Class: AccountController

Inherits:
ApplicationController
  • Object
show all
Defined in:
app/controllers/account_controller.rb

Overview

This class manages users inscription, login and logout

Instance Method Summary collapse

Instance Method Details

#check_keyObject 



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'app/controllers/account_controller.rb', line 134

def check_key
	if @user = User.authenticate_by_token(params[:user][:id], params[:key])
		#@user = User.find(:first, :conditions => "security_token = '#{params[:key]}'")
		@person = Person.find_by_name(@user.) if @user
		@person.email = @user.email
		@person.save
		flash.now[:notice] = "Email #{@person.email} verified."
		session[:person_id] = @person.id
		session[:person_name] = @person.name
		session[:user_id] = @user.id
		render :text => "<h1>Email verified!</h1> \
			<br/> \
			<a href='#{url_for :controller => 'elt', :id => nil }'>Back</a>",
				:layout => 'top'
	else
		render :text => "<h3>Sorry, no corresponding check key :-(</h3> \
				<br/> \
				<a href='#{url_for :controller => 'elt', :id => nil }'>Back</a>",
					:layout => 'top'
	end
end

#loginObject 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'app/controllers/account_controller.rb', line 5

def 
	# Cleaning up
	session[:person_id] = session[:person_name] = @person = session[:user_id] = @user = nil
	cookies.delete :person_name
	cookies.delete :salted_password

	 = params[:person][:name]
	email = params[:person][:email]
	password = params[:user][:password]

	@person = Person.find_by_name()
	@user = @person.user if @person

	# First we eventually create a new pseudo
	if not @person
		# Create the pseudo
		begin
			Person.transaction do
				@person = Person.new :id => .gsub(/\s/, '_'), :name => 
				if @person.save
					logger.info yellow { bold { "Person: #{@person.name}, id: #{@person.id}" } }
					flash.now[:notice]  = _("Pseudo recorded")
					session[:person_id] = @person.id
					session[:person_name] = @person.name
				else
					flash.now[:error] = _('Error creating account')
				end
			end
		rescue Exception => e 
			flash.now[:error] = _('Error creating account')
			logger.error red { e }
		end
	end

	# We record the password or try to authenticate
	if @person and @person.errors.empty?
		if password and password.empty?
			if not @user or not @user.salted_password \
				or @user.salted_password.empty?
				session[:person_id] = @person.id
				session[:person_name] = @person.name
			else
				flash.now[:error]  = _("This pseudo is protected with a password")
			end
		elsif not @user
			# Record password
			session[:person_id] = @person.id
			session[:person_name] = @person.name
			mngPassword
		elsif User.authenticate(, password)
			logger.info yellow { bold { "#{@person.name} logged in" } }
			# Authenticate
			session[:person_id] = @person.id
			session[:person_name] = @person.name
			session[:user_id] = @user.id if @user
		elsif email and not email.empty?
			# There is a check key, used to change the password
			begin
				User.transaction do
					if User.authenticate_by_token(@user.id, email)
						@user.change_password(password)
						@user.security_token = nil
						if @user.save
							logger.info yellow { "Person: #{@person.name} changed its password" }
							flash.now['notice 2']  = _('Password successfully modified!')
							session[:person_id] = @person.id
							session[:person_name] = @person.name
							session[:user_id] = @user.id if @user
						else
							@user.errors.each_full { |msg| logger.error msg }
						end
					end
				end
			rescue
				flash.now[:error] = _('Wrong check key')
			end
		else
			flash.now[:error]  = _("Wrong password")
		end

		# Record the email or send a check_key for a password reset
		if email and not email.empty?
			if session[:person_id]
				if email == @person.email
					flash.now['notice 3']  = _("Email already recorded and verified")
				else
					mngEmail
				end
			elsif email == @person.email
				# User protected by password and with the same email as entered
				key = @user.generate_security_token
				url =  url_for(:action => 'check_key')
				url += "?user[id]=#{@user.id}&key=#{key}"
				UserNotify::deliver_forgot_password(@user, url)
				flash.now['notice 3']  = "Email with a check key sent to #{email}"
			end
		end
	end

	# Record cookies for re authentication
	if session[:person_id]
		cookies[:person_name] = { :value => @person.name }
		cookies[:salted_password] = { :value => @user.salted_password } if @user

     @person. = Time.now
     @person.save
	end

	# To make sure the logout knows which elt's choices to update
	@elt = Elt.find(params[:elt]) if params[:elt]

	render :partial => 'show',
		:locals => { :choices => getAllVotes },
		:status => (session[:person_id] ? 200 : 403)
end

#logoutObject 



121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'app/controllers/account_controller.rb', line 121

def logout
	logger.info yellow { bold { "Bye bye" } }
	# Cleaning up
	session[:person_id] = session[:person_name] = @person = session[:user_id] = @user = nil
	cookies.delete :person_name
	cookies.delete :salted_password

	# To make sure the logout knows which elt's choices to update
	@elt = Elt.find(params[:elt]) if params[:elt]

	render :partial => 'show', :locals => { :choices => getAllVotes }
end

#setAvatarObject 



172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
 
# File 'app/controllers/account_controller.rb', line 172

def setAvatar
	return render(:text => _("Not logged in"), :status => 403) unless session[:person_id]

	@elt = Elt.find_by_id 'people'
	unless @elt
		@elt = Elt.new :parent_id => 'ROOT', :subject => 'people', :body => ''
		@elt.save!
		@elt.publish
	end
	@person = Person.find_by_id(session[:person_id])
	logger.info yellow { "Setting up an avatar for person #{@person.name}" }
	avatar = @elt.children.build :person => @person,
	 	:subject => params[:person][:image].original_filename,
	 	:body => ""
	avatar.save!
	att = avatar.attachments.build :file => params[:person][:image]
	att.save!

	avatar.publish

	@person.image = "/attachment/file/#{att.file_relative_path}"
	@person.save!

	responds_to_parent do
		render :update do |page|
			page << "$('person_avatar').src = '#{@person.image}';"
		end
	end
end

#setEmailObject 



164
165
166
167
168
169
170
 
# File 'app/controllers/account_controller.rb', line 164

def setEmail
	@person = Person.find_by_id(session[:person_id])
	@user = User.find_by_id(session[:user_id])
	logger.info yellow { "Person #{@person.name} set his email to #{params[:person][:email]}" }
	mngEmail
	render :partial => 'show'
end

#setPasswordObject 



156
157
158
159
160
161
162
 
# File 'app/controllers/account_controller.rb', line 156

def setPassword
	@person = Person.find_by_id(session[:person_id])
	@user = User.find_by_id(session[:user_id])
	logger.info yellow { "Person #{@person.name} sets/changes his password" }
	mngPassword
	render :partial => 'show'
end