Class: UsersController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• UsersController

Defined in:

app/controllers/users_controller.rb

Constant Summary

MAX_RECENT_SEARCHES =

5

SEARCH_USERS_LIMIT =

50

BOOKMARKS_LIMIT =

20

USER_MENU_LIST_LIMIT =

20

Constants inherited from ApplicationController

ApplicationController::LEGACY_NO_THEMES, ApplicationController::LEGACY_NO_UNOFFICIAL_PLUGINS, ApplicationController::NO_PLUGINS, ApplicationController::NO_THEMES, ApplicationController::NO_UNOFFICIAL_PLUGINS, ApplicationController::SAFE_MODE

Constants included from CanonicalURL::ControllerExtensions

CanonicalURL::ControllerExtensions::ALLOWED_CANONICAL_PARAMS

Instance Attribute Summary

Attributes inherited from ApplicationController

#theme_id

Instance Method Summary

• #account_created ⇒ Object
• #activate_account ⇒ Object
• #admin_login ⇒ Object
• #badge_title ⇒ Object
• #badges ⇒ Object
• #bookmarks ⇒ Object
• #cards ⇒ Object

  This route is not used in core, but is used by theme components (e.g. meta.discourse.org/t/144479).

• #changing_case_of_own_username(target_user, username) ⇒ Object
• #check_email ⇒ Object
• #check_emails ⇒ Object
• #check_sso_email ⇒ Object
• #check_sso_payload ⇒ Object
• #check_username ⇒ Object

  Used for checking availability of a username and will return suggestions if the username is not available.

• #clear_featured_topic ⇒ Object
• #confirm_admin ⇒ Object
• #confirm_email_token ⇒ Object
• #create ⇒ Object
• #create_second_factor_backup ⇒ Object
• #create_second_factor_security_key ⇒ Object
• #create_second_factor_totp ⇒ Object
• #destroy ⇒ Object
• #destroy_email ⇒ Object
• #destroy_user_image ⇒ Object
• #disable_second_factor ⇒ Object
• #email_login ⇒ Object
• #enable_second_factor_totp ⇒ Object
• #feature_topic ⇒ Object
• #index ⇒ Object
• #invited ⇒ Object
• #list_second_factors ⇒ Object
• #logon_after_password_reset ⇒ Object
• #my_redirect ⇒ Object
• #notification_level ⇒ Object
• #password_reset_show ⇒ Object
• #password_reset_update ⇒ Object
• #perform_account_activation ⇒ Object
• #pick_avatar ⇒ Object
• #preferences ⇒ Object
• #private_message_topic_tracking_state ⇒ Object
• #profile_hidden ⇒ Object
• #read_faq ⇒ Object
• #recent_searches ⇒ Object
• #register_second_factor_security_key ⇒ Object
• #render_available_true ⇒ Object
• #reset_recent_searches ⇒ Object
• #revoke_account ⇒ Object
• #revoke_auth_token ⇒ Object
• #search_users ⇒ Object
• #second_factor_check_confirmed_password ⇒ Object
• #select_avatar ⇒ Object
• #send_activation_email ⇒ Object
• #show(for_card: false) ⇒ Object
• #show_card ⇒ Object
• #staff_info ⇒ Object
• #summary ⇒ Object
• #toggle_anon ⇒ Object
• #topic_tracking_state ⇒ Object
• #update ⇒ Object
• #update_activation_email ⇒ Object
• #update_primary_email ⇒ Object
• #update_second_factor ⇒ Object
• #update_security_key ⇒ Object
• #user_from_params_or_current_user ⇒ Object
• #user_menu_bookmarks ⇒ Object
• #user_menu_messages ⇒ Object
• #username ⇒ Object

Methods inherited from ApplicationController

#application_layout, #can_cache_content?, #clear_notifications, #conditionally_allow_site_embedding, #current_homepage, #discourse_expires_in, #dont_cache_page, #ember_cli_required?, #fetch_user_from_params, #guardian, #handle_permalink, #handle_theme, #handle_unverified_request, #has_escaped_fragment?, #immutable_for, #no_cookies, #perform_refresh_session, #post_ids_including_replies, #preload_json, #rate_limit_second_factor!, #redirect_with_client_support, #render_json_dump, #render_serialized, requires_plugin, #rescue_discourse_actions, #resolve_safe_mode, #secure_session, #serialize_data, #set_current_user_for_logs, #set_layout, #set_mobile_view, #set_mp_snapshot_fields, #show_browser_update?, #store_preloaded, #use_crawler_layout?, #with_resolved_locale

Methods included from VaryHeader

#ensure_vary_header

Methods included from ReadOnlyMixin

#add_readonly_header, #allowed_in_staff_writes_only_mode?, #block_if_readonly_mode, #check_readonly_mode, included, #staff_writes_only_mode?

Methods included from Hijack

#hijack

Methods included from GlobalPath

#cdn_path, #cdn_relative_path, #full_cdn_url, #path, #upload_cdn_path

Methods included from JsonError

#create_errors_json

Methods included from CanonicalURL::ControllerExtensions

#canonical_url, #default_canonical, included

Methods included from CurrentUser

#clear_current_user, #current_user, has_auth_cookie?, #is_api?, #is_user_api?, #log_off_user, #log_on_user, lookup_from_env, #refresh_session

Instance Method Details

#account_created ⇒ Object

# File 'app/controllers/users_controller.rb', line 1048

def account_created
  if current_user.present?
    if SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
      return redirect_to(session_sso_provider_url + "?" + payload)
    elsif destination_url = cookies.delete(:destination_url)
      return redirect_to(destination_url, allow_other_host: true)
    else
      return redirect_to(path("/"))
    end
  end

  @custom_body_class = "static-account-created"
  @message = session["user_created_message"] || I18n.t("activation.missing_session")
  @account_created = { message: @message, show_controls: false }

  if session_user_id = session[SessionController::ACTIVATE_USER_KEY]
    if user = User.where(id: session_user_id.to_i).first
      @account_created[:username] = user.username
      @account_created[:email] = user.email
      @account_created[:show_controls] = !user.from_staged?
    end
  end

  store_preloaded("accountCreated", MultiJson.dump(@account_created))
  expires_now

  respond_to do |format|
    format.html { render "default/empty" }
    format.json { render json: success_json }
  end
end

#activate_account ⇒ Object

# File 'app/controllers/users_controller.rb', line 1080

def activate_account
  expires_now
  render layout: "no_ember"
end

#admin_login ⇒ Object

# File 'app/controllers/users_controller.rb', line 967

def admin_login
  return redirect_to(path("/")) if current_user

  if request.put? && params[:email].present?
    RateLimiter.new(nil, "admin-login-hr-#{request.remote_ip}", 6, 1.hour).performed!
    RateLimiter.new(nil, "admin-login-min-#{request.remote_ip}", 3, 1.minute).performed!

    if user = User.with_email(params[:email]).admins.human_users.first
      email_token =
        user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:email_login])
      token_string = email_token.token
      token_string += "?safe_mode=no_plugins,no_themes" if params["use_safe_mode"]
      Jobs.enqueue(
        :critical_user_email,
        type: "admin_login",
        user_id: user.id,
        email_token: token_string,
      )
      @message = I18n.t("admin_login.success")
    else
      @message = I18n.t("admin_login.errors.unknown_email_address")
    end
  end

  render layout: "no_ember"
rescue RateLimiter::LimitExceeded
  @message = I18n.t("rate_limiter.slow_down")
  render layout: "no_ember"
end

#badge_title ⇒ Object

# File 'app/controllers/users_controller.rb', line 423

def badge_title
  params.require(:user_badge_id)

  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  user_badge = UserBadge.find_by(id: params[:user_badge_id])
  previous_title = user.title
  if user_badge && user_badge.user == user && user_badge.badge.allow_title?
    user.title = user_badge.badge.display_name
    user.save!

    log_params = {
      details: "title matching badge id #{user_badge.badge.id}",
      previous_value: previous_title,
      new_value: user.title,
    }

    if current_user.staff? && current_user != user
      StaffActionLogger.new(current_user).log_title_change(user, log_params)
    else
      UserHistory.create!(
        log_params.merge(target_user_id: user.id, action: UserHistory.actions[:change_title]),
      )
    end
  else
    user.title = ""
    user.save!

