diff options
| -rw-r--r-- | app/controllers/user_controller.rb | 72 | ||||
| -rw-r--r-- | app/models/public_body.rb | 45 | ||||
| -rw-r--r-- | app/models/user.rb | 5 | ||||
| -rw-r--r-- | app/models/user_mailer.rb | 11 | ||||
| -rw-r--r-- | app/views/request/_bubble.rhtml | 43 | ||||
| -rw-r--r-- | app/views/user/signchange_confirm.rhtml | 13 | ||||
| -rw-r--r-- | app/views/user_mailer/already_registered.rhtml | 12 | ||||
| -rw-r--r-- | db/migrate/040_email_is_unique.rb | 19 | ||||
| -rw-r--r-- | db/schema.rb | 2 | ||||
| -rw-r--r-- | todo.txt | 11 |
10 files changed, 172 insertions, 61 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 3dcb72acd..954d44b17 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.31 2008-02-28 10:54:35 francis Exp $ +# $Id: user_controller.rb,v 1.32 2008-02-28 12:29:43 francis Exp $ class UserController < ApplicationController # Show page about a set of users with same url name @@ -55,12 +55,18 @@ class UserController < ApplicationController # Show the form render :action => 'sign' else - # New unconfirmed user - @user_signup.email_confirmed = false - @user_signup.save! + user_alreadyexists = User.find_user_by_email(params[:user_signup][:email]) + if user_alreadyexists + already_registered_mail user_alreadyexists + return + else + # New unconfirmed user + @user_signup.email_confirmed = false + @user_signup.save! - send_confirmation_mail @user_signup - return + send_confirmation_mail @user_signup + return + end end end @@ -94,7 +100,7 @@ class UserController < ApplicationController end end - # Change password and/or email - requires email authentication + # Change password (XXX and perhaps later email) - requires email authentication def signchange if @user and ((not session[:user_authtype]) or (session[:user_authtype] != :email)) # Not logged in via email, so send confirmation @@ -110,28 +116,27 @@ class UserController < ApplicationController return end user_signchange = User.find_user_by_email(params[:signchange][:email]) - if not user_signchange - flash[:error] = "There is no user with that email, please check you have typed it correctly." - render :action => 'signchange_email' - return + if user_signchange + # Send email with login link to go to signchange page + url = signchange_url + if params[:pretoken] + url += "?pretoken=" + params[:pretoken] + end + post_redirect = PostRedirect.new(:uri => url , :post_params => {}, + :reason_params => { + :web => "", + :email => "Then your can change your password on foi.mysociety.org", + :email_subject => "Change your password on foi.mysociety.org" + }) + post_redirect.user = user_signchange + post_redirect.save! + url = confirm_url(:email_token => post_redirect.email_token) + UserMailer.deliver_confirm_login(user_signchange, post_redirect.reason_params, url) + else + # User not found, but still show confirm page to not leak fact user exists end - # Send email with login link to go to signchange page - url = signchange_url - if params[:pretoken] - url += "?pretoken=" + params[:pretoken] - end - post_redirect = PostRedirect.new(:uri => url , :post_params => {}, - :reason_params => { - :web => "", - :email => "Then your can change your password on foi.mysociety.org", - :email_subject => "Change your password on foi.mysociety.org" - }) - post_redirect.user = user_signchange - post_redirect.save! - url = confirm_url(:email_token => post_redirect.email_token) - UserMailer.deliver_confirm_login(user_signchange, post_redirect.reason_params, url) - render :action => 'confirm' + render :action => 'signchange_confirm' elsif not @user # Not logged in, prompt for email render :action => 'signchange_email' @@ -187,8 +192,6 @@ class UserController < ApplicationController # Ask for email confirmation def send_confirmation_mail(user) - #raise "user #{user.id} already confirmed" if user.email_confirmed - post_redirect = PostRedirect.find_by_token(params[:token]) post_redirect.user = user post_redirect.save! @@ -198,4 +201,15 @@ class UserController < ApplicationController render :action => 'confirm' end + # If they register again + def already_registered_mail(user) + post_redirect = PostRedirect.find_by_token(params[:token]) + post_redirect.user = user + post_redirect.save! + + url = confirm_url(:email_token => post_redirect.email_token) + UserMailer.deliver_already_registered(user, post_redirect.reason_params, url) + render :action => 'confirm' # must be same as for send_confirmation_mail above to avoid leak of presence of email in db + end + end diff --git a/app/models/public_body.rb b/app/models/public_body.rb index 0df84e15b..df09ba2be 100644 --- a/app/models/public_body.rb +++ b/app/models/public_body.rb @@ -22,7 +22,9 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: public_body.rb,v 1.24 2008-02-27 14:01:30 francis Exp $ +# $Id: public_body.rb,v 1.25 2008-02-28 12:29:43 francis Exp $ + +require 'csv' class PublicBody < ActiveRecord::Base validates_presence_of :name @@ -83,12 +85,51 @@ class PublicBody < ActiveRecord::Base end end end - def tag_string return self.public_body_tags.map { |t| t.name }.join(' ') end + # Find all public bodies with a particular tag def self.find_by_tag(tag) return PublicBodyTag.find(:all, :conditions => ['name = ?', tag] ).map { |t| t.public_body } end + + # Import from CSV + def self.import_csv(csv, tag) + existing_bodies = PublicBody.find_by_tag(tag) + + bodies_by_name = {} + for existing_body in existing_bodies + bodies_by_name[existing_body.name] = existing_body + end + + CSV::Reader.parse(csv) do |row| + name = row[1] + email = row[2] + next if name.nil? or email.nil? + + name.strip! + email.strip! + print name, " ", email, "\n" + + if bodies_by_name[name] + public_body = bodies_by_name[name] + if public_body.request_email != email + public_body.request_email = email + public_body.last_edit_editor = 'import_csv' + public_body.last_edit_comment = 'Updated from spreadsheet' + public_body.save + end + else + public_body = PublicBody.new(:name => name, :request_email => email, :complaint_email => "", :short_name => "", :last_edit_editor => "import_csv", :last_edit_comment => 'Created from spreadsheet') + public_body.tag_string = tag + raise public_body.public_body_tags.to_yaml + public_body.save! + end + end + + # XXX what about if they are deleted? + end end + + diff --git a/app/models/user.rb b/app/models/user.rb index bb4ce8b5b..277d8958d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -20,13 +20,12 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user.rb,v 1.31 2008-02-27 14:01:30 francis Exp $ +# $Id: user.rb,v 1.32 2008-02-28 12:29:43 francis Exp $ require 'digest/sha1' class User < ActiveRecord::Base validates_presence_of :email, :message => "^Please enter your email address" - validates_uniqueness_of :email, :case_sensitive => false, :message => "^There is already an account with that email address. You can sign in to it on the left." validates_presence_of :name, :message => "^Please enter your name" validates_presence_of :url_name @@ -65,7 +64,7 @@ class User < ActiveRecord::Base # No user of same email, make one (that we don't save in the database) # for the forms code to use. user = User.new(params) - # deliberately same message as above so as not to leak whether + # deliberately same message as above so as not to leak whether registered user.errors.add_to_base(auth_fail_message) end user diff --git a/app/models/user_mailer.rb b/app/models/user_mailer.rb index d7279683d..e4d56b68a 100644 --- a/app/models/user_mailer.rb +++ b/app/models/user_mailer.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_mailer.rb,v 1.6 2008-02-19 17:41:58 francis Exp $ +# $Id: user_mailer.rb,v 1.7 2008-02-28 12:29:43 francis Exp $ class UserMailer < ApplicationMailer def confirm_login(user, reasons, url) @@ -16,5 +16,14 @@ class UserMailer < ApplicationMailer @body[:url] = url end + def already_registered(user, reasons, url) + @from = contact_from_name_and_email + @recipients = user.name_and_email + @subject = reasons[:email_subject] + @body[:reasons] = reasons + @body[:name] = user.name + @body[:url] = url + end + end diff --git a/app/views/request/_bubble.rhtml b/app/views/request/_bubble.rhtml index 54c91000f..31233ed28 100644 --- a/app/views/request/_bubble.rhtml +++ b/app/views/request/_bubble.rhtml @@ -1,30 +1,29 @@ - <blockquote class="xsnazzy"> +<blockquote class="xsnazzy"> <div> - <strong class="xb1"></strong><strong class="xb2"></strong><strong class="xb3"></strong><strong class="xb4"></strong><strong class="xb5"></strong><strong class="xb6"></strong><strong class="xb7"></strong> + <strong class="xb1"></strong><strong class="xb2"></strong><strong class="xb3"></strong><strong class="xb4"></strong><strong class="xb5"></strong><strong class="xb6"></strong><strong class="xb7"></strong> </div> <div class="xboxcontent"> - <% if not attachments.nil? and attachments.size > 0 %> - <p> <% attachments.each do |a| %> - <% if ['application/pdf', 'application/msword', 'text/plain', 'image/tiff'].include?(a.content_type) %> - <img class="attachment_image" alt="Attachment" src="/images/icon_<%=a.content_type.sub('/', '_')%>_large.png"> - <% else %> - Attachment: + <% if not attachments.nil? and attachments.size > 0 %> + <p> <% attachments.each do |a| %> + <% if ['application/pdf', 'application/msword', 'text/plain', 'image/tiff'].include?(a.content_type) %> + <img class="attachment_image" alt="Attachment" src="/images/icon_<%=a.content_type.sub('/', '_')%>_large.png"> + <% else %> + Attachment: + <% end %> + <%= link_to (TMail::Mail.get_part_file_name(a) || "download.bin"), get_attachment_url(:id => incoming_message.info_request_id, + :incoming_message_id => incoming_message.id, :part => a.url_part_number, :file_name => + (TMail::Mail.get_part_file_name(a) || "download.bin")) %> + <!