, #find_issues, #find_model_object, #find_optional_project, #find_project, #find_project_by_project_id, #find_project_from_association, #handle_unverified_request, #logged_user=, #logout_user, #missing_template, model_object, #parse_params_for_bulk_update, #parse_qvalues, #per_page_option, #query_statement_invalid, #redirect_back_or_default, #redirect_to_referer_or, #render_403, #render_404, #render_api_errors, #render_api_head, #render_api_ok, #render_attachment_warning_if_needed, #render_error, #render_feed, #render_validation_errors, #require_admin, #require_admin_or_api_request, #require_login, #session_expiration, #session_expired?, #set_localization, #start_user_session, #try_to_autologin, #use_layout, #user_setup

Methods included from Redmine::SudoMode::Controller

#process_sudo_form, #render_sudo_form, #require_sudo_mode, #sudo_mode, #sudo_timestamp_valid?, #update_sudo_timestamp!

Methods included from Redmine::MenuManager::MenuController

#current_menu, #current_menu_item, included, #menu_items, #redirect_to_project_menu_item

Methods included from Redmine::Search::Controller

#default_search_scope, #default_search_scopes, included

Methods included from RoutesHelper

#_new_project_issue_path, #_new_time_entry_path, #_project_calendar_path, #_project_gantt_path, #_project_issues_path, #_project_news_path, #_report_time_entries_path, #_time_entries_path, #board_path

Methods included from Redmine::Hook::Helper

#call_hook

Methods included from Redmine::Pagination

#paginate, #paginator

Methods included from Redmine::I18n

#current_language, #day_letter, #day_name, #find_language, #format_date, #format_hours, #format_time, included, #l, #l_hours, #l_hours_short, #l_or_humanize, #languages_options, #ll, #lu, #month_name, #set_language_if_valid, #valid_languages

Instance Method Details

#activate ⇒ Object

Token based account activation

# File 'app/controllers/account_controller.rb', line 159

def activate
  (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
  token = Token.find_token('register', params[:token].to_s)
  (redirect_to(home_url); return) unless token and !token.expired?
  user = token.user
  (redirect_to(home_url); return) unless user.registered?
  user.activate
  if user.save
    token.destroy
    flash[:notice] = l(:notice_account_activated)
  end
  redirect_to signin_path
end

#activation_email ⇒ Object

Sends a new account activation email

# File 'app/controllers/account_controller.rb', line 174

def activation_email
  if session[:registered_user_id] && Setting.self_registration == '1'
    user_id = session.delete(:registered_user_id).to_i
    user = User.find_by_id(user_id)
    if user && user.registered?
      register_by_email_activation(user)
      return
    end
  end
  redirect_to(home_url)
end

#login ⇒ Object

Login request and validation

# File 'app/controllers/account_controller.rb', line 36

def login
  if request.get?
    if User.current.logged?
      redirect_back_or_default home_url, :referer => true
    end
  else
    authenticate_user
  end
rescue AuthSourceException => e
  logger.error "An error occured when authenticating #{params[:username]}: #{e.message}"
  render_error :message => e.message
end

#logout ⇒ Object

Log out current user and redirect to welcome page

# File 'app/controllers/account_controller.rb', line 50

def logout
  if User.current.anonymous?
    redirect_to home_url
  elsif request.post?
    logout_user
    redirect_to home_url
  end
  # display the logout form
end

#lost_password ⇒ Object

Lets user choose a new password

# File 'app/controllers/account_controller.rb', line 61

def lost_password
  (redirect_to(home_url); return) unless Setting.lost_password?
  if params[:token]
    @token = Token.find_token("recovery", params[:token].to_s)
    if @token.nil? || @token.expired?
      redirect_to home_url
      return
    end
    @user = @token.user
    unless @user && @user.active?
      redirect_to home_url
      return
    end
    if request.post?
      @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
      if @user.save
        @token.destroy
        Mailer.password_updated(@user)
        flash[:notice] = l(:notice_account_password_updated)
        redirect_to signin_path
        return
      end
    end
    render :template => "account/password_recovery"
    return
  else
    if request.post?
      email = params[:mail].to_s
      user = User.find_by_mail(email)
      # user not found
      unless user
        flash.now[:error] = l(:notice_account_unknown_email)
        return
      end
      unless user.active?
        handle_inactive_user(user, lost_password_path)
        return
      end
      # user cannot change its password
      unless user.change_password_allowed?
        flash.now[:error] = l(:notice_can_t_change_password)
        return
      end
      # create a new token for password recovery
      token = Token.new(:user => user, :action => "recovery")
      if token.save
        # Don't use the param to send the email
        recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail
        Mailer.lost_password(token, recipent).deliver
        flash[:notice] = l(:notice_account_lost_email_sent)
        redirect_to signin_path
        return
      end
    end
  end
end

#register ⇒ Object

User self-registration

# File 'app/controllers/account_controller.rb', line 119

def register
  (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration]
  if request.get?
    session[:auth_source_registration] = nil
    @user = User.new(:language => current_language.to_s)
  else
    user_params = params[:user] || {}
    @user = User.new
    @user.safe_attributes = user_params
    @user.pref.safe_attributes = params[:pref]
    @user.admin = false
    @user.register
    if session[:auth_source_registration]
      @user.activate
      @user.login = session[:auth_source_registration][:login]
      @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
      if @user.save
        session[:auth_source_registration] = nil
        self.logged_user = @user
        flash[:notice] = l(:notice_account_activated)
        redirect_to my_account_path
      end
    else
      unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
        @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
      end

      case Setting.self_registration
      when '1'
        register_by_email_activation(@user)
      when '3'
        register_automatically(@user)
      else
        register_manually_by_administrator(@user)
      end
    end
  end
end

#verify_authenticity_token ⇒ Object

Overrides ApplicationController#verify_authenticity_token to disable token verification on openid callbacks

# File 'app/controllers/account_controller.rb', line 29

def verify_authenticity_token
  unless using_open_id?
    super
  end
end