    log_params = { previous_value: previous_title }

    if current_user.staff? && current_user != user
      StaffActionLogger.new(current_user).log_title_revoke(
        user,
        log_params.merge(
          revoke_reason: "user title was same as revoked badge name or custom badge name",
        ),
      )
    else
      UserHistory.create!(
        log_params.merge(target_user_id: user.id, action: UserHistory.actions[:revoke_title]),
      )
    end
  end

  render body: nil
end

#badges ⇒ Object

Raises:

• (Discourse::NotFound)

# File 'app/controllers/users_controller.rb', line 191

def badges
  raise Discourse::NotFound unless SiteSetting.enable_badges?
  show
end

#bookmarks ⇒ Object

# File 'app/controllers/users_controller.rb', line 1756

def bookmarks
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)
  user_guardian = Guardian.new(user)

  respond_to do |format|
    format.json do
      bookmark_list =
        UserBookmarkList.new(
          user: user,
          guardian: guardian,
          search_term: params[:q],
          page: params[:page],
          per_page: fetch_limit_from_params(default: nil, max: BOOKMARKS_LIMIT),
        )

      bookmark_list.load

      if bookmark_list.bookmarks.empty?
        render json: { bookmarks: [] }
      else
        page = params[:page].to_i + 1
        bookmark_list.more_bookmarks_url =
          "#{Discourse.base_path}/u/#{params[:username]}/bookmarks.json?page=#{page}"
        render_serialized(bookmark_list, UserBookmarkListSerializer)
      end
    end
    format.ics do
      @bookmark_reminders =
        Bookmark
          .with_reminders
          .where(user_id: user.id)
          .order(:reminder_at)
          .map do |bookmark|
            bookmark.registered_bookmarkable.serializer.new(
              bookmark,
              scope: user_guardian,
              root: false,
            )
          end
    end
  end
end

#cards ⇒ Object

This route is not used in core, but is used by theme components (e.g. meta.discourse.org/t/144479)

Raises:

• (Discourse::InvalidParameters)

# File 'app/controllers/users_controller.rb', line 159

def cards
  if SiteSetting.hide_user_profiles_from_public && !current_user
    raise Discourse::NotFound.new(custom_message: "invalid_access", status: 403)
  end

  user_ids = params.require(:user_ids).split(",").map(&:to_i)
  raise Discourse::InvalidParameters.new(:user_ids) if user_ids.length > 50

  users =
    User.where(id: user_ids).includes(
      :user_option,
      :user_stat,
      :default_featured_user_badges,
      :user_profile,
      :card_background_upload,
      :primary_group,
      :flair_group,
      :primary_email,
      :user_status,
    )

  users = users.filter { |u| guardian.can_see_profile?(u) }

  preload_fields =
    User.allowed_user_custom_fields(guardian) +
      UserField.all.pluck(:id).map { |fid| "#{User::USER_FIELD_PREFIX}#{fid}" }
  User.preload_custom_fields(users, preload_fields)
  User.preload_recent_time_read(users)

  render json: users, each_serializer: UserCardSerializer
end

#changing_case_of_own_username(target_user, username) ⇒ Object

# File 'app/controllers/users_controller.rb', line 587

def changing_case_of_own_username(target_user, username)
  target_user && username.downcase == (target_user.username.downcase)
end

#check_email ⇒ Object

# File 'app/controllers/users_controller.rb', line 610

def check_email
  begin
    RateLimiter.new(nil, "check-email-#{request.remote_ip}", 10, 1.minute).performed!
  rescue RateLimiter::LimitExceeded
    return render json: success_json
  end

  email = Email.downcase((params[:email] || "").strip)

  return render json: success_json if email.blank? || SiteSetting.hide_email_address_taken?

  if !EmailAddressValidator.valid_value?(email)
    error = User.new.errors.full_message(:email, I18n.t(:"user.email.invalid"))
    return render json: failed_json.merge(errors: [error])
  end

  if !EmailValidator.allowed?(email)
    error = User.new.errors.full_message(:email, I18n.t(:"user.email.not_allowed"))
    return render json: failed_json.merge(errors: [error])
  end

  if ScreenedEmail.should_block?(email)
    error = User.new.errors.full_message(:email, I18n.t(:"user.email.blocked"))
    return render json: failed_json.merge(errors: [error])
  end

  if User.where(staged: false).find_by_email(email).present?
    error = User.new.errors.full_message(:email, I18n.t(:"errors.messages.taken"))
    return render json: failed_json.merge(errors: [error])
  end

  render json: success_json
end

#check_emails ⇒ Object

# File 'app/controllers/users_controller.rb', line 284

def check_emails
  user = fetch_user_from_params(include_inactive: true)

  unless user == current_user
    guardian.ensure_can_check_emails!(user)
    StaffActionLogger.new(current_user).log_check_email(user, context: params[:context])
  end

  email, *secondary_emails = user.emails
  unconfirmed_emails = user.unconfirmed_emails

  render json: {
           email: email,
           secondary_emails: secondary_emails,
           unconfirmed_emails: unconfirmed_emails,
           associated_accounts: user.associated_accounts,
         }
rescue Discourse::InvalidAccess
  render json: failed_json, status: 403
end

#check_sso_email ⇒ Object

# File 'app/controllers/users_controller.rb', line 305

def check_sso_email
  user = fetch_user_from_params(include_inactive: true)

  unless user == current_user
    guardian.ensure_can_check_sso_details!(user)
    StaffActionLogger.new(current_user).log_check_email(user, context: params[:context])
  end

  email = user&.single_sign_on_record&.external_email
  email = I18n.t("user.email.does_not_exist") if email.blank?

  render json: { email: email }
rescue Discourse::InvalidAccess
  render json: failed_json, status: 403
end

#check_sso_payload ⇒ Object

# File 'app/controllers/users_controller.rb', line 321

def check_sso_payload
  user = fetch_user_from_params(include_inactive: true)

  guardian.ensure_can_check_sso_details!(user)
  unless user == current_user
    StaffActionLogger.new(current_user).log_check_email(user, context: params[:context])
  end

  payload = user&.single_sign_on_record&.last_payload
  payload = I18n.t("user.email.does_not_exist") if payload.blank?

  render json: { payload: payload }
rescue Discourse::InvalidAccess
  render json: failed_json, status: 403
end

#check_username ⇒ Object

Used for checking availability of a username and will return suggestions if the username is not available.

# File 'app/controllers/users_controller.rb', line 593

def check_username
  if !params[:username].present?
    params.require(:username) if !params[:email].present?
    return render(json: success_json)
  end
  username = params[:username]&.unicode_normalize

  target_user = user_from_params_or_current_user

  # The special case where someone is changing the case of their own username
  return render_available_true if changing_case_of_own_username(target_user, username)

  checker = UsernameCheckerService.new
  email = params[:email] || target_user.try(:email)
  render json: checker.check_username(username, email)
end

#clear_featured_topic ⇒ Object

# File 'app/controllers/users_controller.rb', line 1747

def clear_featured_topic
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)
  user.user_profile.update(featured_topic_id: nil)
  render json: success_json
end

#confirm_admin ⇒ Object

Raises:

• (Discourse::NotFound)

# File 'app/controllers/users_controller.rb', line 1474

def confirm_admin
  @confirmation = AdminConfirmation.find_by_code(params[:token])

  raise Discourse::NotFound unless @confirmation
  unless @confirmation.performed_by.id == (current_user&.id || @confirmation.performed_by.id)
    raise Discourse::InvalidAccess.new
  end

  if request.post?
    @confirmation.email_confirmed!
    @confirmed = true
  end

  respond_to do |format|
    format.json { render json: success_json }
    format.html { render layout: "no_ember" }
  end
end

#confirm_email_token ⇒ Object

# File 'app/controllers/users_controller.rb', line 947

def confirm_email_token
  expires_now
  EmailToken.confirm(params[:token], scope: EmailToken.scopes[:signup])
  render json: success_json
end

