diff options
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Auth')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Phone.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Profile.pm | 62 |
2 files changed, 65 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Phone.pm b/perllib/FixMyStreet/App/Controller/Auth/Phone.pm index 4f9a72594..4e9f92596 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Phone.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Phone.pm @@ -53,7 +53,6 @@ sub sign_in : Private { } unless ($phone->is_mobile) { - $c->stash->{username} = $c->get_param('username'); # What was entered $c->stash->{username_error} = 'nonmobile'; return; } @@ -62,6 +61,7 @@ sub sign_in : Private { if ( FixMyStreet->config('SIGNUPS_DISABLED') && !$c->model('DB::User')->find({ phone => $number }) + && !$c->stash->{current_user} # don't break the change phone flow ) { $c->stash->{template} = 'auth/token.html'; return; @@ -78,6 +78,10 @@ sub sign_in : Private { name => $c->get_param('name'), password => $user->password, }; + if ($c->stash->{current_user}) { + $token_data->{old_user_id} = $c->stash->{current_user}->id; + $token_data->{r} = 'auth/change_phone/success'; + } $c->forward('send_token', [ $token_data, 'phone_sign_in', $number ]); } diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm index 453b4a8a3..ecf009150 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm @@ -10,8 +10,8 @@ FixMyStreet::App::Controller::Auth::Profile - Catalyst Controller =head1 DESCRIPTION -Controller for all the authentication profile related pages - changing email, -password. +Controller for all the authentication profile related pages - adding/ changing/ +verifying email, phone, password. =head1 METHODS @@ -88,6 +88,64 @@ sub change_email : Path('/auth/change_email') { $c->forward('/auth/email_sign_in', [ $c->get_param('email') ]); } +sub change_phone : Path('/auth/change_phone') { + my ( $self, $c ) = @_; + + $c->stash->{template} = 'auth/change_phone.html'; + + $c->forward('/auth/get_csrf_token'); + + # If not a post then no submission + return unless $c->req->method eq 'POST'; + + $c->forward('/auth/check_csrf_token'); + $c->stash->{current_user} = $c->user; + + my $phone = $c->stash->{username} = $c->get_param('username') || ''; + my $parsed = FixMyStreet::SMS->parse_username($phone); + + # Allow removal of phone number, if we have verified email + if (!$phone && !$c->stash->{verifying} && $c->user->email_verified) { + $c->user->update({ phone => undef, phone_verified => 0 }); + $c->flash->{flash_message} = _('You have successfully removed your phone number.'); + $c->res->redirect('/my'); + $c->detach; + } + + $c->stash->{username_error} = 'missing_phone', return unless $phone; + $c->stash->{username_error} = 'other_phone', return unless $parsed->{phone}; + + # If we've not used a mobile and we're not specifically verifying, + # and phone isn't our only verified way of logging in, + # then allow change of number (for e.g. landline). + if (!FixMyStreet->config('SMS_AUTHENTICATION') || (!$parsed->{phone}->is_mobile && !$c->stash->{verifying} && $c->user->email_verified)) { + $c->user->update({ phone => $phone, phone_verified => 0 }); + $c->flash->{flash_message} = _('You have successfully added your phone number.'); + $c->res->redirect('/my'); + $c->detach; + } + + $c->forward('/auth/phone/sign_in', [ $parsed->{phone} ]); +} + +sub verify_item : Path('/auth/verify') : Args(1) { + my ( $self, $c, $type ) = @_; + $c->stash->{verifying} = 1; + $c->detach("change_$type"); +} + +sub change_email_success : Path('/auth/change_email/success') { + my ( $self, $c ) = @_; + $c->flash->{flash_message} = _('You have successfully confirmed your email address.'); + $c->res->redirect('/my'); +} + +sub change_phone_success : Path('/auth/change_phone/success') { + my ( $self, $c ) = @_; + $c->flash->{flash_message} = _('You have successfully verified your phone number.'); + $c->res->redirect('/my'); +} + __PACKAGE__->meta->make_immutable; 1; |