-- (<%= a.content_type %>) --> + <br> <% end %> - <%= link_to (TMail::Mail.get_part_file_name(a) || "download.bin"), get_attachment_url(:id => incoming_message.info_request_id, - :incoming_message_id => incoming_message.id, :part => a.url_part_number, :file_name => - (TMail::Mail.get_part_file_name(a) || "download.bin")) %> - <!-- (<%= a.content_type %>) --> - <br> - <% end %> - </p> - <% end %> - <p><%= body %></p> + </p> + <% end %> + <p><%= body %></p> </div> <div> - <strong class="xb7"></strong><strong class="xb6"></strong><strong class="xb5"></strong><strong class="xb4"></strong><strong class="xb3"></strong><strong class="xb2"></strong><strong class="xb1"></strong> - <em></em> - <span class="bubblebit"></span> + <strong class="xb7"></strong><strong class="xb6"></strong><strong class="xb5"></strong><strong class="xb4"></strong><strong class="xb3"></strong><strong class="xb2"></strong><strong class="xb1"></strong> + <em></em> + <span class="bubblebit"></span> </div> - </blockquote> - +</blockquote> diff --git a/app/views/user/signchange_confirm.rhtml b/app/views/user/signchange_confirm.rhtml new file mode 100644 index 000000000..baad6729b --- /dev/null +++ b/app/views/user/signchange_confirm.rhtml @@ -0,0 +1,13 @@ +<% @title = h("Now check your email!") %> + +<h1 class="confirmation_heading">Now check your email!</h1> + +<p class="confirmation_message"> +We've sent you an email, click the link in it, then you can change your password. +</p> + +<p class="confirmation_message"> +<small>If you use web-based email or have "junk mail" filters, also check your +bulk/spam mail folders. Sometimes, our messages are marked that way.</small> +</p> + diff --git a/app/views/user_mailer/already_registered.rhtml b/app/views/user_mailer/already_registered.rhtml new file mode 100644 index 000000000..ebff3e8c4 --- /dev/null +++ b/app/views/user_mailer/already_registered.rhtml @@ -0,0 +1,12 @@ +<%= @name %>, + +You just tried to sign up to foi.mysociety.org, when you +already have an account. Your name and password have been +left as they previously were. + +Please click on the link below to confirm your account. +<%=@reasons[:email]%> + +<%=@url%> + +-- the foi.mysociety.org team diff --git a/db/migrate/040_email_is_unique.rb b/db/migrate/040_email_is_unique.rb new file mode 100644 index 000000000..fa4bf529a --- /dev/null +++ b/db/migrate/040_email_is_unique.rb @@ -0,0 +1,19 @@ +class EmailIsUnique < ActiveRecord::Migration + def self.up + execute "create unique index users_email_index on users (lower(email))" + + # Don't need these any more, with new special url_name fields + execute 'drop index users_url_name_index' + execute 'drop index public_bodies_url_short_name_index' + execute 'drop index public_body_versions_url_short_name_index' + + end + + def self.down + execute "drop unique index users_email_index" + + execute "create index public_bodies_url_short_name_index on public_bodies(regexp_replace(replace(lower(short_name), ' ', '-'), '[^a-z0-9_-]', '', 'g'))" + execute "create index public_body_versions_url_short_name_index on public_body_versions(regexp_replace(replace(lower(short_name), ' ', '-'), '[^a-z0-9_-]', '', 'g'))" + execute "create index users_url_name_index on users (regexp_replace(replace(lower(name), ' ', '-'), '[^a-z0-9_-]', '', 'g'))" + end +end diff --git a/db/schema.rb b/db/schema.rb index 0e8c26f80..58ddb696d 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -9,7 +9,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 39) do +ActiveRecord::Schema.define(:version => 40) do create_table "incoming_messages", :force => true do |t| t.integer "info_request_id", :null => false @@ -20,7 +20,9 @@ Next Update test code -Short name for highways agency +Make it link to other similar requests by same person to same place + http://foi.mysociety.org/request/team_foundation_server_backup_pr + http://foi.mysociety.org/request/all_computer_software_source_cod Search and replace text "FOI" and "Freedom of Information" out the way more - but put it in the title tag @@ -45,7 +47,7 @@ Fix the fastcgi errors [Mon Jan 21 10:38:45 2008] [error] [client 81.107.40.81] FastCGI: incomplete headers (0 bytes) rec eived from server "/data/vhost/foi.mysociety.org/docs/dispatch.fcgi" -Add tagging for public bodies +Describe view doesn't hide quoted sections Later ===== @@ -157,12 +159,15 @@ Link to: Website itself (for general search) Google search within website? TWFY department search + Complaint email e.g. http://www.ordnancesurvey.co.uk/oswebsite/aboutus/foi/index.html http://www.ordnancesurvey.co.uk/oswebsite/aboutus/foi/coiindex.html -Use environmental info laws for some bodies +Environmental Information Regulations apply for some bodies (e.g. environment agency) do automatically + tag such bodies eir? +Add geographical location to council import Sources of public bodies ======================== |