#create ⇒ Object

# File 'app/controllers/users_controller.rb', line 648

def create
  params.require(:email)
  params.require(:username)
  params.require(:invite_code) if SiteSetting.require_invite_code
  params.permit(:user_fields)
  params.permit(:external_ids)

  return fail_with("login.new_registrations_disabled") unless SiteSetting.allow_new_registrations

  if params[:password] && params[:password].length > User.max_password_length
    return fail_with("login.password_too_long")
  end

  return fail_with("login.email_too_long") if params[:email].length > 254 + 1 + 253

  if SiteSetting.require_invite_code &&
       SiteSetting.invite_code.strip.downcase != params[:invite_code].strip.downcase
    return fail_with("login.wrong_invite_code")
  end

  if clashing_with_existing_route?(params[:username]) ||
       User.reserved_username?(params[:username])
    return fail_with("login.reserved_username")
  end

  params[:locale] ||= I18n.locale unless current_user

  new_user_params = user_params.except(:timezone)

  user = User.where(staged: true).with_email(new_user_params[:email].strip.downcase).first

  if user
    user.active = false
    user.unstage!
  end

  user ||= User.new
  user.attributes = new_user_params

  # Handle API approval and
  # auto approve users based on auto_approve_email_domains setting
  if user.approved? || EmailValidator.can_auto_approve_user?(user.email)
    ReviewableUser.set_approved_fields!(user, current_user)
  end

  # Handle custom fields
  user_fields = UserField.all
  if user_fields.present?
    field_params = params[:user_fields] || {}
    fields = user.custom_fields

    user_fields.each do |f|
      field_val = field_params[f.id.to_s]
      if field_val.blank?
        return fail_with("login.missing_user_field") if f.required?
      else
        fields["#{User::USER_FIELD_PREFIX}#{f.id}"] = field_val[0...UserField.max_length]
      end
    end

    user.custom_fields = fields
  end

  # Handle associated accounts
  associations = []
  if params[:external_ids]&.is_a?(ActionController::Parameters) && current_user&.admin? && is_api?
    params[:external_ids].each do |provider_name, provider_uid|
      authenticator = Discourse.enabled_authenticators.find { |a| a.name == provider_name }
      raise Discourse::InvalidParameters.new(:external_ids) if !authenticator&.is_managed?

      association =
        UserAssociatedAccount.find_or_initialize_by(
          provider_name: provider_name,
          provider_uid: provider_uid,
        )
      associations << association
    end
  end

  authentication = UserAuthenticator.new(user, session)

  if !authentication.has_authenticator? && !SiteSetting.enable_local_logins &&
       !(current_user&.admin? && is_api?)
    return render body: nil, status: :forbidden
  end

  authentication.start

  if authentication.email_valid? && !authentication.authenticated?
    # posted email is different that the already validated one?
    return fail_with("login.incorrect_username_email_or_password")
  end

  activation = UserActivator.new(user, request, session, cookies)
  activation.start

  # just assign a password if we have an authenticator and no password
  # this is the case for Twitter
  user.password = SecureRandom.hex if user.password.blank? &&
    (authentication.has_authenticator? || associations.present?)

  if user.save
    authentication.finish
    activation.finish
    associations.each { |a| a.update!(user: user) }
    user.update_timezone_if_missing(params[:timezone])

    secure_session[HONEYPOT_KEY] = nil
    secure_session[CHALLENGE_KEY] = nil

    # save user email in session, to show on account-created page
    session["user_created_message"] = activation.message
    session[SessionController::ACTIVATE_USER_KEY] = user.id

    # If the user was created as active this will
    # ensure their email is confirmed and
    # add them to the review queue if they need to be approved
    user.activate if user.active?

    render json: { success: true, active: user.active?, message: activation.message }.merge(
             SiteSetting.hide_email_address_taken ? {} : { user_id: user.id },
           )
  elsif SiteSetting.hide_email_address_taken &&
        user.errors[:primary_email]&.include?(I18n.t("errors.messages.taken"))
    session["user_created_message"] = activation.success_message

    existing_user = User.find_by_email(user.primary_email&.email)
    if !existing_user && SiteSetting.normalize_emails
      existing_user =
        UserEmail.find_by_normalized_email(user.primary_email&.normalized_email)&.user
    end
    if existing_user
      Jobs.enqueue(:critical_user_email, type: "account_exists", user_id: existing_user.id)
    end

    render json: { success: true, active: false, message: activation.success_message }
  else
    errors = user.errors.to_hash
    errors[:email] = errors.delete(:primary_email) if errors[:primary_email]

    render json: {
             success: false,
             message: I18n.t("login.errors", errors: user.errors.full_messages.join("\n")),
             errors: errors,
             values: {
               name: user.name,
               username: user.username,
               email: user.primary_email&.email,
             },
             is_developer: UsernameCheckerService.is_developer?(user.email),
           }
  end
rescue ActiveRecord::StatementInvalid
  render json: { success: false, message: I18n.t("login.something_already_taken") }
end

#create_second_factor_backup ⇒ Object

# File 'app/controllers/users_controller.rb', line 1537

def create_second_factor_backup
  backup_codes = current_user.generate_backup_codes

  render json: success_json.merge(backup_codes: backup_codes)
end

#create_second_factor_security_key ⇒ Object

# File 'app/controllers/users_controller.rb', line 1557

def create_second_factor_security_key
  if current_user.all_security_keys.count >= UserSecurityKey::MAX_KEYS_PER_USER
    render_json_error(I18n.t("login.too_many_security_keys"), status: 422)
    return
  end

  challenge_session = DiscourseWebauthn.stage_challenge(current_user, secure_session)
  render json:
           success_json.merge(
             challenge: challenge_session.challenge,
             rp_id: DiscourseWebauthn.rp_id,
             rp_name: DiscourseWebauthn.rp_name,
             supported_algorithms: ::DiscourseWebauthn::SUPPORTED_ALGORITHMS,
             user_secure_id: current_user.create_or_fetch_secure_identifier,
             existing_active_credential_ids:
               current_user.second_factor_security_key_credential_ids,
           )
end

#create_second_factor_totp ⇒ Object

# File 'app/controllers/users_controller.rb', line 1543

def create_second_factor_totp
  require "rotp" if !defined?(ROTP)
  totp_data = ROTP::Base32.random
  secure_session["staged-totp-#{current_user.id}"] = totp_data
  qrcode_png =
    RQRCode::QRCode.new(current_user.totp_provisioning_uri(totp_data)).as_png(
      border_modules: 1,
      size: 240,
    )

  render json:
           success_json.merge(key: totp_data.scan(/.{4}/).join(" "), qr: qrcode_png.to_data_url)
end

#destroy ⇒ Object

# File 'app/controllers/users_controller.rb', line 1362

def destroy
  @user = fetch_user_from_params
  guardian.ensure_can_delete_user!(@user)

  UserDestroyer.new(current_user).destroy(@user, delete_posts: true, context: params[:context])

  render json: success_json
end

#destroy_email ⇒ Object

# File 'app/controllers/users_controller.rb', line 370

def destroy_email
  return render json: failed_json, status: 410 if !SiteSetting.enable_secondary_emails

  params.require(:email)

  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  ActiveRecord::Base.transaction do
    if change_requests = user.email_change_requests.where(new_email: params[:email]).presence
      change_requests.destroy_all
    elsif user.user_emails.where(email: params[:email], primary: false).destroy_all.present?
      DiscourseEvent.trigger(:user_updated, user)
    else
      return render json: failed_json, status: 428
    end

    if current_user.staff? && current_user != user
      StaffActionLogger.new(current_user).log_destroy_email(user)
    else
      UserHistory.create(action: UserHistory.actions[:destroy_email], acting_user_id: user.id)
    end
  end

  render json: success_json
end

#destroy_user_image ⇒ Object

# File 'app/controllers/users_controller.rb', line 1346

def destroy_user_image
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  case params.require(:type)
  when "profile_background"
    user.user_profile.clear_profile_background
  when "card_background"
    user.user_profile.clear_card_background
  else
    raise Discourse::InvalidParameters.new(:type)
  end

  render json: success_json
end

#disable_second_factor ⇒ Object

# File 'app/controllers/users_controller.rb', line 1631

def disable_second_factor
  # delete all second factors for a user
  current_user.user_second_factors.destroy_all
  current_user.security_keys.destroy_all

