Class: AccountController
- Inherits:
-
UserController
- Object
- UserController
- AccountController
- Defined in:
- app/controllers/account_controller.rb
Overview
This class manages users inscription, login and logout
Instance Method Summary collapse
Instance Method Details
#check_key ⇒ Object
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
# File 'app/controllers/account_controller.rb', line 129 def check_key if @user = User.authenticate_by_token(@params[:user][:id], @params[:key]) #@user = User.find(:first, :conditions => "security_token = '#{params[:key]}'") @person = Person.find_by_name(@user.login) if @user @person.email = @user.email @person.save flash.now[:notice] = "Email #{@person.email} verified." session[:person] = @person session[:user] = @user render :text => "<h1>Email verified!</h1> \ <br/> \ <a href='#{url_for :controller => 'elt', :action => 'show', :id => nil }'>\ Back</a>", :layout => 'top' else render :text => "<h3>Sorry, no corresponding check key :-(</h3> \ <br/> \ <a href='#{url_for :controller => 'elt', :action => 'show', :id => nil }'>\ Back</a>", :layout => 'top' end end |
#login ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
# File 'app/controllers/account_controller.rb', line 8 def login # Cleaning up session[:person] = session[:user] = nil login = @params[:person][:name] email = @params[:person][:email] password = @params[:user][:password] @person = Person.find_by_name(login) @user = User.find_by_login(login) if @person # First we eventually create a new pseudo if not @person # Create the pseudo begin Person.transaction(@person) do @person = Person.new @person.name = login if @person.save logger.info "person: "+@person.to_s logger.info "person.id: "+@person.id.to_s flash.now[:notice] = "Pseudo created" session[:person] = @person else flash.now[:error] = 'Error creating account' end end rescue Exception => e flash.now[:error] = 'Error creating account' logger.error e end end if @person and @person.errors.empty? # Second we record the password or try to authenticate if password.empty? if not @user or not @user.salted_password \ or @user.salted_password.empty? session[:person] = @person else flash.now[:error] = "This pseudo is protected with a password" end elsif not @user @user = User.new() begin User.transaction(@user) do @user.login = login @user.change_password(password) # To make sure even a non email protected user can use a password @user.email = login+'@nomailyet' # This is a hack, to make sure this user can login even if he # didn't verify his email @user.verified = true if @user.save flash['notice 2'] = 'Password recorded' session[:person] = @person session[:user] = @user end end rescue flash.now[:error] = 'Error with password' end elsif User.authenticate(login, password) # There is a password protecting this pseudo session[:person] = @person session[:user] = @user elsif not email.empty? begin User.transaction(@user) do if User.authenticate_by_token(@user.id, email) @user.change_password(password) @user.security_token = nil if @user.save flash.now['notice 2'] = 'Password successfully modified!' session[:person] = @person session[:user] = @user end end end rescue flash.now[:error] = 'Wrong check key' end else flash.now[:error] = "Wrong password" end # Third we record the email or send a check_key for a password reset if not email.empty? if session[:person] if email == @person.email flash.now['notice 3'] = "Email already recorded and verified" else signup end elsif email == @person.email # User protected by password and with the same email as entered key = @user.generate_security_token url = url_for(:action => 'check_key') url += "?user[id]=#{@user.id}&key=#{key}" UserNotify::deliver_forgot_password(@user, url) flash.now['notice 3'] = "Email with a check key sent to "+email end end end render :partial => 'show', :locals => { :divId => params[:divId], :choices => getAllVotes } end |
#logout ⇒ Object
122 123 124 125 126 127 |
# File 'app/controllers/account_controller.rb', line 122 def logout session[:person] = @person = nil session[:user] = @user = nil render :partial => 'show', :locals => { :divId => params[:divId], :choices => getAllVotes } end |