1 class AccountsController < ApplicationController
7 before_action :authorize_web
8 before_action :set_locale
10 authorize_resource :class => false
12 before_action :check_database_readable
13 before_action :check_database_writable, :only => [:update]
14 before_action :allow_thirdparty_images, :only => [:edit, :update]
17 @tokens = current_user.oauth_tokens.authorized
19 append_content_security_policy_directives(
20 :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
23 if errors = session.delete(:user_errors)
24 errors.each do |attribute, error|
25 current_user.errors.add(attribute, error)
32 @tokens = current_user.oauth_tokens.authorized
34 append_content_security_policy_directives(
35 :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
38 user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
40 if params[:user][:auth_provider].blank? ||
41 (params[:user][:auth_provider] == current_user.auth_provider &&
42 params[:user][:auth_uid] == current_user.auth_uid)
43 update_user(current_user, user_params)
44 if current_user.errors.count.zero?
45 redirect_to edit_account_path
50 session[:new_user_settings] = user_params.to_h
51 redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid]), :status => :temporary_redirect
56 if current_user.deletion_allowed?
57 current_user.soft_destroy!
60 session_expires_automatically
62 flash[:notice] = t ".success"