diff options
| author | francis <francis> | 2008-02-20 12:51:29 +0000 |
|---|---|---|
| committer | francis <francis> | 2008-02-20 12:51:29 +0000 |
| commit | fa2c655de7b795794b6de75ca0f6807f7c88a5ac (patch) | |
| tree | d0ce6e67cfc677de8e922cdc39fb2ff10068db23 /app/controllers/user_controller.rb | |
| parent | 5432e516c218e821f416e92fbcb3250bfe913d5c (diff) | |
Forgotten password stuff.
Diffstat (limited to 'app/controllers/user_controller.rb')
| -rw-r--r-- | app/controllers/user_controller.rb | 73 |
1 files changed, 71 insertions, 2 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index a764bdb35..baeffc7db 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.25 2008-02-19 12:13:07 francis Exp $ +# $Id: user_controller.rb,v 1.26 2008-02-20 12:51:29 francis Exp $ class UserController < ApplicationController # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below @@ -34,6 +34,7 @@ class UserController < ApplicationController # Successful login if @user_signin.email_confirmed session[:user_id] = @user_signin.id + session[:user_authtype] = :password do_post_redirect @post_redirect.uri, @post_redirect.post_params else send_confirmation_mail @user_signin @@ -76,6 +77,7 @@ class UserController < ApplicationController @user.save! session[:user_id] = @user.id + session[:user_authtype] = :email do_post_redirect post_redirect.uri, post_redirect.post_params end @@ -83,6 +85,7 @@ class UserController < ApplicationController # Logout form def signout session[:user_id] = nil + session[:user_authtype] = nil if params[:r] redirect_to params[:r] else @@ -90,6 +93,72 @@ class UserController < ApplicationController end end + # Change password and/or email - requires email authentication + def signchange + if @user and ((not session[:user_authtype]) or (session[:user_authtype] != :email)) + # Not logged in via email, so send confirmation + params[:submitted_signchange_email] = true + params[:signchange] = { :email => @user.email } + end + + if params[:submitted_signchange_email] + # They've entered the email, check it is OK and user exists + if not MySociety::Validate.is_valid_email(params[:signchange][:email]) + flash[:error] = "That doesn't look like a valid email address. Please check you have typed it correctly." + render :action => 'signchange_email' + return + end + user_signchange = User.find_user_by_email(params[:signchange][:email]) + if not user_signchange + flash[:error] = "There is no user with that email, please check you have typed it correctly." + render :action => 'signchange_email' + return + end + + # Send email with login link to go to signchange page + url = signchange_url + if params[:pretoken] + url += "?pretoken=" + params[:pretoken] + end + post_redirect = PostRedirect.new(:uri => url , :post_params => {}, + :reason_params => { + :web => "", + :email => "Then your can change your password on foi.mysociety.org", + :email_subject => "Change your password on foi.mysociety.org" + }) + post_redirect.user = user_signchange + post_redirect.save! + url = confirm_url(:email_token => post_redirect.email_token) + UserMailer.deliver_confirm_login(user_signchange, post_redirect.reason_params, url) + render :action => 'confirm' + elsif not @user + # Not logged in, prompt for email + render :action => 'signchange_email' + else + # Logged in via email link, so can offer form to change email/password + raise "internal error" unless (session[:user_authtype] == :email) + + if params[:submitted_signchange_password] + @user.password = params[:user][:password] + @user.password_confirmation = params[:user][:password_confirmation] + if not @user.valid? + render :action => 'signchange' + else + @user.save! + flash[:notice] = "Your password has been changed." + if params[:pretoken] and not params[:pretoken].empty? + post_redirect = PostRedirect.find_by_token(params[:pretoken]) + do_post_redirect post_redirect.uri, post_redirect.post_params + else + redirect_to :controller => "request", :action => "frontpage" # XXX should go back to login and where they were! + end + end + else + render :action => 'signchange' + end + end + end + private @@ -117,7 +186,7 @@ class UserController < ApplicationController # Ask for email confirmation def send_confirmation_mail(user) - raise "user #{user.id} already confirmed" if user.email_confirmed + #raise "user #{user.id} already confirmed" if user.email_confirmed post_redirect = PostRedirect.find_by_token(params[:token]) post_redirect.user = user |