Confirmation email for login.

1 files changed, 53 insertions, 12 deletions

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 6c950e7ba..5089c3cf8 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: user_controller.rb,v 1.10 2007-11-01 16:14:43 francis Exp $
+# $Id: user_controller.rb,v 1.11 2007-11-05 16:46:10 francis Exp $
 
 class UserController < ApplicationController
     # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below
@@ -16,9 +16,11 @@ class UserController < ApplicationController
     def signin
         # The explict signin link uses this to store where it is to go back to
         if params[:r]
-            post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {})
-            post_redirect.save!
-            params[:token] = post_redirect.token
+            @post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {})
+            @post_redirect.save!
+            params[:token] = @post_redirect.token
+        else
+            @post_redirect = PostRedirect.find_by_token(params[:token])
         end
 
         if not params[:user] 
@@ -29,9 +31,12 @@ class UserController < ApplicationController
             @user = User.authenticate(params[:user][:email], params[:user][:password])
             if @user
                 # Successful login
-                session[:user] = @user.id
-                post_redirect = PostRedirect.find_by_token(params[:token])
-                do_post_redirect post_redirect.uri, post_redirect.post_params
+                if @user.email_confirmed
+                    session[:user] = @user.id
+                    do_post_redirect @post_redirect.uri, @post_redirect.post_params
+                else
+                    send_confirmation_mail
+                end
                 return
             else
                 if User.find(:first, :conditions => [ "email ilike ?", params[:user][:email] ]) # using like for case insensitive
@@ -54,21 +59,44 @@ class UserController < ApplicationController
     def signup
         # Make the user and try to save it
         @user = User.new(params[:user])
-        if not @user.save
+        if not @user.valid?
             # First time get to form (e.g. from signin) , don't show errors
             @first_time = params[:first_time]
             @user.errors.clear if @first_time
             # Show the form
             render :action => 'signup'
         else
-            # New user made, redirect back to where we were
-            session[:user] = @user.id
-            post_redirect = PostRedirect.find_by_token(params[:token])
-            do_post_redirect post_redirect.uri, post_redirect.post_params
+            # Unconfirmed user
+            @user.email_confirmed = false
+            @user.save
+
+            send_confirmation_mail
             return
         end
     end
 
+    # Followed link in user account confirmation email
+    def confirm
+        post_redirect = PostRedirect.find_by_email_token(params[:email_token])
+
+        # XXX add message like this if post_redirect not found
+        #        err(sprintf(_("Please check the URL (i.e. the long code of
+        #        letters and numbers) is copied correctly from your email.  If
+        #        you can't click on it in the email, you'll have to select and
+        #        copy it from the email.  Then paste it into your browser, into
+        #        the place you would type the address of any other webpage.
+        #        Technical details: The token '%s' wasn't found."), $q_t));
+        #
+
+        @user = post_redirect.user
+        @user.email_confirmed = true
+        @user.save
+
+        session[:user] = @user.id
+
+        do_post_redirect post_redirect.uri, post_redirect.post_params
+    end
+
     # Logout form
     def signout
         session[:user] = nil
@@ -82,4 +110,17 @@ class UserController < ApplicationController
 
     private
 
+    # Ask for email confirmation
+    def send_confirmation_mail
+        raise "user #{@user.id} already confirmed" if @user.email_confirmed
+
+        post_redirect = PostRedirect.find_by_token(params[:token])
+        post_redirect.user = @user
+        post_redirect.save!
+
+        url = confirm_url(:email_token => post_redirect.email_token)
+        UserMailer.deliver_confirm_login(@user, post_redirect.reason_params, url)
+        render :action => 'confirm'
+    end
+
 end