redmine/app/controllers/account_controller.rb

   1 # Redmine - project management software
   2 # Copyright (C) 2006-2009  Jean-Philippe Lang
   3 #
   4 # This program is free software; you can redistribute it and/or
   5 # modify it under the terms of the GNU General Public License
   6 # as published by the Free Software Foundation; either version 2
   7 # of the License, or (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program; if not, write to the Free Software
  16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  17
  18 class AccountController < ApplicationController
  19   helper :custom_fields
  20   include CustomFieldsHelper
  21
  22   # prevents login action to be filtered by check_if_login_required application scope filter
  23   skip_before_filter :check_if_login_required
  24
  25   # Login request and validation
  26   def login
  27     if request.get?
  28       # Logout user
  29       self.logged_user = nil
  30     else
  31       # Authenticate user
  32       if Setting.openid? && using_open_id?
  33         open_id_authenticate(params[:openid_url])
  34       else
  35         password_authentication
  36       end
  37     end
  38   end
  39
  40   # Log out current user and redirect to welcome page
  41   def logout
  42     cookies.delete :autologin
  43     Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin']) if User.current.logged?
  44     self.logged_user = nil
  45     redirect_to home_url
  46   end
  47
  48   # Enable user to choose a new password
  49   def lost_password
  50     redirect_to(home_url) && return unless Setting.lost_password?
  51     if params[:token]
  52       @token = Token.find_by_action_and_value("recovery", params[:token])
  53       redirect_to(home_url) && return unless @token and !@token.expired?
  54       @user = @token.user
  55       if request.post?
  56         @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
  57         if @user.save
  58           @token.destroy
  59           flash[:notice] = l(:notice_account_password_updated)
  60           redirect_to :action => 'login'
  61           return
  62         end
  63       end
  64       render :template => "account/password_recovery"
  65       return
  66     else
  67       if request.post?
  68         user = User.find_by_mail(params[:mail])
  69         # user not found in db
  70         (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
  71         # user uses an external authentification
  72         (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
  73         # create a new token for password recovery
  74         token = Token.new(:user => user, :action => "recovery")
  75         if token.save
  76           Mailer.deliver_lost_password(token)
  77           flash[:notice] = l(:notice_account_lost_email_sent)
  78           redirect_to :action => 'login'
  79           return
  80         end
  81       end
  82     end
  83   end
  84
  85   # User self-registration
  86   def register
  87     redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
  88     if request.get?
  89       session[:auth_source_registration] = nil
  90       @user = User.new(:language => Setting.default_language)
  91     else
  92       @user = User.new(params[:user])
  93       @user.admin = false
  94       @user.status = User::STATUS_REGISTERED
  95       if session[:auth_source_registration]
  96         @user.status = User::STATUS_ACTIVE
  97         @user.login = session[:auth_source_registration][:login]
  98         @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
  99         if @user.save
 100           session[:auth_source_registration] = nil
 101           self.logged_user = @user
 102           flash[:notice] = l(:notice_account_activated)
 103           redirect_to :controller => 'my', :action => 'account'
 104         end
 105       else
 106         @user.login = params[:user][:login]
 107         @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
 108
 109         case Setting.self_registration
 110         when '1'
 111           register_by_email_activation(@user)
 112         when '3'
 113           register_automatically(@user)
 114         else
 115           register_manually_by_administrator(@user)
 116         end
 117       end
 118     end
 119   end
 120
 121   # Token based account activation
 122   def activate
 123     redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
 124     token = Token.find_by_action_and_value('register', params[:token])
 125     redirect_to(home_url) && return unless token and !token.expired?
 126     user = token.user
 127     redirect_to(home_url) && return unless user.status == User::STATUS_REGISTERED
 128     user.status = User::STATUS_ACTIVE
 129     if user.save
 130       token.destroy
 131       flash[:notice] = l(:notice_account_activated)
 132     end
 133     redirect_to :action => 'login'
 134   end
 135
 136   private
 137
 138   def password_authentication
 139     user = User.try_to_login(params[:username], params[:password])
 140
 141     if user.nil?
 142       invalid_credentials
 143     elsif user.new_record?
 144       onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
 145     else
 146       # Valid user
 147       successful_authentication(user)
 148     end
 149   end
 150
 151
 152   def open_id_authenticate(openid_url)
 153     authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
 154       if result.successful?
 155         user = User.find_or_initialize_by_identity_url(identity_url)
 156         if user.new_record?
 157           # Self-registration off
 158           redirect_to(home_url) && return unless Setting.self_registration?
 159
 160           # Create on the fly
 161           user.login = registration['nickname'] unless registration['nickname'].nil?
 162           user.mail = registration['email'] unless registration['email'].nil?
 163           user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
 164           user.random_password
 165           user.status = User::STATUS_REGISTERED
 166
 167           case Setting.self_registration
 168           when '1'
 169             register_by_email_activation(user) do
 170               onthefly_creation_failed(user)
 171             end
 172           when '3'
 173             register_automatically(user) do
 174               onthefly_creation_failed(user)
 175             end
 176           else
 177             register_manually_by_administrator(user) do
 178               onthefly_creation_failed(user)
 179             end
 180           end
 181         else
 182           # Existing record
 183           if user.active?
 184             successful_authentication(user)
 185           else
 186             account_pending
 187           end
 188         end
 189       end
 190     end
 191   end
 192
 193   def successful_authentication(user)
 194     # Valid user
 195     self.logged_user = user
 196     # generate a key and set cookie if autologin
 197     if params[:autologin] && Setting.autologin?
 198       token = Token.create(:user => user, :action => 'autologin')
 199       cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
 200     end
 201     call_hook(:controller_account_success_authentication_after, {:user => user })
 202     redirect_back_or_default :controller => 'my', :action => 'page'
 203   end
 204
 205   # Onthefly creation failed, display the registration form to fill/fix attributes
 206   def onthefly_creation_failed(user, auth_source_options = { })
 207     @user = user
 208     session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
 209     render :action => 'register'
 210   end
 211
 212   def invalid_credentials
 213     flash.now[:error] = l(:notice_account_invalid_creditentials)
 214   end
 215
 216   # Register a user for email activation.
 217   #
 218   # Pass a block for behavior when a user fails to save
 219   def register_by_email_activation(user, &block)
 220     token = Token.new(:user => user, :action => "register")
 221     if user.save and token.save
 222       Mailer.deliver_register(token)
 223       flash[:notice] = l(:notice_account_register_done)
 224       redirect_to :action => 'login'
 225     else
 226       yield if block_given?
 227     end
 228   end
 229
 230   # Automatically register a user
 231   #
 232   # Pass a block for behavior when a user fails to save
 233   def register_automatically(user, &block)
 234     # Automatic activation
 235     user.status = User::STATUS_ACTIVE
 236     user.last_login_on = Time.now
 237     if user.save
 238       self.logged_user = user
 239       flash[:notice] = l(:notice_account_activated)
 240       redirect_to :controller => 'my', :action => 'account'
 241     else
 242       yield if block_given?
 243     end
 244   end
 245
 246   # Manual activation by the administrator
 247   #
 248   # Pass a block for behavior when a user fails to save
 249   def register_manually_by_administrator(user, &block)
 250     if user.save
 251       # Sends an email to the administrators
 252       Mailer.deliver_account_activation_request(user)
 253       account_pending
 254     else
 255       yield if block_given?
 256     end
 257   end
 258
 259   def account_pending
 260     flash[:notice] = l(:notice_account_pending)
 261     redirect_to :action => 'login'
 262   end
 263 end