]> git.openstreetmap.org Git - rails.git/blob - app/controllers/confirmations_controller.rb
Add link to unredacted element history for moderators
[rails.git] / app / controllers / confirmations_controller.rb
1 class ConfirmationsController < ApplicationController
2   include SessionMethods
3   include UserMethods
4
5   layout "site"
6
7   before_action :authorize_web
8   before_action :set_locale
9   before_action :check_database_readable
10
11   authorize_resource :class => false
12
13   before_action :check_database_writable, :only => [:confirm, :confirm_email]
14   before_action :require_cookies, :only => [:confirm]
15
16   def confirm
17     if request.post?
18       token = params[:confirm_string]
19
20       user = User.find_by_token_for(:new_user, token) ||
21              UserToken.unexpired.find_by(:token => token)&.user
22
23       if !user
24         flash[:error] = t(".unknown token")
25         redirect_to :action => "confirm"
26       elsif user.active?
27         flash[:error] = t(".already active")
28         redirect_to login_path
29       elsif !user.visible?
30         render_unknown_user user.display_name
31       else
32         user.activate
33         user.email_valid = true
34         flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
35         user.save!
36         referer = safe_referer(params[:referer]) if params[:referer]
37         UserToken.delete_by(:token => token)
38
39         pending_user = session.delete(:pending_user)
40
41         if user.id == pending_user
42           session[:user] = user.id
43           session[:fingerprint] = user.fingerprint
44
45           redirect_to referer || welcome_path
46         else
47           flash[:notice] = t(".success")
48           redirect_to login_path(:referer => referer)
49         end
50       end
51     else
52       user = User.visible.find_by(:display_name => params[:display_name])
53
54       redirect_to root_path if user.nil? || user.active?
55     end
56   end
57
58   def confirm_resend
59     user = User.visible.find_by(:display_name => params[:display_name])
60
61     if user.nil? || user.id != session[:pending_user]
62       flash[:error] = t ".failure", :name => params[:display_name]
63     else
64       UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later
65       flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
66     end
67
68     redirect_to login_path
69   end
70
71   def confirm_email
72     if request.post?
73       token = params[:confirm_string]
74
75       self.current_user = User.find_by_token_for(:new_email, token) ||
76                           UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
77
78       if current_user&.new_email?
79         current_user.email = current_user.new_email
80         current_user.new_email = nil
81         current_user.email_valid = true
82         gravatar_enabled = gravatar_enable(current_user)
83         if current_user.save
84           flash[:notice] = if gravatar_enabled
85                              "#{t('.success')} #{gravatar_status_message(current_user)}"
86                            else
87                              t(".success")
88                            end
89         else
90           flash[:errors] = current_user.errors
91         end
92         current_user.tokens.delete_all
93         session[:user] = current_user.id
94         session[:fingerprint] = current_user.fingerprint
95       elsif current_user
96         flash[:error] = t ".failure"
97       else
98         flash[:error] = t ".unknown_token"
99       end
100
101       redirect_to edit_account_path
102     end
103   end
104
105   private
106
107   ##
108   # check if this user has a gravatar and set the user pref is true
109   def gravatar_enable(user)
110     # code from example https://en.gravatar.com/site/implement/images/ruby/
111     return false if user.avatar.attached?
112
113     begin
114       hash = Digest::MD5.hexdigest(user.email.downcase)
115       url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back
116       response = OSM.http_client.get(URI.parse(url))
117       available = response.success?
118     rescue StandardError
119       available = false
120     end
121
122     oldsetting = user.image_use_gravatar
123     user.image_use_gravatar = available
124     oldsetting != user.image_use_gravatar
125   end
126
127   ##
128   # display a message about th current status of the gravatar setting
129   def gravatar_status_message(user)
130     if user.image_use_gravatar
131       t "profiles.edit.gravatar.enabled"
132     else
133       t "profiles.edit.gravatar.disabled"
134     end
135   end
136 end