Class: AccountController

Inherits:
UserController
  • Object
show all
Defined in:
app/controllers/account_controller.rb

Overview

This class manages users inscription, login and logout

Instance Method Summary collapse

Instance Method Details

#check_keyObject 



129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
 
# File 'app/controllers/account_controller.rb', line 129

def check_key
	if @user = User.authenticate_by_token(@params[:user][:id], @params[:key])
		#@user = User.find(:first, :conditions => "security_token = '#{params[:key]}'")
		@person = Person.find_by_name(@user.) if @user
		@person.email = @user.email
		@person.save
		flash.now[:notice] = "Email #{@person.email} verified."
		session[:person] = @person
		session[:user] = @user
		render :text => "<h1>Email verified!</h1> \
			<br/> \
			<a href='#{url_for :controller => 'elt', :action => 'show', :id => nil }'>\
				Back</a>",
			:layout => 'top'
	else
		render :text => "<h3>Sorry, no corresponding check key :-(</h3> \
				<br/> \
				<a href='#{url_for :controller => 'elt', :action => 'show', :id => nil }'>\
					Back</a>",
					:layout => 'top'
	end
end

#loginObject 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'app/controllers/account_controller.rb', line 8

def 
# Cleaning up
session[:person] = session[:user] = nil

 = @params[:person][:name]
email = @params[:person][:email]
password = @params[:user][:password]

@person = Person.find_by_name()
@user = User.() if @person

# First we eventually create a new pseudo
if not @person
	# Create the pseudo
	begin
		Person.transaction(@person) do
			@person = Person.new
			@person.name = 
			if @person.save
				logger.info "person: "+@person.to_s
				logger.info "person.id: "+@person.id.to_s
				flash.now[:notice]  = "Pseudo created"
				session[:person] = @person
			else
				flash.now[:error] = 'Error creating account'
			end
		end
	rescue Exception => e 
		flash.now[:error] = 'Error creating account'
		logger.error e
	end
end

if @person and @person.errors.empty?
	# Second we record the password or try to authenticate
	if password.empty?
		if not @user or not @user.salted_password \
			or @user.salted_password.empty?
			session[:person] = @person
		else
			flash.now[:error]  = "This pseudo is protected with a password"
		end
	elsif not @user
		@user = User.new()
		begin
			User.transaction(@user) do
				@user. = 
				@user.change_password(password)
				# To make sure even a non email protected user can use a password
				@user.email = +'@nomailyet'
				# This is a hack, to make sure this user can login even if he
				# didn't verify his email
				@user.verified = true
				if @user.save
					flash['notice 2'] = 'Password recorded'

					session[:person] = @person
					session[:user] = @user
				end
			end
		rescue
			flash.now[:error] = 'Error with password'
		end

	elsif User.authenticate(, password)
		# There is a password protecting this pseudo
		session[:person] = @person
		session[:user] = @user

	elsif not email.empty?
		begin
			User.transaction(@user) do
				if User.authenticate_by_token(@user.id, email)
					@user.change_password(password)
					@user.security_token = nil
					if @user.save
						flash.now['notice 2']  = 'Password successfully modified!'
						session[:person] = @person
						session[:user] = @user
					end
				end
			end
		rescue
			flash.now[:error] = 'Wrong check key'
		end
	else
		flash.now[:error]  = "Wrong password"
	end

	# Third we record the email or send a check_key for a password reset
	if not email.empty?
		if session[:person]
			if email == @person.email
				flash.now['notice 3']  = "Email already recorded and verified"
			else
				
			end

		elsif email == @person.email
			# User protected by password and with the same email as entered
        key = @user.generate_security_token
			url =  url_for(:action => 'check_key')
			url += "?user[id]=#{@user.id}&key=#{key}"
			UserNotify::deliver_forgot_password(@user, url)
			flash.now['notice 3']  = "Email with a check key sent to "+email
		end
	end
end

render :partial => 'show', :locals => {
	:divId => params[:divId], :choices => getAllVotes }
end

#logoutObject 



122
123
124
125
126
127
 
# File 'app/controllers/account_controller.rb', line 122

def logout
  session[:person] = @person = nil
  session[:user] = @user = nil
render :partial => 'show', :locals => {
	:divId => params[:divId], :choices => getAllVotes }
end