diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application.rb | 19 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 41 | ||||
| -rw-r--r-- | app/models/post_redirect.rb | 36 | ||||
| -rw-r--r-- | app/views/layouts/default.rhtml | 2 | ||||
| -rw-r--r-- | app/views/user_accounts/signin.rhtml | 1 | ||||
| -rw-r--r-- | app/views/user_accounts/signup.rhtml | 9 |
6 files changed, 75 insertions, 33 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 824f6f77b..fb56497f4 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.21 2007-11-01 05:35:43 francis Exp $ +# $Id: application.rb,v 1.22 2007-11-01 14:45:56 francis Exp $ class ApplicationController < ActionController::Base @@ -21,9 +21,9 @@ class ApplicationController < ActionController::Base # Check the user is logged in def authenticated? unless session[:user] - session[:intended_uri] = request.request_uri - session[:intended_params] = params - redirect_to signin_url + post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params) + post_redirect.save! + redirect_to signin_url(:token => post_redirect.token) return false end return true @@ -34,12 +34,13 @@ class ApplicationController < ActionController::Base return User.find(session[:user]) end - # Do a POST redirect. This is a nasty hack - we store the posted values to - # the controller, and when the GET redirect with "?post_redirect=1" - # happens, load them in. - def post_redirect(uri, params) + # Do a POST redirect. This is a nasty hack - we store the posted values in + # the session, and when the GET redirect with "?post_redirect=1" happens, + # load them in. + def do_post_redirect(uri, params) session[:post_redirect_params] = params - # XXX what is built in Ruby URI munging function? + # XXX what is the built in Ruby URI munging function that can do this + # choice of & vs. ? more elegantly than this dumb if statement? if uri.include?("?") uri += "&post_redirect=1" else diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 084bbbc81..2f12c8319 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.7 2007-10-31 17:25:29 francis Exp $ +# $Id: user_controller.rb,v 1.8 2007-11-01 14:45:56 francis Exp $ class UserController < ApplicationController # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below @@ -16,31 +16,35 @@ class UserController < ApplicationController def signin # The explict signin link uses this to store where it is to go back to if params[:r] - session[:intended_uri] = params[:r] - session[:intended_params] = nil + post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {}) + post_redirect.save! + params[:token] = post_redirect.token end if not params[:user] # First time page is shown - render :template => 'user_accounts/signin' and return + render :template => 'user_accounts/signin' + return else @user = User.authenticate(params[:user][:email], params[:user][:password]) if @user # Successful login session[:user] = @user.id - post_redirect session[:intended_uri], session[:intended_params] and return + post_redirect = PostRedirect.find_by_token(params[:token]) + do_post_redirect post_redirect.uri, post_redirect.post_params + return else if User.find(:first, :conditions => [ "email = ?", params[:user][:email] ]) # Failed to authenticate flash[:error] = "Password not correct, please try again" @user = User.new(params[:user]) - render :template => 'user_accounts/signin' and return + render :template => 'user_accounts/signin' + return else - # "I am new to FOIFA" - session[:email] = params[:user][:email] - session[:password] = params[:user][:password] - session[:first_time] = true - redirect_to :action => 'signup' and return + # Create a new account + params[:first_time] = true + self.signup + return end end end @@ -48,25 +52,20 @@ class UserController < ApplicationController # Create new account form def signup - # Default to value saved from signin form - params[:user] ||= { :email => session[:email] } - params[:user] ||= { :password => session[:password] } - # Make the user and try to save it @user = User.new(params[:user]) if not @user.save # First time get to form (e.g. from signin) , don't show errors - if session[:first_time] - @first_time = true - @user.errors.clear - session[:first_time] = false - end + @first_time = params[:first_time] + @user.errors.clear if @first_time # Show the form render :template => 'user_accounts/signup' else # New user made, redirect back to where we were session[:user] = @user.id - post_redirect session[:intended_uri], session[:intended_params] and return + post_redirect = PostRedirect.find_by_token(params[:token]) + do_post_redirect post_redirect.uri, post_redirect.post_params + return end end diff --git a/app/models/post_redirect.rb b/app/models/post_redirect.rb new file mode 100644 index 000000000..ab1a365f9 --- /dev/null +++ b/app/models/post_redirect.rb @@ -0,0 +1,36 @@ +# models/postredirect.rb: +# Saves an HTTP POST request, so it can be redirected to later. +# For example, after registering / logging in. +# +# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. +# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# +# $Id: post_redirect.rb,v 1.1 2007-11-01 14:45:56 francis Exp $ + +require 'openssl' # for random bytes function + +class PostRedirect < ActiveRecord::Base + # We store YAML version of POST parameters in the database + def post_params=(params) + self.post_params_yaml = params.to_yaml + end + def post_params + YAML.load(self.post_params_yaml) + end + + # Make the token + def after_initialize + if not self.token + bytes = OpenSSL::Random.random_bytes(12) + # XXX Ruby has some base function that can do base 62 or 32 more easily? + base64 = [bytes].pack("m9999").strip + base64.gsub("+", "a") + base64.gsub("/", "b") + base64.gsub("=", "c") + self.token = base64 + end + end + +end + + diff --git a/app/views/layouts/default.rhtml b/app/views/layouts/default.rhtml index 45e062f78..1cd853628 100644 --- a/app/views/layouts/default.rhtml +++ b/app/views/layouts/default.rhtml @@ -11,7 +11,7 @@ <a href="/">GovernmentSpy</a> <span id="beta">Beta</span> </h1> - <div id="tagline">Freeing your information from them</div> + <div id="tagline">It's your information. Free it from them.</div> </div> <ul id="navigation"> <li><%= link_to "All Requests", request_list_url %></li> diff --git a/app/views/user_accounts/signin.rhtml b/app/views/user_accounts/signin.rhtml index d390c7174..137de91b3 100644 --- a/app/views/user_accounts/signin.rhtml +++ b/app/views/user_accounts/signin.rhtml @@ -18,6 +18,7 @@ <p> <label for="submit"> </label> + <%= hidden_field_tag 'token', params[:token] %> <%= submit_tag "Sign in" %> </p> diff --git a/app/views/user_accounts/signup.rhtml b/app/views/user_accounts/signup.rhtml index 7d6abc907..dd779a0f3 100644 --- a/app/views/user_accounts/signup.rhtml +++ b/app/views/user_accounts/signup.rhtml @@ -1,8 +1,12 @@ <%= foi_error_messages_for :user %> <% form_tag({:action => "signup"}, {:id => "accountForm"}) do %> - <h1>Create a new account</h1> - + <% if @first_time %> + <div class="form_note"> + <h1>Register new account</h1> + </div> + <% end %> + <p> <label for="user_email" id="signin_email"><strong>E-mail:</strong></label> <%= text_field 'user', 'email', :size => 20 %> @@ -37,6 +41,7 @@ <p> <label for="submit"> </label> + <%= hidden_field_tag 'token', params[:token] %> <%= submit_tag "Sign in" %> </p> |