app/controllers/confirmations_controller.rb

   1 class ConfirmationsController < ApplicationController
   2   include SessionMethods
   3   include UserMethods
   4
   5   layout "site"
   6
   7   before_action :authorize_web
   8   before_action :set_locale
   9   before_action :check_database_readable
  10
  11   authorize_resource :class => false
  12
  13   before_action :check_database_writable, :only => [:confirm, :confirm_email]
  14   before_action :require_cookies, :only => [:confirm]
  15
  16   def confirm
  17     if request.post?
  18       token = UserToken.find_by(:token => params[:confirm_string])
  19       if token&.user&.active?
  20         flash[:error] = t(".already active")
  21         redirect_to login_path
  22       elsif !token || token.expired?
  23         flash[:error] = t(".unknown token")
  24         redirect_to :action => "confirm"
  25       elsif !token.user.visible?
  26         render_unknown_user token.user.display_name
  27       else
  28         user = token.user
  29         user.activate
  30         user.email_valid = true
  31         flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
  32         user.save!
  33         referer = safe_referer(token.referer) if token.referer
  34         token.destroy
  35
  36         if session[:token]
  37           token = UserToken.find_by(:token => session[:token])
  38           session.delete(:token)
  39         else
  40           token = nil
  41         end
  42
  43         if token.nil? || token.user != user
  44           flash[:notice] = t(".success")
  45           redirect_to login_path(:referer => referer)
  46         else
  47           token.destroy
  48
  49           session[:user] = user.id
  50           session[:fingerprint] = user.fingerprint
  51
  52           redirect_to referer || welcome_path
  53         end
  54       end
  55     else
  56       user = User.visible.find_by(:display_name => params[:display_name])
  57
  58       redirect_to root_path if user.nil? || user.active?
  59     end
  60   end
  61
  62   def confirm_resend
  63     user = User.visible.find_by(:display_name => params[:display_name])
  64     token = UserToken.find_by(:token => session[:token])
  65
  66     if user.nil? || token.nil? || token.user != user
  67       flash[:error] = t ".failure", :name => params[:display_name]
  68     else
  69       UserMailer.signup_confirm(user, user.tokens.create).deliver_later
  70       flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
  71     end
  72
  73     redirect_to login_path
  74   end
  75
  76   def confirm_email
  77     if request.post?
  78       token = params[:confirm_string]
  79
  80       self.current_user = User.find_by_token_for(:new_email, token) ||
  81                           UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
  82
  83       if current_user&.new_email?
  84         current_user.email = current_user.new_email
  85         current_user.new_email = nil
  86         current_user.email_valid = true
  87         gravatar_enabled = gravatar_enable(current_user)
  88         if current_user.save
  89           flash[:notice] = if gravatar_enabled
  90                              "#{t('.success')} #{gravatar_status_message(current_user)}"
  91                            else
  92                              t(".success")
  93                            end
  94         else
  95           flash[:errors] = current_user.errors
  96         end
  97         current_user.tokens.delete_all
  98         session[:user] = current_user.id
  99         session[:fingerprint] = current_user.fingerprint
 100       elsif current_user
 101         flash[:error] = t ".failure"
 102       else
 103         flash[:error] = t ".unknown_token"
 104       end
 105
 106       redirect_to edit_account_path
 107     end
 108   end
 109
 110   private
 111
 112   ##
 113   # check if this user has a gravatar and set the user pref is true
 114   def gravatar_enable(user)
 115     # code from example https://en.gravatar.com/site/implement/images/ruby/
 116     return false if user.avatar.attached?
 117
 118     begin
 119       hash = Digest::MD5.hexdigest(user.email.downcase)
 120       url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back
 121       response = OSM.http_client.get(URI.parse(url))
 122       available = response.success?
 123     rescue StandardError
 124       available = false
 125     end
 126
 127     oldsetting = user.image_use_gravatar
 128     user.image_use_gravatar = available
 129     oldsetting != user.image_use_gravatar
 130   end
 131
 132   ##
 133   # display a message about th current status of the gravatar setting
 134   def gravatar_status_message(user)
 135     if user.image_use_gravatar
 136       t "profiles.edit.gravatar.enabled"
 137     else
 138       t "profiles.edit.gravatar.disabled"
 139     end
 140   end
 141 end