Class: AccountController
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- AccountController
- Includes:
- CustomFieldsHelper
- Defined in:
- app/controllers/account_controller.rb
Overview
Redmine - project management software Copyright (C) 2006-2016 Jean-Philippe Lang
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Constant Summary
Constants included from CustomFieldsHelper
CustomFieldsHelper::CUSTOM_FIELDS_TABS
Instance Method Summary collapse
-
#activate ⇒ Object
Token based account activation.
-
#activation_email ⇒ Object
Sends a new account activation email.
-
#login ⇒ Object
Login request and validation.
-
#logout ⇒ Object
Log out current user and redirect to welcome page.
-
#lost_password ⇒ Object
Lets user choose a new password.
-
#register ⇒ Object
User self-registration.
-
#verify_authenticity_token ⇒ Object
Overrides ApplicationController#verify_authenticity_token to disable token verification on openid callbacks.
Methods included from CustomFieldsHelper
#custom_field_formats_for_select, #custom_field_label_tag, #custom_field_name_tag, #custom_field_tag, #custom_field_tag_for_bulk_edit, #custom_field_tag_id, #custom_field_tag_name, #custom_field_tag_with_label, #custom_field_title, #custom_field_type_options, #edit_tag_style_tag, #format_value, #render_api_custom_values, #render_custom_field_format_partial, #render_custom_field_values, #render_custom_fields_tabs, #show_value
Methods inherited from ApplicationController
#_include_layout?, accept_api_auth, #accept_api_auth?, accept_rss_auth, #accept_rss_auth?, #api_key_from_request, #api_offset_and_limit, #api_request?, #api_switch_user_from_request, #authorize, #authorize_global, #autologin_cookie_name, #back_url, #check_if_login_required, #check_password_change, #check_project_privacy, #deny_access, #filename_for_content_disposition, #find_attachments, #find_current_user, #find_issue, #find_issues, #find_model_object, #find_optional_project, #find_project, #find_project_by_project_id, #find_project_from_association, #handle_unverified_request, #logged_user=, #logout_user, #missing_template, model_object, #parse_params_for_bulk_update, #parse_qvalues, #per_page_option, #query_statement_invalid, #redirect_back_or_default, #redirect_to_referer_or, #render_403, #render_404, #render_api_errors, #render_api_head, #render_api_ok, #render_attachment_warning_if_needed, #render_error, #render_feed, #render_validation_errors, #require_admin, #require_admin_or_api_request, #require_login, #session_expiration, #session_expired?, #set_localization, #start_user_session, #try_to_autologin, #use_layout, #user_setup
Methods included from Redmine::SudoMode::Controller
#process_sudo_form, #render_sudo_form, #require_sudo_mode, #sudo_mode, #sudo_timestamp_valid?, #update_sudo_timestamp!