  Jobs.enqueue(
    :critical_user_email,
    type: "account_second_factor_disabled",
    user_id: current_user.id,
  )

  render json: success_json
end

#email_login ⇒ Object

# File 'app/controllers/users_controller.rb', line 997

def email_login
  raise Discourse::NotFound if !SiteSetting.enable_local_logins_via_email
  return redirect_to path("/") if current_user

  expires_now
  params.require(:login)

  RateLimiter.new(nil, "email-login-hour-#{request.remote_ip}", 6, 1.hour).performed!
  RateLimiter.new(nil, "email-login-min-#{request.remote_ip}", 3, 1.minute).performed!
  user = User.human_users.find_by_username_or_email(params[:login])
  user_presence = user.present? && !user.staged

  if user
    RateLimiter.new(nil, "email-login-hour-#{user.id}", 6, 1.hour).performed!
    RateLimiter.new(nil, "email-login-min-#{user.id}", 3, 1.minute).performed!

    if user_presence
      DiscourseEvent.trigger(:before_email_login, user)

      email_token =
        user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:email_login])

      Jobs.enqueue(
        :critical_user_email,
        type: "email_login",
        user_id: user.id,
        email_token: email_token.token,
      )
    end
  end

  json = success_json
  json[:hide_taken] = SiteSetting.hide_email_address_taken
  json[:user_found] = user_presence unless SiteSetting.hide_email_address_taken
  render json: json
rescue RateLimiter::LimitExceeded
  render_json_error(I18n.t("rate_limiter.slow_down"))
end

#enable_second_factor_totp ⇒ Object

# File 'app/controllers/users_controller.rb', line 1603

def enable_second_factor_totp
  if params[:second_factor_token].blank?
    return render json: failed_json.merge(error: I18n.t("login.missing_second_factor_code"))
  end
  if params[:name].blank?
    return render json: failed_json.merge(error: I18n.t("login.missing_second_factor_name"))
  end
  auth_token = params[:second_factor_token]

  totp_data = secure_session["staged-totp-#{current_user.id}"]
  totp_object = current_user.get_totp_object(totp_data)

  rate_limit_second_factor!(current_user)

  authenticated =
    !auth_token.blank? &&
      totp_object.verify(
        auth_token,
        drift_ahead: SecondFactorManager::TOTP_ALLOWED_DRIFT_SECONDS,
        drift_behind: SecondFactorManager::TOTP_ALLOWED_DRIFT_SECONDS,
      )
  unless authenticated
    return render json: failed_json.merge(error: I18n.t("login.invalid_second_factor_code"))
  end
  current_user.create_totp(data: totp_data, name: params[:name], enabled: true)
  render json: success_json
end

#feature_topic ⇒ Object

# File 'app/controllers/users_controller.rb', line 1730

def feature_topic
  user = fetch_user_from_params
  topic = Topic.find(params[:topic_id].to_i)

  if !guardian.can_feature_topic?(user, topic)
    return(
      render_json_error(
        I18n.t("activerecord.errors.models.user_profile.attributes.featured_topic_id.invalid"),
        403,
      )
    )
  end

  user.user_profile.update(featured_topic_id: topic.id)
  render json: success_json
end

#index ⇒ Object

# File 'app/controllers/users_controller.rb', line 105

def index
end

#invited ⇒ Object

# File 'app/controllers/users_controller.rb', line 519

def invited
  if guardian.can_invite_to_forum?
    filter = params[:filter] || "redeemed"
    inviter =
      fetch_user_from_params(
        include_inactive: current_user.staff? || SiteSetting.show_inactive_accounts,
      )

    invites =
      if filter == "pending" && guardian.can_see_invite_details?(inviter)
        Invite.includes(:topics, :groups).pending(inviter)
      elsif filter == "expired"
        Invite.expired(inviter)
      elsif filter == "redeemed"
        Invite.redeemed_users(inviter)
      else
        Invite.none
      end

    invites = invites.offset(params[:offset].to_i || 0).limit(SiteSetting.invites_per_page)

    show_emails = guardian.can_see_invite_emails?(inviter)
    if params[:search].present? && invites.present?
      filter_sql = "(LOWER(users.username) LIKE :filter)"
      filter_sql =
        "(LOWER(invites.email) LIKE :filter) or (LOWER(users.username) LIKE :filter)" if show_emails
      invites = invites.where(filter_sql, filter: "%#{params[:search].downcase}%")
    end

    pending_count = Invite.pending(inviter).reorder(nil).count.to_i
    expired_count = Invite.expired(inviter).reorder(nil).count.to_i
    redeemed_count = Invite.redeemed_users(inviter).reorder(nil).count.to_i

    render json:
             MultiJson.dump(
               InvitedSerializer.new(
                 OpenStruct.new(
                   invite_list: invites.to_a,
                   show_emails: show_emails,
                   inviter: inviter,
                   type: filter,
                   counts: {
                     pending: pending_count,
                     expired: expired_count,
                     redeemed: redeemed_count,
                     total: pending_count + expired_count,
                   },
                 ),
                 scope: guardian,
                 root: false,
               ),
             )
  elsif current_user&.staff?
    message =
      if SiteSetting.enable_discourse_connect
        I18n.t("invite.disabled_errors.discourse_connect_enabled")
      end

    render_invite_error(message)
  else
    render_json_error(I18n.t("invite.disabled_errors.invalid_access"))
  end
end

#list_second_factors ⇒ Object

# File 'app/controllers/users_controller.rb', line 1493

def list_second_factors
  if SiteSetting.enable_discourse_connect || !SiteSetting.enable_local_logins
    raise Discourse::NotFound
  end

  unless params[:password].empty?
    RateLimiter.new(
      nil,
      "login-hr-#{request.remote_ip}",
      SiteSetting.max_logins_per_ip_per_hour,
      1.hour,
    ).performed!
    RateLimiter.new(
      nil,
      "login-min-#{request.remote_ip}",
      SiteSetting.max_logins_per_ip_per_minute,
      1.minute,
    ).performed!
    unless current_user.confirm_password?(params[:password])
      return render json: failed_json.merge(error: I18n.t("login.incorrect_password"))
    end
    confirm_secure_session
  end

  if secure_session_confirmed?
    totp_second_factors =
      current_user
        .totps
        .select(:id, :name, :last_used, :created_at, :method)
        .where(enabled: true)
        .order(:created_at)

    security_keys =
      current_user
        .security_keys
        .where(factor_type: UserSecurityKey.factor_types[:second_factor])
        .order(:created_at)

    render json: success_json.merge(totps: totp_second_factors, security_keys: security_keys)
  else
    render json: success_json.merge(password_required: true)
  end
end

#logon_after_password_reset ⇒ Object

# File 'app/controllers/users_controller.rb', line 953

def logon_after_password_reset
  message =
    if Guardian.new(@user).can_access_forum?
      # Log in the user
      log_on_user(@user)
      "password_reset.success"
    else
      @requires_approval = true
      "password_reset.success_unapproved"
    end

  @success = I18n.t(message)
end

#my_redirect ⇒ Object

Raises:

• (Discourse::NotFound)

# File 'app/controllers/users_controller.rb', line 475

def my_redirect
  raise Discourse::NotFound if params[:path] !~ %r{\A[a-z_\-/]+\z}

  if current_user.blank?
    cookies[:destination_url] = path("/my/#{params[:path]}")
    redirect_to path("/login-preferences")
  else
    redirect_to(path("/u/#{current_user.encoded_username}/#{params[:path]}"))
  end
end

#notification_level ⇒ Object

# File 'app/controllers/users_controller.rb', line 1371

def notification_level
  target_user = fetch_user_from_params
  acting_user = current_user

