1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# app/controllers/user_controller.rb:
# Show information about a user.
#
# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
#
# $Id: user_controller.rb,v 1.23 2008-01-10 18:20:35 francis Exp $
class UserController < ApplicationController
# XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below
def show
if simplify_url_part(params[:simple_name]) != params[:simple_name]
redirect_to :simple_name => simplify_url_part(params[:simple_name])
end
@display_users = User.find(:all, :conditions => [ "regexp_replace(replace(lower(name), ' ', '-'), '[^a-z0-9_-]', '', 'g') = ?", params[:simple_name] ], :order => "created_at desc")
end
# Login form
def signin
work_out_post_redirect
if not params[:user_signin]
# First time page is shown
render :action => 'sign'
return
else
@user_signin = User.authenticate_from_form(params[:user_signin], @post_redirect.reason_params[:user_name] ? true : false)
if @user_signin.errors.size > 0
# Failed to authenticate
render :action => 'sign'
return
else
# Successful login
if @user_signin.email_confirmed
session[:user_id] = @user_signin.id
do_post_redirect @post_redirect.uri, @post_redirect.post_params
else
send_confirmation_mail @user_signin
end
return
end
end
end
# Create new account form
def signup
work_out_post_redirect
# Make the user and try to save it
@user_signup = User.new(params[:user_signup])
if not @user_signup.valid?
# Show the form
render :action => 'sign'
else
# New unconfirmed user
@user_signup.email_confirmed = false
@user_signup.save!
send_confirmation_mail @user_signup
return
end
end
# Followed link in user account confirmation email
def confirm
post_redirect = PostRedirect.find_by_email_token(params[:email_token])
if post_redirect.nil?
render 'user/bad_token'
return
end
@user = post_redirect.user
@user.email_confirmed = true
@user.save!
session[:user_id] = @user.id
do_post_redirect post_redirect.uri, post_redirect.post_params
end
# Logout form
def signout
session[:user_id] = nil
if params[:r]
redirect_to params[:r]
else
redirect_to :controller => "request", :action => "frontpage"
end
end
private
# Decide where we are going to redirect back to after signin/signup, and record that
def work_out_post_redirect
# Redirect to front page later if nothing else specified
if not params[:r] and not params[:token]
params[:r] = "/"
end
# The explicit "signin" link uses this to specify where to go back to
if params[:r]
@post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {},
:reason_params => {
:web => "",
:email => "Then your can sign in to GovernmentSpy.",
:email_subject => "Confirm your account on GovernmentSpy"
})
@post_redirect.save!
params[:token] = @post_redirect.token
elsif params[:token]
# Otherwise we have a token (which represents a saved POST request0
@post_redirect = PostRedirect.find_by_token(params[:token])
end
end
# Ask for email confirmation
def send_confirmation_mail(user)
raise "user #{user.id} already confirmed" if user.email_confirmed
post_redirect = PostRedirect.find_by_token(params[:token])
post_redirect.user = user
post_redirect.save!
url = confirm_url(:email_token => post_redirect.email_token)
UserMailer.deliver_confirm_login(user, post_redirect.reason_params, url)
render :action => 'confirm'
end
end
|
