diff options
Diffstat (limited to 'app/controllers/user_controller.rb')
| -rw-r--r-- | app/controllers/user_controller.rb | 65 |
1 files changed, 53 insertions, 12 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 6c950e7ba..5089c3cf8 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.10 2007-11-01 16:14:43 francis Exp $ +# $Id: user_controller.rb,v 1.11 2007-11-05 16:46:10 francis Exp $ class UserController < ApplicationController # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below @@ -16,9 +16,11 @@ class UserController < ApplicationController def signin # The explict signin link uses this to store where it is to go back to if params[:r] - post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {}) - post_redirect.save! - params[:token] = post_redirect.token + @post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {}) + @post_redirect.save! + params[:token] = @post_redirect.token + else + @post_redirect = PostRedirect.find_by_token(params[:token]) end if not params[:user] @@ -29,9 +31,12 @@ class UserController < ApplicationController @user = User.authenticate(params[:user][:email], params[:user][:password]) if @user # Successful login - session[:user] = @user.id - post_redirect = PostRedirect.find_by_token(params[:token]) - do_post_redirect post_redirect.uri, post_redirect.post_params + if @user.email_confirmed + session[:user] = @user.id + do_post_redirect @post_redirect.uri, @post_redirect.post_params + else + send_confirmation_mail + end return else if User.find(:first, :conditions => [ "email ilike ?", params[:user][:email] ]) # using like for case insensitive @@ -54,21 +59,44 @@ class UserController < ApplicationController def signup # Make the user and try to save it @user = User.new(params[:user]) - if not @user.save + if not @user.valid? # First time get to form (e.g. from signin) , don't show errors @first_time = params[:first_time] @user.errors.clear if @first_time # Show the form render :action => 'signup' else - # New user made, redirect back to where we were - session[:user] = @user.id - post_redirect = PostRedirect.find_by_token(params[:token]) - do_post_redirect post_redirect.uri, post_redirect.post_params + # Unconfirmed user + @user.email_confirmed = false + @user.save + + send_confirmation_mail return end end + # Followed link in user account confirmation email + def confirm + post_redirect = PostRedirect.find_by_email_token(params[:email_token]) + + # XXX add message like this if post_redirect not found + # err(sprintf(_("Please check the URL (i.e. the long code of + # letters and numbers) is copied correctly from your email. If + # you can't click on it in the email, you'll have to select and + # copy it from the email. Then paste it into your browser, into + # the place you would type the address of any other webpage. + # Technical details: The token '%s' wasn't found."), $q_t)); + # + + @user = post_redirect.user + @user.email_confirmed = true + @user.save + + session[:user] = @user.id + + do_post_redirect post_redirect.uri, post_redirect.post_params + end + # Logout form def signout session[:user] = nil @@ -82,4 +110,17 @@ class UserController < ApplicationController private + # Ask for email confirmation + def send_confirmation_mail + raise "user #{@user.id} already confirmed" if @user.email_confirmed + + post_redirect = PostRedirect.find_by_token(params[:token]) + post_redirect.user = @user + post_redirect.save! + + url = confirm_url(:email_token => post_redirect.email_token) + UserMailer.deliver_confirm_login(@user, post_redirect.reason_params, url) + render :action => 'confirm' + end + end |