  # the admin should be able to change notification levels
  # on behalf of other users, so we cannot rely on current_user
  # for this case
  if params[:acting_user_id].present? && params[:acting_user_id].to_i != current_user.id
    if current_user.staff?
      acting_user = User.find(params[:acting_user_id])
    else
      @error_message = "error"
      raise Discourse::InvalidAccess
    end
  end

  if params[:notification_level] == "ignore"
    @error_message = "ignore_error"
    guardian.ensure_can_ignore_user!(target_user)
    MutedUser.where(user: acting_user, muted_user: target_user).delete_all
    ignored_user = IgnoredUser.find_by(user: acting_user, ignored_user: target_user)
    if ignored_user.present?
      ignored_user.update(expiring_at: DateTime.parse(params[:expiring_at]))
    else
      IgnoredUser.create!(
        user: acting_user,
        ignored_user: target_user,
        expiring_at: Time.parse(params[:expiring_at]),
      )
    end
  elsif params[:notification_level] == "mute"
    @error_message = "mute_error"
    guardian.ensure_can_mute_user!(target_user)
    IgnoredUser.where(user: acting_user, ignored_user: target_user).delete_all
    MutedUser.find_or_create_by!(user: acting_user, muted_user: target_user)
  elsif params[:notification_level] == "normal"
    MutedUser.where(user: acting_user, muted_user: target_user).delete_all
    IgnoredUser.where(user: acting_user, ignored_user: target_user).delete_all
  else
    return(
      render_json_error(
        I18n.t("notification_level.invalid_value", value: params[:notification_level]),
      )
    )
  end

  render json: success_json
rescue Discourse::InvalidAccess
  render_json_error(I18n.t("notification_level.#{@error_message}"))
end

#password_reset_show ⇒ Object

# File 'app/controllers/users_controller.rb', line 804

def password_reset_show
  expires_now
  token = params[:token]

  password_reset_find_user(token, committing_change: false)

  if !@error
    security_params = {
      is_developer: UsernameCheckerService.is_developer?(@user.email),
      admin: @user.admin?,
      second_factor_required: @user.totp_enabled?,
      security_key_required: @user.security_keys_enabled?,
      backup_enabled: @user.backup_codes_enabled?,
      multiple_second_factor_methods: @user.has_multiple_second_factor_methods?,
    }
  end

  respond_to do |format|
    format.html do
      return render "password_reset", layout: "no_ember" if @error

      DiscourseWebauthn.stage_challenge(@user, secure_session)
      store_preloaded(
        "password_reset",
        MultiJson.dump(
          security_params.merge(DiscourseWebauthn.allowed_credentials(@user, secure_session)),
        ),
      )

      render "password_reset"
    end

    format.json do
      return render json: { message: @error } if @error

      DiscourseWebauthn.stage_challenge(@user, secure_session)
      render json:
               security_params.merge(DiscourseWebauthn.allowed_credentials(@user, secure_session))
    end
  end
end

#password_reset_update ⇒ Object

# File 'app/controllers/users_controller.rb', line 846

def password_reset_update
  expires_now
  token = params[:token]
  password_reset_find_user(token, committing_change: true)

  rate_limit_second_factor!(@user)

  # no point doing anything else if we can't even find
  # a user from the token
  if @user
    if !secure_session["second-factor-#{token}"]
      second_factor_authentication_result =
        @user.authenticate_second_factor(params, secure_session)
      if !second_factor_authentication_result.ok
        user_error_key =
          (
            if second_factor_authentication_result.reason == "invalid_security_key"
              :user_second_factors
            else
              :security_keys
            end
          )
        @user.errors.add(user_error_key, :invalid)
        @error = second_factor_authentication_result.error
      else
        # this must be set because the first call we authenticate e.g. TOTP, and we do
        # not want to re-authenticate on the second call to change the password as this
        # will cause a TOTP error saying the code has already been used
        secure_session["second-factor-#{token}"] = true
      end
    end

    if @invalid_password =
         params[:password].blank? || params[:password].size > User.max_password_length
      @user.errors.add(:password, :invalid)
    end

    # if we have run into no errors then the user is a-ok to
    # change the password
    if @user.errors.empty?
      @user.update_timezone_if_missing(params[:timezone]) if params[:timezone]
      @user.password = params[:password]
      @user.password_required!
      @user.user_auth_tokens.destroy_all
      if @user.save
        Invite.invalidate_for_email(@user.email) # invite link can't be used to log in anymore
        secure_session["password-#{token}"] = nil
        secure_session["second-factor-#{token}"] = nil
        UserHistory.create!(
          target_user: @user,
          acting_user: @user,
          action: UserHistory.actions[:change_password],
        )
        logon_after_password_reset
      end
    end
  end

  respond_to do |format|
    format.html do
      return render "password_reset", layout: "no_ember" if @error

      DiscourseWebauthn.stage_challenge(@user, secure_session)

      security_params = {
        is_developer: UsernameCheckerService.is_developer?(@user.email),
        admin: @user.admin?,
        second_factor_required: @user.totp_enabled?,
        security_key_required: @user.security_keys_enabled?,
        backup_enabled: @user.backup_codes_enabled?,
        multiple_second_factor_methods: @user.has_multiple_second_factor_methods?,
      }.merge(DiscourseWebauthn.allowed_credentials(@user, secure_session))

      store_preloaded("password_reset", MultiJson.dump(security_params))

      return redirect_to(wizard_path) if Wizard.user_requires_completion?(@user)

      render "password_reset"
    end

    format.json do
      if @error || @user&.errors&.any?
        render json: {
                 success: false,
                 message: @error,
                 errors: @user&.errors&.to_hash,
                 is_developer: UsernameCheckerService.is_developer?(@user&.email),
                 admin: @user&.admin?,
               }
      else
        render json: {
                 success: true,
                 message: @success,
                 requires_approval: !Guardian.new(@user).can_access_forum?,
                 redirect_to: Wizard.user_requires_completion?(@user) ? wizard_path : nil,
               }
      end
    end
  end
end

#perform_account_activation ⇒ Object

Raises:

• (Discourse::InvalidAccess)

# File 'app/controllers/users_controller.rb', line 1085

def perform_account_activation
  raise Discourse::InvalidAccess.new if honeypot_or_challenge_fails?(params)

  if @user = EmailToken.confirm(params[:token], scope: EmailToken.scopes[:signup])
    # Log in the user unless they need to be approved
    if Guardian.new(@user).can_access_forum?
      @user.enqueue_welcome_message("welcome_user") if @user.send_welcome_message
      log_on_user(@user)

      # invites#perform_accept_invitation already sets destination_url, but
      # sometimes it is lost (user changes browser, uses incognito, etc)
      #
      # The code below checks if the user was invited and redirects them to
      # the topic they were originally invited to.
      destination_url = cookies.delete(:destination_url)
      if destination_url.blank?
        topic =
          Invite
            .joins(:invited_users)
            .find_by(invited_users: { user_id: @user.id })
            &.topics
            &.first

        destination_url = path(topic.relative_url) if @user.guardian.can_see?(topic)
      end

      if Wizard.user_requires_completion?(@user)
        return redirect_to(wizard_path)
      elsif destination_url.present?
        return redirect_to(destination_url, allow_other_host: true)
      elsif SiteSetting.enable_discourse_connect_provider &&
            payload = cookies.delete(:sso_payload)
        return redirect_to(session_sso_provider_url + "?" + payload)
      end
    else
      @needs_approval = true
    end
  else
    flash.now[:error] = I18n.t("activation.already_done")
  end

  render layout: "no_ember"
end

#pick_avatar ⇒ Object

# File 'app/controllers/users_controller.rb', line 1265

def pick_avatar
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  return render json: failed_json, status: 422 if SiteSetting.discourse_connect_overrides_avatar

  type = params[:type]

  invalid_type = type.present? && !AVATAR_TYPES_WITH_UPLOAD.include?(type) && type != "system"
  return render json: failed_json, status: 422 if invalid_type

  if type.blank? || type == "system"
    upload_id = nil
  elsif !TrustLevelAndStaffAndDisabledSetting.matches?(SiteSetting.allow_uploaded_avatars, user)
    return render json: failed_json, status: 422
  else
    upload_id = params[:upload_id]
    upload = Upload.find_by(id: upload_id)

    return render_json_error I18n.t("avatar.missing") if upload.nil?

