]> git.openstreetmap.org Git - rails.git/blob - app/controllers/confirmations_controller.rb
upgrade to iD-2.30.2 (rotated Mapbox API tokens)
[rails.git] / app / controllers / confirmations_controller.rb
1 class ConfirmationsController < ApplicationController
2   include SessionMethods
3   include UserMethods
4
5   layout "site"
6
7   before_action :authorize_web
8   before_action :set_locale
9   before_action :check_database_readable
10
11   authorize_resource :class => false
12
13   before_action :check_database_writable, :only => [:confirm, :confirm_email]
14   before_action :require_cookies, :only => [:confirm]
15
16   def confirm
17     if request.post?
18       user = User.find_by_token_for(:new_user, params[:confirm_string])
19
20       if !user
21         flash[:error] = t(".unknown token")
22         redirect_to :action => "confirm"
23       elsif user.active?
24         flash[:error] = t(".already active")
25         redirect_to login_path
26       elsif !user.visible?
27         render_unknown_user user.display_name
28       else
29         user.activate
30         user.email_valid = true
31         flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
32         user.save!
33         referer = safe_referer(params[:referer]) if params[:referer]
34
35         pending_user = session.delete(:pending_user)
36
37         if user.id == pending_user
38           session[:user] = user.id
39           session[:fingerprint] = user.fingerprint
40
41           redirect_to referer || welcome_path
42         else
43           flash[:notice] = t(".success")
44           redirect_to login_path(:referer => referer)
45         end
46       end
47     else
48       user = User.visible.find_by(:display_name => params[:display_name])
49
50       redirect_to root_path if user.nil? || user.active?
51     end
52   end
53
54   def confirm_resend
55     user = User.visible.find_by(:display_name => params[:display_name])
56
57     if user.nil? || user.id != session[:pending_user]
58       flash[:error] = t ".failure", :name => params[:display_name]
59     else
60       UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later
61       flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
62     end
63
64     redirect_to login_path
65   end
66
67   def confirm_email
68     if request.post?
69       self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])
70
71       if current_user&.new_email?
72         current_user.email = current_user.new_email
73         current_user.new_email = nil
74         current_user.email_valid = true
75         gravatar_enabled = gravatar_enable(current_user)
76         if current_user.save
77           flash[:notice] = if gravatar_enabled
78                              "#{t('.success')} #{gravatar_status_message(current_user)}"
79                            else
80                              t(".success")
81                            end
82         else
83           flash[:errors] = current_user.errors
84         end
85         session[:user] = current_user.id
86         session[:fingerprint] = current_user.fingerprint
87       elsif current_user
88         flash[:error] = t ".failure"
89       else
90         flash[:error] = t ".unknown_token"
91       end
92
93       redirect_to edit_account_path
94     end
95   end
96
97   private
98
99   ##
100   # check if this user has a gravatar and set the user pref is true
101   def gravatar_enable(user)
102     # code from example https://en.gravatar.com/site/implement/images/ruby/
103     return false if user.avatar.attached?
104
105     begin
106       hash = Digest::MD5.hexdigest(user.email.downcase)
107       url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back
108       response = OSM.http_client.get(URI.parse(url))
109       available = response.success?
110     rescue StandardError
111       available = false
112     end
113
114     oldsetting = user.image_use_gravatar
115     user.image_use_gravatar = available
116     oldsetting != user.image_use_gravatar
117   end
118
119   ##
120   # display a message about th current status of the gravatar setting
121   def gravatar_status_message(user)
122     if user.image_use_gravatar
123       t "profiles.edit.gravatar.enabled"
124     else
125       t "profiles.edit.gravatar.disabled"
126     end
127   end
128 end