Methods included from Redmine::MenuManager::MenuController
#current_menu_item, #menu_items, #redirect_to_project_menu_item
Methods included from Redmine::Search::Controller
#default_search_scope, #default_search_scopes
Methods included from RoutesHelper
#_new_project_issue_path, #_new_time_entry_path, #_project_calendar_path, #_project_gantt_path, #_project_issues_path, #_report_time_entries_path, #_time_entries_path, #board_path
Methods included from Redmine::Hook::Helper
Methods included from Redmine::Pagination
#deprecated_paginate, #paginate, #paginator
Methods included from Redmine::I18n
#current_language, #day_letter, #day_name, #find_language, #format_date, #format_time, #l, #l_hours, #l_hours_short, #l_or_humanize, #languages_options, #ll, #lu, #month_name, #set_language_if_valid, #valid_languages
Instance Method Details
#activate ⇒ Object
Token based account activation
166 167 168 169 170 171 172 173 174 175 176 177 178 |
# File 'app/controllers/account_controller.rb', line 166 def activate (redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present? token = Token.find_token('register', params[:token].to_s) (redirect_to(home_url); return) unless token and !token.expired? user = token.user (redirect_to(home_url); return) unless user.registered? user.activate if user.save token.destroy flash[:notice] = l(:notice_account_activated) end redirect_to signin_path end |
#activation_email ⇒ Object
Sends a new account activation email
181 182 183 184 185 186 187 188 189 190 191 |
# File 'app/controllers/account_controller.rb', line 181 def activation_email if session[:registered_user_id] && Setting.self_registration == '1' user_id = session.delete(:registered_user_id).to_i user = User.find_by_id(user_id) if user && user.registered? register_by_email_activation(user) return end end redirect_to(home_url) end |
#login ⇒ Object
Login request and validation
34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'app/controllers/account_controller.rb', line 34 def login if request.post? authenticate_user else if User.current.logged? redirect_back_or_default home_url, :referer => true end end rescue AuthSourceException => e logger.error "An error occured when authenticating #{params[:username]}: #{e.}" render_error :message => e. end |
#logout ⇒ Object
Log out current user and redirect to welcome page
48 49 50 51 52 53 54 55 56 |
# File 'app/controllers/account_controller.rb', line 48 def logout if User.current.anonymous? redirect_to home_url elsif request.post? logout_user redirect_to home_url end # display the logout form end |
#lost_password ⇒ Object
Lets user choose a new password
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'app/controllers/account_controller.rb', line 59 def lost_password (redirect_to(home_url); return) unless Setting.lost_password? if prt = (params[:token] || session[:password_recovery_token]) @token = Token.find_token("recovery", prt.to_s) if @token.nil? || @token.expired? redirect_to home_url return end # redirect to remove the token query parameter from the URL and add it to the session if request.query_parameters[:token].present? session[:password_recovery_token] = @token.value redirect_to lost_password_url return end @user = @token.user unless @user && @user.active? redirect_to home_url return end if request.post? @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] if @user.save @token.destroy Mailer.password_updated(@user, { remote_ip: request.remote_ip }) flash[:notice] = l(:notice_account_password_updated) redirect_to signin_path return end end render :template => "account/password_recovery" return else if request.post? email = params[:mail].to_s user = User.find_by_mail(email) # user not found unless user flash.now[:error] = l(:notice_account_unknown_email) return end unless user.active? handle_inactive_user(user, lost_password_path) return end # user cannot change its password unless user.change_password_allowed? flash.now[:error] = l(:notice_can_t_change_password) return end # create a new token for password recovery token = Token.new(:user => user, :action => "recovery") if token.save # Don't use the param to send the email recipent = user.mails.detect {|e| email.casecmp(e) == 0} || user.mail Mailer.lost_password(token, recipent).deliver flash[:notice] = l(:notice_account_lost_email_sent) redirect_to signin_path return end end end end |
#register ⇒ Object
User self-registration
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
# File 'app/controllers/account_controller.rb', line 125 def register (redirect_to(home_url); return) unless Setting.self_registration? || session[:auth_source_registration] if !request.post? session[:auth_source_registration] = nil @user = User.new(:language => current_language.to_s) else user_params = params[:user] || {} @user = User.new @user.safe_attributes = user_params @user.pref.attributes = params[:pref] if params[:pref] @user.admin = false @user.register if session[:auth_source_registration] @user.activate @user.login = session[:auth_source_registration][:login] @user.auth_source_id = session[:auth_source_registration][:auth_source_id] if @user.save session[:auth_source_registration] = nil self.logged_user = @user flash[:notice] = l(:notice_account_activated) redirect_to my_account_path end else @user.login = params[:user][:login] unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank? @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation] end case Setting.self_registration when '1' register_by_email_activation(@user) when '3' register_automatically(@user) else register_manually_by_administrator(@user) end end end end |
#verify_authenticity_token ⇒ Object
Overrides ApplicationController#verify_authenticity_token to disable token verification on openid callbacks
27 28 29 30 31 |
# File 'app/controllers/account_controller.rb', line 27 def verify_authenticity_token unless using_open_id? super end end |