    # old safeguard
    user.create_user_avatar unless user.user_avatar

    guardian.ensure_can_pick_avatar!(user.user_avatar, upload)

    if type == "gravatar"
      user.user_avatar.gravatar_upload_id = upload_id
    else
      user.user_avatar.custom_upload_id = upload_id
    end
  end

  SiteSetting.use_site_small_logo_as_system_avatar = false if user.is_system_user?

  user.uploaded_avatar_id = upload_id
  user.save!
  user.user_avatar.save!

  render json: success_json
end

#preferences ⇒ Object

# File 'app/controllers/users_controller.rb', line 471

def preferences
  render body: nil
end

#private_message_topic_tracking_state ⇒ Object

# File 'app/controllers/users_controller.rb', line 407

def private_message_topic_tracking_state
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  report = PrivateMessageTopicTrackingState.report(user)

  serializer =
    ActiveModel::ArraySerializer.new(
      report,
      each_serializer: PrivateMessageTopicTrackingStateSerializer,
      scope: guardian,
    )

  render json: MultiJson.dump(serializer)
end

#profile_hidden ⇒ Object

# File 'app/controllers/users_controller.rb', line 486

def profile_hidden
  render nothing: true
end

#read_faq ⇒ Object

# File 'app/controllers/users_controller.rb', line 1422

def read_faq
  if user = current_user
    user.user_stat.read_faq = 1.second.ago
    user.user_stat.save
  end

  render json: success_json
end

#recent_searches ⇒ Object

# File 'app/controllers/users_controller.rb', line 1431

def recent_searches
  if !SiteSetting.log_search_queries
    return(
      render json: failed_json.merge(error: I18n.t("user_activity.no_log_search_queries")),
             status: 403
    )
  end

  query = SearchLog.where(user_id: current_user.id)

  if current_user.user_option.oldest_search_log_date
    query = query.where("created_at > ?", current_user.user_option.oldest_search_log_date)
  end

  results =
    query.group(:term).order("max(created_at) DESC").limit(MAX_RECENT_SEARCHES).pluck(:term)

  render json: success_json.merge(recent_searches: results)
end

#register_second_factor_security_key ⇒ Object

# File 'app/controllers/users_controller.rb', line 1576

def register_second_factor_security_key
  params.require(:name)
  params.require(:attestation)
  params.require(:clientData)

  ::DiscourseWebauthn::SecurityKeyRegistrationService.new(
    current_user,
    params,
    challenge: DiscourseWebauthn.challenge(current_user, secure_session),
    rp_id: DiscourseWebauthn.rp_id,
    origin: Discourse.base_url,
  ).register_second_factor_security_key
  render json: success_json
rescue ::DiscourseWebauthn::SecurityKeyError => err
  render json: failed_json.merge(error: err.message)
end

#render_available_true ⇒ Object

# File 'app/controllers/users_controller.rb', line 583

def render_available_true
  render(json: { available: true })
end

#reset_recent_searches ⇒ Object

# File 'app/controllers/users_controller.rb', line 1451

def reset_recent_searches
  current_user.user_option.update!(oldest_search_log_date: 1.second.ago)
  render json: success_json
end

#revoke_account ⇒ Object

Raises:

• (Discourse::NotFound)

# File 'app/controllers/users_controller.rb', line 1683

def revoke_account
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)
  provider_name = params.require(:provider_name)

  # Using Discourse.authenticators rather than Discourse.enabled_authenticators so users can
  # revoke permissions even if the admin has temporarily disabled that type of login
  authenticator = Discourse.authenticators.find { |a| a.name == provider_name }
  raise Discourse::NotFound if authenticator.nil? || !authenticator.can_revoke?

  skip_remote = params.permit(:skip_remote)

  # We're likely going to contact the remote auth provider, so hijack request
  hijack do
    DiscourseEvent.trigger(:before_auth_revoke, authenticator, user)
    result = authenticator.revoke(user, skip_remote: skip_remote)
    if result
      render json: success_json
    else
      render json: {
               success: false,
               message: I18n.t("associated_accounts.revoke_failed", provider_name: provider_name),
             }
    end
  end
end

#revoke_auth_token ⇒ Object

# File 'app/controllers/users_controller.rb', line 1710

def revoke_auth_token
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  if params[:token_id]
    token = UserAuthToken.find_by(id: params[:token_id], user_id: user.id)
    # The user should not be able to revoke the auth token of current session.
    if !token || guardian.auth_token == token.auth_token
      raise Discourse::InvalidParameters.new(:token_id)
    end
    UserAuthToken.where(id: params[:token_id], user_id: user.id).each(&:destroy!)

    MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
  else
    UserAuthToken.where(user_id: user.id).each(&:destroy!)
  end

  render json: success_json
end

#search_users ⇒ Object

# File 'app/controllers/users_controller.rb', line 1197

def search_users
  term = params[:term].to_s.strip

  topic_id = params[:topic_id].to_i if params[:topic_id].present?
  category_id = params[:category_id].to_i if params[:category_id].present?

  topic_allowed_users = params[:topic_allowed_users] || false

  group_names = params[:groups] || []
  group_names << params[:group] if params[:group]
  @groups = Group.where(name: group_names) if group_names.present?

  options = {
    topic_allowed_users: topic_allowed_users,
    searching_user: current_user,
    groups: @groups,
  }

  options[:include_staged_users] = !!ActiveModel::Type::Boolean.new.cast(
    params[:include_staged_users],
  )
  options[:last_seen_users] = !!ActiveModel::Type::Boolean.new.cast(params[:last_seen_users])

  if limit = fetch_limit_from_params(default: nil, max: SEARCH_USERS_LIMIT)
    options[:limit] = limit
  end

  options[:topic_id] = topic_id if topic_id
  options[:category_id] = category_id if category_id

  results = UserSearch.new(term, options).search
  to_render = serialize_found_users(results)

  # blank term is only handy for in-topic search of users after @
  # we do not want group results ever if term is blank
  groups =
    if term.present? && current_user
      if params[:include_groups] == "true"
        Group.visible_groups(current_user)
      elsif params[:include_mentionable_groups] == "true"
        Group.mentionable(current_user)
      elsif params[:include_messageable_groups] == "true"
        Group.messageable(current_user)
      end
    end

  if groups
    DiscoursePluginRegistry
      .groups_callback_for_users_search_controller_action
      .each do |param_name, block|
      groups = block.call(groups, current_user) if params[param_name.to_s]
    end

    # the plugin registry callbacks above are only evaluated when a param
    # is present matching the name of the callback. Any modifier registered using
    # register_modifier(:groups_for_users_search) will be evaluated without needing the
    # param.
    groups = DiscoursePluginRegistry.apply_modifier(:groups_for_users_search, groups)
    groups = Group.search_groups(term, groups: groups, sort: :auto)

    to_render[:groups] = groups.map { |m| { name: m.name, full_name: m.full_name } }
  end

  render json: to_render
end

#second_factor_check_confirmed_password ⇒ Object

Raises:

• (Discourse::InvalidAccess)

# File 'app/controllers/users_controller.rb', line 1675

def second_factor_check_confirmed_password
  if SiteSetting.enable_discourse_connect || !SiteSetting.enable_local_logins
    raise Discourse::NotFound
  end

  raise Discourse::InvalidAccess.new unless current_user && secure_session_confirmed?
end

#select_avatar ⇒ Object

# File 'app/controllers/users_controller.rb', line 1307

def select_avatar
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  url = params[:url]

  return render json: failed_json, status: 422 if url.blank?

  if SiteSetting.selectable_avatars_mode == "disabled"
    return render json: failed_json, status: 422
  end

  return render json: failed_json, status: 422 if SiteSetting.selectable_avatars.blank?

  unless upload = Upload.get_from_url(url)
    return render json: failed_json, status: 422
  end

  unless SiteSetting.selectable_avatars.include?(upload)
    return render json: failed_json, status: 422
  end

  user.uploaded_avatar_id = upload.id

  SiteSetting.use_site_small_logo_as_system_avatar = false if user.is_system_user?

  user.save!

  avatar = user.user_avatar || user.create_user_avatar
  avatar.custom_upload_id = upload.id
  avatar.save!

  render json: {
           avatar_template: user.avatar_template,
           custom_avatar_template: user.avatar_template,
           uploaded_avatar_id: upload.id,
         }
end

#send_activation_email ⇒ Object

Raises:

• (Discourse::InvalidAccess)

# File 'app/controllers/users_controller.rb', line 1167

def send_activation_email
  if current_user.blank? || !current_user.staff?
    RateLimiter.new(nil, "activate-hr-#{request.remote_ip}", 30, 1.hour).performed!
    RateLimiter.new(nil, "activate-min-#{request.remote_ip}", 6, 1.minute).performed!
  end

  raise Discourse::InvalidAccess.new if SiteSetting.must_approve_users?

