1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# app/controllers/user_controller.rb:
# Show information about a user.
#
# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
#
# $Id: user_controller.rb,v 1.12 2007-11-06 15:50:58 francis Exp $
class UserController < ApplicationController
# XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below
def show
@display_users = User.find(:all, :conditions => [ "regexp_replace(replace(lower(name), ' ', '-'), '[^a-z0-9_-]', '', 'g') = ?", params[:simple_name] ], :order => "created_at desc")
end
# Login form
def signin
# The explict signin link uses this to store where it is to go back to
if params[:r]
@post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {},
:reason_params => {
:web => "Please sign in or make a new account.",
:email => "Then your can sign in to GovernmentSpy.",
:email_subject => "Confirm your account on GovernmentSpy"
})
@post_redirect.save!
params[:token] = @post_redirect.token
else
@post_redirect = PostRedirect.find_by_token(params[:token])
end
if not params[:user]
# First time page is shown
render :action => 'signin'
return
else
@user = User.authenticate(params[:user][:email], params[:user][:password])
if @user
# Successful login
if @user.email_confirmed
session[:user] = @user.id
do_post_redirect @post_redirect.uri, @post_redirect.post_params
else
send_confirmation_mail
end
return
else
if User.find(:first, :conditions => [ "email ilike ?", params[:user][:email] ]) # using like for case insensitive
# Failed to authenticate
flash[:error] = "Password not correct, please try again"
@user = User.new(params[:user])
render :action => 'signin'
return
else
# Create a new account
params[:first_time] = true
self.signup
return
end
end
end
end
# Create new account form
def signup
# Make the user and try to save it
@user = User.new(params[:user])
if not @user.valid?
# First time get to form (e.g. from signin) , don't show errors
@first_time = params[:first_time]
@user.errors.clear if @first_time
# Show the form
render :action => 'signup'
else
# New unconfirmed user
@user.email_confirmed = false
@user.save
send_confirmation_mail
return
end
end
# Followed link in user account confirmation email
def confirm
post_redirect = PostRedirect.find_by_email_token(params[:email_token])
# XXX add message like this if post_redirect not found
# err(sprintf(_("Please check the URL (i.e. the long code of
# letters and numbers) is copied correctly from your email. If
# you can't click on it in the email, you'll have to select and
# copy it from the email. Then paste it into your browser, into
# the place you would type the address of any other webpage.
# Technical details: The token '%s' wasn't found."), $q_t));
#
@user = post_redirect.user
@user.email_confirmed = true
@user.save
session[:user] = @user.id
do_post_redirect post_redirect.uri, post_redirect.post_params
end
# Logout form
def signout
session[:user] = nil
if params[:r]
redirect_to params[:r]
else
redirect_to :action => "index"
end
end
private
# Ask for email confirmation
def send_confirmation_mail
raise "user #{@user.id} already confirmed" if @user.email_confirmed
post_redirect = PostRedirect.find_by_token(params[:token])
post_redirect.user = @user
post_redirect.save!
url = confirm_url(:email_token => post_redirect.email_token)
UserMailer.deliver_confirm_login(@user, post_redirect.reason_params, url)
render :action => 'confirm'
end
end
|
