diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2011-07-04 11:35:55 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2011-07-04 11:35:55 +0100 |
| commit | 4ad5f950ed4e426d2615525e36de7cfa71b4812b (patch) | |
| tree | 79a2c3ff042d16f6de2d1c49977e24f66eb20e7b /perllib/FixMyStreet/App | |
| parent | 06b94102ca6fad7e97cd2674a6f18e77ccad2598 (diff) | |
Carry through name/phone/password updates through report/update creation via token. Only store encrypted password, and override EncodedColumn to prevent double encrypting.
Diffstat (limited to 'perllib/FixMyStreet/App')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 10 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 12 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/Update.pm | 10 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Tokens.pm | 18 |
4 files changed, 41 insertions, 9 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index a5afff9c5..c67de692a 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -108,6 +108,11 @@ sub email_sign_in : Private { return; } + my $user_params = {}; + $user_params->{password} = $c->req->param('password_register') + if $c->req->param('password_register'); + my $user = $c->model('DB::User')->new( $user_params ); + my $token_obj = $c->model('DB::Token') # ->create( { @@ -116,7 +121,7 @@ sub email_sign_in : Private { email => $good_email, r => $c->req->param('r'), name => $c->req->param('name'), - password => $c->req->param('password_register'), + password => $user->password, } } ); @@ -158,9 +163,8 @@ sub token : Path('/M') : Args(1) { # find or create the user related to the token. my $user = $c->model('DB::User')->find_or_create( { email => $data->{email} } ); $user->name( $data->{name} ) if $data->{name}; - $user->password( $data->{password} ) if $data->{password}; + $user->password( $data->{password}, 1 ) if $data->{password}; $user->update; - $c->authenticate( { email => $user->email }, 'no_password' ); # send the user to their page diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index 78c9b5ae0..a9ec2f935 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -845,9 +845,13 @@ sub save_user_and_report : Private { $report->confirm; } else { - - # user exists and we are not logged in as them. Throw away changes to - # the name and phone. TODO - propagate changes using tokens. + # User exists and we are not logged in as them. + # Store changes in token for when token is validated. + $c->stash->{token_data} = { + name => $report->user->name, + phone => $report->user->phone, + password => $report->user->password, + }; $report->user->discard_changes(); } @@ -932,9 +936,11 @@ sub redirect_or_confirm_creation : Private { } # otherwise create a confirm token and email it to them. + my $data = $c->stash->{token_data} || {}; my $token = $c->model("DB::Token")->create( { scope => 'problem', data => { + %$data, id => $report->id } } ); diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm index 2abe65b1f..501dd2b41 100644 --- a/perllib/FixMyStreet/App/Controller/Report/Update.pm +++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm @@ -231,6 +231,14 @@ sub save_update : Private { # Logged in and same user, so can confirm update straight away $update->user->update; $update->confirm; + } else { + # User exists and we are not logged in as them. + # Store changes in token for when token is validated. + $c->stash->{token_data} = { + name => $update->user->name, + password => $update->user->password, + }; + $update->user->discard_changes(); } # If there was a photo add that too @@ -272,10 +280,12 @@ sub redirect_or_confirm_creation : Private { } # otherwise create a confirm token and email it to them. + my $data = $c->stash->{token_data} || {}; my $token = $c->model("DB::Token")->create( { scope => 'comment', data => { + %$data, id => $update->id, add_alert => ( $c->req->param('add_alert') ? 1 : 0 ), } diff --git a/perllib/FixMyStreet/App/Controller/Tokens.pm b/perllib/FixMyStreet/App/Controller/Tokens.pm index 1fef0f07e..9abef591d 100644 --- a/perllib/FixMyStreet/App/Controller/Tokens.pm +++ b/perllib/FixMyStreet/App/Controller/Tokens.pm @@ -32,7 +32,8 @@ sub confirm_problem : Path('/P') { $c->forward( 'load_auth_token', [ $token_code, 'problem' ] ); # Load the problem - my $problem_id = $auth_token->data->{id}; + my $data = $auth_token->data; + my $problem_id = $data->{id}; my $problem = $c->cobrand->problems->find( { id => $problem_id } ) || $c->detach('token_error'); $c->stash->{problem} = $problem; @@ -59,6 +60,11 @@ sub confirm_problem : Path('/P') { $c->forward( '/report/new/create_reporter_alert' ); # log the problem creation user in to the site + if ( $data->{name} || $data->{password} ) { + $problem->user->name( $data->{name} ) if $data->{name}; + $problem->user->password( $data->{password}, 1 ) if $data->{password}; + $problem->user->update; + } $c->authenticate( { email => $problem->user->email }, 'no_password' ); $c->set_session_cookie_expire(0); @@ -133,8 +139,9 @@ sub confirm_update : Path('/C') { $c->forward( 'load_auth_token', [ $token_code, 'comment' ] ); # Load the problem - my $comment_id = $auth_token->data->{id}; - $c->stash->{add_alert} = $auth_token->data->{add_alert}; + my $data = $auth_token->data; + my $comment_id = $data->{id}; + $c->stash->{add_alert} = $data->{add_alert}; my $comment = $c->model('DB::Comment')->find( { id => $comment_id } ) || $c->detach('token_error'); @@ -146,6 +153,11 @@ sub confirm_update : Path('/C') { return; } + if ( $data->{name} || $data->{password} ) { + $comment->user->name( $data->{name} ) if $data->{name}; + $comment->user->password( $data->{password}, 1 ) if $data->{password}; + $comment->user->update; + } $c->authenticate( { email => $comment->user->email }, 'no_password' ); $c->set_session_cookie_expire(0); |