  @user = User.find_by_username_or_email(params[:username].to_s) if params[:username].present?

  raise Discourse::NotFound unless @user

  if !current_user&.staff? && @user.id != session[SessionController::ACTIVATE_USER_KEY]
    raise Discourse::InvalidAccess.new
  end

  session.delete(SessionController::ACTIVATE_USER_KEY)

  if @user.active && @user.email_confirmed?
    render_json_error(I18n.t("activation.activated"), status: 409)
  else
    @email_token =
      @user.email_tokens.create!(email: @user.email, scope: EmailToken.scopes[:signup])
    EmailToken.enqueue_signup_email(@email_token, to_address: @user.email)
    render body: nil
  end
end

#show(for_card: false) ⇒ Object

# File 'app/controllers/users_controller.rb', line 108

def show(for_card: false)
  if SiteSetting.hide_user_profiles_from_public && !current_user
    raise Discourse::NotFound.new(custom_message: "invalid_access", status: 403)
  end

  @user =
    fetch_user_from_params(
      include_inactive: current_user&.staff? || for_card || SiteSetting.show_inactive_accounts,
    )

  user_serializer = nil
  if !current_user&.staff? && !@user.active?
    user_serializer = InactiveUserSerializer.new(@user, scope: guardian, root: "user")
  elsif !guardian.can_see_profile?(@user)
    user_serializer = HiddenProfileSerializer.new(@user, scope: guardian, root: "user")
  else
    serializer_class = for_card ? UserCardSerializer : UserSerializer
    user_serializer = serializer_class.new(@user, scope: guardian, root: "user")

    topic_id = params[:include_post_count_for].to_i
    if topic_id != 0 && guardian.can_see?(Topic.find_by_id(topic_id))
      user_serializer.topic_post_count = {
        topic_id => Post.secured(guardian).where(topic_id: topic_id, user_id: @user.id).count,
      }
    end
  end

  track_visit_to_user_profile if !params[:skip_track_visit] && (@user != current_user)

  # This is a hack to get around a Rails issue where values with periods aren't handled correctly
  # when used as part of a route.
  if params[:external_id] && params[:external_id].ends_with?(".json")
    return render_json_dump(user_serializer)
  end

  respond_to do |format|
    format.html do
      @restrict_fields = guardian.restrict_user_fields?(@user)
      store_preloaded("user_#{@user.username}", MultiJson.dump(user_serializer))
      render :show
    end

    format.json { render_json_dump(user_serializer) }
  end
end

#show_card ⇒ Object

# File 'app/controllers/users_controller.rb', line 154

def show_card
  show(for_card: true)
end

#staff_info ⇒ Object

# File 'app/controllers/users_controller.rb', line 1456

def staff_info
  @user = fetch_user_from_params(include_inactive: true)
  guardian.ensure_can_see_staff_info!(@user)

  result = {}

  %W[
    number_of_deleted_posts
    number_of_flagged_posts
    number_of_flags_given
    number_of_suspensions
    warnings_received_count
    number_of_rejected_posts
  ].each { |info| result[info] = @user.public_send(info) }

  render json: result
end

#summary ⇒ Object

Raises:

• (Discourse::NotFound)

# File 'app/controllers/users_controller.rb', line 490

def summary
  @user =
    fetch_user_from_params(
      include_inactive:
        current_user.try(:staff?) || (current_user && SiteSetting.show_inactive_accounts),
    )
  raise Discourse::NotFound unless guardian.can_see_profile?(@user)

  response.headers["X-Robots-Tag"] = "noindex"

  respond_to do |format|
    format.html do
      @restrict_fields = guardian.restrict_user_fields?(@user)
      render :show
    end
    format.json do
      summary_json =
        Discourse
          .cache
          .fetch(summary_cache_key(@user), expires_in: 1.hour) do
            summary = UserSummary.new(@user, guardian)
            serializer = UserSummarySerializer.new(summary, scope: guardian)
            MultiJson.dump(serializer)
          end
      render json: summary_json
    end
  end
end

#toggle_anon ⇒ Object

# File 'app/controllers/users_controller.rb', line 1036

def toggle_anon
  user =
    AnonymousShadowCreator.get_master(current_user) || AnonymousShadowCreator.get(current_user)

  if user
    log_on_user(user)
    render json: success_json
  else
    render json: failed_json, status: 403
  end
end

#topic_tracking_state ⇒ Object

# File 'app/controllers/users_controller.rb', line 397

def topic_tracking_state
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  report = TopicTrackingState.report(user)
  serializer = TopicTrackingStateSerializer.new(report, scope: guardian, root: false)

  render json: MultiJson.dump(serializer.as_json[:data])
end

#update ⇒ Object

# File 'app/controllers/users_controller.rb', line 196

def update
  user = fetch_user_from_params
  guardian.ensure_can_edit!(user)

  # Exclude some attributes that are only for user creation because they have
  # dedicated update routes.
  attributes = user_params.except(:username, :email, :password)

  if params[:user_fields].present?
    attributes[:custom_fields] ||= {}

    fields = UserField.all
    fields = fields.where(editable: true) unless current_user.staff?
    fields.each do |field|
      field_id = field.id.to_s
      next unless params[:user_fields].has_key?(field_id)

      value = clean_custom_field_values(field)
      value = nil if value === "false"
      value = value[0...UserField.max_length] if value

      if value.blank? && field.required?
        return render_json_error(I18n.t("login.missing_user_field"))
      end
      attributes[:custom_fields]["#{User::USER_FIELD_PREFIX}#{field.id}"] = value
    end
  end

  if params[:external_ids]&.is_a?(ActionController::Parameters) && current_user&.admin? && is_api?
    attributes[:user_associated_accounts] = []

    params[:external_ids].each do |provider_name, provider_uid|
      if provider_name == "discourse_connect"
        unless SiteSetting.enable_discourse_connect
          raise Discourse::InvalidParameters.new(:external_ids)
        end

        attributes[:discourse_connect] = { external_id: provider_uid }

        next
      end

      authenticator = Discourse.enabled_authenticators.find { |a| a.name == provider_name }
      raise Discourse::InvalidParameters.new(:external_ids) if !authenticator&.is_managed?

      attributes[:user_associated_accounts] << {
        provider_name: provider_name,
        provider_uid: provider_uid,
      }
    end
  end

  json_result(
    user,
    serializer: UserSerializer,
    additional_errors: %i[user_profile user_option],
  ) do |u|
    updater = UserUpdater.new(current_user, user)
    updater.update(attributes.permit!)
  end
end

#update_activation_email ⇒ Object

# File 'app/controllers/users_controller.rb', line 1129

def update_activation_email
  RateLimiter.new(nil, "activate-edit-email-hr-#{request.remote_ip}", 5, 1.hour).performed!

  if params[:username].present?
    RateLimiter.new(
      nil,
      "activate-edit-email-hr-username-#{params[:username]}",
      5,
      1.hour,
    ).performed!
    @user = User.find_by_username_or_email(params[:username])
    raise Discourse::InvalidAccess.new unless @user.present?
    raise Discourse::InvalidAccess.new unless @user.confirm_password?(params[:password])
  elsif user_key = session[SessionController::ACTIVATE_USER_KEY]
    RateLimiter.new(nil, "activate-edit-email-hr-user-key-#{user_key}", 5, 1.hour).performed!
    @user = User.where(id: user_key.to_i).first
  end

  if @user.blank? || @user.active? || current_user.present? || @user.from_staged?
    raise Discourse::InvalidAccess.new
  end

