Class: CamaleonCms::Admin::SessionsController

Inherits:
CamaleonController
  • Object
show all
Defined in:
app/controllers/camaleon_cms/admin/sessions_controller.rb

Overview

Camaleon CMS is a content management system

Copyright (C) 2015 by Owen Peredo Diaz
Email: [email protected]
This program is free software: you can redistribute it and/or modify   it under the terms of the GNU Affero General Public License as  published by the Free Software Foundation, either version 3 of the  License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,  but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the  GNU Affero General Public License (GPLv3) for more details.

Instance Method Summary collapse

Instance Method Details

#confirm_emailObject


145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 145

def confirm_email
  @user = current_site.users.new
  if params[:h]
    @user = current_site.users.where(confirm_email_token: params[:h]).first
    if @user.nil?
      flash[:error] = t('camaleon_cms.admin.login.message.confirm_email_token_incorrect')
    elsif @user.confirm_email_sent_at.nil? || @user.confirm_email_sent_at < 2.hours.ago
      flash[:error] = t('camaleon_cms.admin.login.message.confirm_email_token_expired')
    else
      flash[:notice] = t('camaleon_cms.admin.login.message.confirm_email_success')
      @user.is_valid_email = true
      @user.save!
    end
  end
  redirect_to 
end

#forgotObject


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 63

def forgot
  @user = current_site.users.new
  # get form reset password
  if params[:h]
    @user = current_site.users.where(password_reset_token: params[:h]).first
    if @user.nil?
      flash[:error] = t('camaleon_cms.admin.login.message.forgot_url_incorrect')
      redirect_to cama_forgot_path
      return
    elsif @user.password_reset_sent_at < 2.hours.ago
      flash[:error] = t('camaleon_cms.admin.login.message.forgot_expired')
      redirect_to 
    else
      # saved new password
      if params[:user].present?
        if @user.update(params[:user].permit(:password, :password_confirmation))
          flash[:notice] = t('camaleon_cms.admin.login.message.reset_password_succes')
          redirect_to 
          return
        else
          flash[:error] = t('camaleon_cms.admin.login.message.reset_password_error')
        end
      end
      @form_reset = true
      render "forgot"
      return
    end
  end

  # TODO: Move this out of the controller
  # send email reset password
  if params[:user].present?
    data_user = params[:user]
    @user = current_site.users.find_by_email(data_user[:email])
    if @user.present?
      @user.send_password_reset

      reset_url = cama_admin_forgot_url({h: @user.password_reset_token})

      html = "<p>#{t('camaleon_cms.admin.login.message.hello')}, <b>#{@user.fullname}</b></p>
          <p>#{t('camaleon_cms.admin.login.message.reset_url')}:</p>
          <p><a href='#{reset_url}'><b>#{reset_url}</b></a></p> "
      sendmail(@user.email, t('camaleon_cms.admin.login.message.subject_email'), html)

      flash[:notice] = t('camaleon_cms.admin.login.message.send_mail_succes')
      redirect_to 
      return
    else
      flash[:error] = t('camaleon_cms.admin.login.message.send_mail_error')
      @user = current_site.users.new(data_user)
    end
  end
end

#loginObject

you can pass return_to as a param (mysite.com/admin/login?return_to=my-url) and this will be used after user logged in


17
18
19
20
21
22
23
24
25
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 17

def 
  if signin?
    return redirect_to (params[:return_to].present? ? params[:return_to] : cama_admin_dashboard_path)
  else
    cookies[:return_to] = params[:return_to] if params[:return_to].present?
    @user ||= current_site.users.new
  end
  render "login"
end

#login_postObject


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 27

def 
  data_user = params[:user]
  cipher = Gibberish::AES::CBC.new(cama_get_session_id)
  data_user[:password] = cipher.decrypt(data_user[:password]) rescue nil
  @user = current_site.users.find_by_username(data_user[:username])
  captcha_validate = captcha_verify_if_under_attack("login")
  r = {user: @user, params: params, password: data_user[:password], captcha_validate: captcha_validate, stop_process: false}; hooks_run("user_before_login", r)
  return if r[:stop_process] # permit to redirect for data completion
  if captcha_validate && @user && @user.authenticate(data_user[:password])
    #Email validation if is necessary
    if @user.is_valid_email? || !current_site.need_validate_email?
      cama_captcha_reset_attack("login")
      r={user: @user, redirect_to: nil}; hooks_run('after_login', r)
      (@user, params[:remember_me].present?, r[:redirect_to])
    else
      flash[:error] = t('camaleon_cms.admin.login.message.email_not_validated')
      @user = current_site.users.new(data_user)
      
    end
  else
    cama_captcha_increment_attack("login")
    if captcha_validate
      flash[:error] = t('camaleon_cms.admin.login.message.fail')
    else
      flash[:error] = t('camaleon_cms.admin.login.message.invalid_caption')
    end
    @user = current_site.users.new(data_user)
    
  end
end

#logoutObject


58
59
60
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 58

def logout
  cama_logout_user
end

#registerObject


117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 117

def register
  @user ||= current_site.users.new
  if params[:user].present?
    params[:user][:role] = PluginRoutes.system_info["default_user_role"]
    params[:user][:is_valid_email] = false if current_site.need_validate_email?
    user_data = params[:user]
    result = cama_register_user(user_data, params[:meta])
    if result[:result] == false && result[:type] == :captcha_error
      @first_name = params[:meta][:first_name]
      @last_name = params[:meta][:last_name]

      @user.errors[:captcha] = t('camaleon_cms.admin.users.message.error_captcha')
      render 'register'
    elsif result[:result]
      flash[:notice] = result[:message]
      send_user_confirm_email(@user) if current_site.need_validate_email?
      r = {user: @user, redirect_url: result[:redirect_url]}; hooks_run('user_registered', r)
      redirect_to r[:redirect_url]
    else
      @first_name = params[:meta][:first_name]
      @last_name = params[:meta][:last_name]
      render 'register'
    end
  else
    render 'register'
  end
end