2007-03-12 20:59:02 +03:00
# redMine - project management software
# Copyright (C) 2006-2007 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AccountController < ApplicationController
layout 'base'
helper :custom_fields
include CustomFieldsHelper
# prevents login action to be filtered by check_if_login_required application scope filter
2007-11-18 20:46:55 +03:00
skip_before_filter :check_if_login_required , :only = > [ :login , :lost_password , :register , :activate ]
2007-03-12 20:59:02 +03:00
# Show user's account
def show
2007-08-13 14:28:55 +04:00
@user = User . find_active ( params [ :id ] )
2007-03-12 20:59:02 +03:00
@custom_values = @user . custom_values . find ( :all , :include = > :custom_field )
2007-06-23 18:06:21 +04:00
# show only public projects and private projects that the logged in user is also a member of
@memberships = @user . memberships . select do | membership |
2008-01-04 21:02:34 +03:00
membership . project . is_public? || ( User . current . member_of? ( membership . project ) )
2007-06-23 18:06:21 +04:00
end
2007-03-12 20:59:02 +03:00
rescue ActiveRecord :: RecordNotFound
render_404
end
# Login request and validation
def login
if request . get?
# Logout user
2007-08-29 20:52:35 +04:00
self . logged_user = nil
2007-03-12 20:59:02 +03:00
else
# Authenticate user
2008-03-01 00:18:35 +03:00
user = User . try_to_login ( params [ :username ] , params [ :password ] )
2007-03-12 20:59:02 +03:00
if user
2007-08-29 20:52:35 +04:00
self . logged_user = user
2007-05-06 16:49:32 +04:00
# generate a key and set cookie if autologin
if params [ :autologin ] && Setting . autologin?
token = Token . create ( :user = > user , :action = > 'autologin' )
cookies [ :autologin ] = { :value = > token . value , :expires = > 1 . year . from_now }
end
2007-03-12 20:59:02 +03:00
redirect_back_or_default :controller = > 'my' , :action = > 'page'
else
2007-08-02 21:42:20 +04:00
flash . now [ :error ] = l ( :notice_account_invalid_creditentials )
2007-03-12 20:59:02 +03:00
end
end
2008-04-13 13:12:43 +04:00
rescue User :: OnTheFlyCreationFailure
flash . now [ :error ] = 'Redmine could not retrieve the required information from the LDAP to create your account. Please, contact your Redmine administrator.'
2007-03-12 20:59:02 +03:00
end
# Log out current user and redirect to welcome page
def logout
2007-05-06 16:49:32 +04:00
cookies . delete :autologin
2007-08-29 20:52:35 +04:00
Token . delete_all ( [ " user_id = ? AND action = ? " , User . current . id , 'autologin' ] ) if User . current . logged?
self . logged_user = nil
2007-09-24 22:38:45 +04:00
redirect_to home_url
2007-03-12 20:59:02 +03:00
end
# Enable user to choose a new password
def lost_password
2007-09-24 22:38:45 +04:00
redirect_to ( home_url ) && return unless Setting . lost_password?
2007-03-12 20:59:02 +03:00
if params [ :token ]
@token = Token . find_by_action_and_value ( " recovery " , params [ :token ] )
2007-09-24 22:38:45 +04:00
redirect_to ( home_url ) && return unless @token and ! @token . expired?
2007-03-12 20:59:02 +03:00
@user = @token . user
if request . post?
@user . password , @user . password_confirmation = params [ :new_password ] , params [ :new_password_confirmation ]
if @user . save
@token . destroy
flash [ :notice ] = l ( :notice_account_password_updated )
redirect_to :action = > 'login'
return
end
end
render :template = > " account/password_recovery "
return
else
if request . post?
user = User . find_by_mail ( params [ :mail ] )
# user not found in db
2007-08-02 21:42:20 +04:00
flash . now [ :error ] = l ( :notice_account_unknown_email ) and return unless user
2007-03-12 20:59:02 +03:00
# user uses an external authentification
2007-08-02 21:42:20 +04:00
flash . now [ :error ] = l ( :notice_can_t_change_password ) and return if user . auth_source_id
2007-03-12 20:59:02 +03:00
# create a new token for password recovery
token = Token . new ( :user = > user , :action = > " recovery " )
if token . save
Mailer . deliver_lost_password ( token )
flash [ :notice ] = l ( :notice_account_lost_email_sent )
redirect_to :action = > 'login'
return
end
end
end
end
# User self-registration
def register
2007-09-24 22:38:45 +04:00
redirect_to ( home_url ) && return unless Setting . self_registration?
2007-11-18 20:46:55 +03:00
if request . get?
@user = User . new ( :language = > Setting . default_language )
@custom_values = UserCustomField . find ( :all ) . collect { | x | CustomValue . new ( :custom_field = > x , :customized = > @user ) }
2007-03-12 20:59:02 +03:00
else
2007-11-18 20:46:55 +03:00
@user = User . new ( params [ :user ] )
@user . admin = false
@user . login = params [ :user ] [ :login ]
@user . status = User :: STATUS_REGISTERED
@user . password , @user . password_confirmation = params [ :password ] , params [ :password_confirmation ]
2007-11-24 02:23:39 +03:00
@custom_values = UserCustomField . find ( :all ) . collect { | x | CustomValue . new ( :custom_field = > x ,
:customized = > @user ,
:value = > ( params [ " custom_fields " ] ? params [ " custom_fields " ] [ x . id . to_s ] : nil ) ) }
@user . custom_values = @custom_values
2007-11-18 20:46:55 +03:00
case Setting . self_registration
when '1'
# Email activation
2007-03-12 20:59:02 +03:00
token = Token . new ( :user = > @user , :action = > " register " )
if @user . save and token . save
Mailer . deliver_register ( token )
flash [ :notice ] = l ( :notice_account_register_done )
2007-11-18 20:46:55 +03:00
redirect_to :action = > 'login'
end
when '3'
# Automatic activation
@user . status = User :: STATUS_ACTIVE
if @user . save
2008-06-09 22:59:15 +04:00
self . logged_user = @user
2007-11-18 20:46:55 +03:00
flash [ :notice ] = l ( :notice_account_activated )
2008-06-09 22:59:15 +04:00
redirect_to :controller = > 'my' , :action = > 'account'
2007-11-18 20:46:55 +03:00
end
else
# Manual activation by the administrator
if @user . save
# Sends an email to the administrators
Mailer . deliver_account_activation_request ( @user )
flash [ :notice ] = l ( :notice_account_pending )
redirect_to :action = > 'login'
2007-03-12 20:59:02 +03:00
end
end
end
end
2007-08-29 20:52:35 +04:00
2007-11-18 20:46:55 +03:00
# Token based account activation
def activate
redirect_to ( home_url ) && return unless Setting . self_registration? && params [ :token ]
token = Token . find_by_action_and_value ( 'register' , params [ :token ] )
redirect_to ( home_url ) && return unless token and ! token . expired?
user = token . user
redirect_to ( home_url ) && return unless user . status == User :: STATUS_REGISTERED
user . status = User :: STATUS_ACTIVE
if user . save
token . destroy
flash [ :notice ] = l ( :notice_account_activated )
end
redirect_to :action = > 'login'
end
2007-08-29 20:52:35 +04:00
private
def logged_user = ( user )
if user && user . is_a? ( User )
User . current = user
session [ :user_id ] = user . id
else
User . current = User . anonymous
session [ :user_id ] = nil
end
end
2006-06-28 22:11:03 +04:00
end