  User.transaction do
    primary_email = @user.primary_email
    primary_email.email = params[:email]
    primary_email.skip_validate_email = false

    if primary_email.save
      @email_token =
        @user.email_tokens.create!(email: @user.email, scope: EmailToken.scopes[:signup])
      EmailToken.enqueue_signup_email(@email_token, to_address: @user.email)
      render json: success_json
    else
      render_json_error(primary_email)
    end
  end
end

#update_primary_email ⇒ Object

# File 'app/controllers/users_controller.rb', line 337

def update_primary_email
  return render json: failed_json, status: 410 if !SiteSetting.enable_secondary_emails

  params.require(:email)

  user = fetch_user_from_params
  guardian.ensure_can_edit_email!(user)

  old_primary = user.primary_email
  return render json: success_json if old_primary.email == params[:email]

  new_primary = user.user_emails.find_by(email: params[:email])
  if new_primary.blank?
    return(
      render json: failed_json.merge(errors: [I18n.t("change_email.doesnt_exist")]), status: 428
    )
  end

  User.transaction do
    old_primary.update!(primary: false)
    new_primary.update!(primary: true)
    DiscourseEvent.trigger(:user_updated, user)

    if current_user.staff? && current_user != user
      StaffActionLogger.new(current_user).log_update_email(user)
    else
      UserHistory.create!(action: UserHistory.actions[:update_email], acting_user_id: user.id)
    end
  end

  render json: success_json
end

#update_second_factor ⇒ Object

Raises:

• (Discourse::InvalidParameters)

# File 'app/controllers/users_controller.rb', line 1645

def update_second_factor
  params.require(:second_factor_target)
  update_second_factor_method = params[:second_factor_target].to_i

  if update_second_factor_method == UserSecondFactor.methods[:totp]
    params.require(:id)
    second_factor_id = params[:id].to_i
    user_second_factor = current_user.user_second_factors.totps.find_by(id: second_factor_id)
  elsif update_second_factor_method == UserSecondFactor.methods[:backup_codes]
    user_second_factor = current_user.user_second_factors.backup_codes
  end

  raise Discourse::InvalidParameters unless user_second_factor

  user_second_factor.update!(name: params[:name]) if params[:name] && !params[:name].blank?
  if params[:disable] == "true"
    # Disabling backup codes deletes *all* backup codes
    if update_second_factor_method == UserSecondFactor.methods[:backup_codes]
      current_user
        .user_second_factors
        .where(method: UserSecondFactor.methods[:backup_codes])
        .destroy_all
    else
      user_second_factor.update!(enabled: false)
    end
  end

  render json: success_json
end

#update_security_key ⇒ Object

Raises:

• (Discourse::InvalidParameters)

# File 'app/controllers/users_controller.rb', line 1593

def update_security_key
  user_security_key = current_user.security_keys.find_by(id: params[:id].to_i)
  raise Discourse::InvalidParameters unless user_security_key

  user_security_key.update!(name: params[:name]) if params[:name] && !params[:name].blank?
  user_security_key.update!(enabled: false) if params[:disable] == "true"

  render json: success_json
end

#user_from_params_or_current_user ⇒ Object

# File 'app/controllers/users_controller.rb', line 644

def user_from_params_or_current_user
  params[:for_user_id] ? User.find(params[:for_user_id]) : current_user
end

#user_menu_bookmarks ⇒ Object

# File 'app/controllers/users_controller.rb', line 1801

def user_menu_bookmarks
  if !current_user.username_equals_to?(params[:username])
    raise Discourse::InvalidAccess.new("username doesn't match current_user's username")
  end

  reminder_notifications =
    Notification
      .for_user_menu(current_user.id, limit: USER_MENU_LIST_LIMIT)
      .unread
      .where(notification_type: Notification.types[:bookmark_reminder])

  if reminder_notifications.size < USER_MENU_LIST_LIMIT
    exclude_bookmark_ids =
      reminder_notifications.filter_map { |notification| notification.data_hash[:bookmark_id] }

    bookmark_list =
      UserBookmarkList.new(
        user: current_user,
        guardian: guardian,
        per_page: USER_MENU_LIST_LIMIT - reminder_notifications.size,
      )

    bookmark_list.load do |query|
      if exclude_bookmark_ids.present?
        query.where("bookmarks.id NOT IN (?)", exclude_bookmark_ids)
      end
    end
  end

  if reminder_notifications.present?
    serialized_notifications =
      ActiveModel::ArraySerializer.new(
        reminder_notifications,
        each_serializer: NotificationSerializer,
        scope: guardian,
      )
  end

  if bookmark_list
    bookmark_list.bookmark_serializer_opts = { link_to_first_unread_post: true }
    serialized_bookmarks =
      serialize_data(bookmark_list, UserBookmarkListSerializer, scope: guardian, root: false)[
        :bookmarks
      ]
  end

  render json: {
           notifications: serialized_notifications || [],
           bookmarks: serialized_bookmarks || [],
         }
end

#user_menu_messages ⇒ Object

# File 'app/controllers/users_controller.rb', line 1853

def user_menu_messages
  if !current_user.username_equals_to?(params[:username])
    raise Discourse::InvalidAccess.new("username doesn't match current_user's username")
  end

  if !current_user.staff? &&
       !current_user.in_any_groups?(SiteSetting.personal_message_enabled_groups_map)
    raise Discourse::InvalidAccess.new("personal messages are disabled.")
  end

  unread_notifications =
    Notification
      .for_user_menu(current_user.id, limit: USER_MENU_LIST_LIMIT)
      .unread
      .where(
        notification_type: [
          Notification.types[:private_message],
          Notification.types[:group_message_summary],
        ],
      )
      .to_a

  if unread_notifications.size < USER_MENU_LIST_LIMIT
    exclude_topic_ids = unread_notifications.filter_map(&:topic_id).uniq
    limit = USER_MENU_LIST_LIMIT - unread_notifications.size

    messages_list =
      TopicQuery
        .new(current_user, per_page: limit)
        .list_private_messages_direct_and_groups(
          current_user,
          groups_messages_notification_level: :watching,
        ) do |query|
          if exclude_topic_ids.present?
            query.where("topics.id NOT IN (?)", exclude_topic_ids)
          else
            query
          end
        end

    read_notifications =
      Notification
        .for_user_menu(current_user.id, limit: limit)
        .where(read: true, notification_type: Notification.types[:group_message_summary])
        .to_a
  end

  if unread_notifications.present?
    serialized_unread_notifications =
      ActiveModel::ArraySerializer.new(
        unread_notifications,
        each_serializer: NotificationSerializer,
        scope: guardian,
      )
  end

  if messages_list
    serialized_messages =
      serialize_data(messages_list, TopicListSerializer, scope: guardian, root: false)[:topics]
  end

  if read_notifications.present?
    serialized_read_notifications =
      ActiveModel::ArraySerializer.new(
        read_notifications,
        each_serializer: NotificationSerializer,
        scope: guardian,
      )
  end

  render json: {
           unread_notifications: serialized_unread_notifications || [],
           read_notifications: serialized_read_notifications || [],
           topics: serialized_messages || [],
         }
end

#username ⇒ Object

# File 'app/controllers/users_controller.rb', line 258

def username
  params.require(:new_username)

  if clashing_with_existing_route?(params[:new_username]) ||
       User.reserved_username?(params[:new_username])
    return render_json_error(I18n.t("login.reserved_username"))
  end

  user = fetch_user_from_params
  guardian.ensure_can_edit_username!(user)

  result = UsernameChanger.change(user, params[:new_username], current_user)

  if result
    render json: { id: user.id, username: user.username }
  else
    render_json_error(user.errors.full_messages.join(","))
  end
rescue Discourse::InvalidAccess
  if current_user&.staff?
    render_json_error(I18n.t("errors.messages.auth_overrides_username"))
  else
    render json: failed_json, status: 403
  end
end