]> git.openstreetmap.org Git - rails.git/blob - app/controllers/user_controller.rb
Merge remote-tracking branch 'upstream/pull/1614'
[rails.git] / app / controllers / user_controller.rb
1 class UserController < ApplicationController
2   layout "site", :except => [:api_details]
3
4   skip_before_action :verify_authenticity_token, :only => [:api_read, :api_details, :api_gpx_files, :auth_success]
5   before_action :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
6   before_action :authorize, :only => [:api_details, :api_gpx_files]
7   before_action :authorize_web, :except => [:api_read, :api_details, :api_gpx_files]
8   before_action :set_locale, :except => [:api_read, :api_details, :api_gpx_files]
9   before_action :require_user, :only => [:account, :go_public, :make_friend, :remove_friend]
10   before_action :require_self, :only => [:account]
11   before_action :check_database_readable, :except => [:login, :api_read, :api_details, :api_gpx_files]
12   before_action :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public, :make_friend, :remove_friend]
13   before_action :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files]
14   before_action :require_allow_read_prefs, :only => [:api_details]
15   before_action :require_allow_read_gpx, :only => [:api_gpx_files]
16   before_action :require_cookies, :only => [:new, :login, :confirm]
17   before_action :require_administrator, :only => [:set_status, :delete, :list]
18   around_action :api_call_handle_error, :only => [:api_read, :api_details, :api_gpx_files]
19   before_action :lookup_user_by_id, :only => [:api_read]
20   before_action :lookup_user_by_name, :only => [:set_status, :delete]
21
22   def terms
23     @legale = params[:legale] || OSM.ip_to_country(request.remote_ip) || DEFAULT_LEGALE
24     @text = OSM.legal_text_for_country(@legale)
25
26     if request.xhr?
27       render :partial => "terms"
28     else
29       @title = t "user.terms.title"
30
31       if current_user && current_user.terms_agreed?
32         # Already agreed to terms, so just show settings
33         redirect_to :action => :account, :display_name => current_user.display_name
34       elsif current_user.nil? && session[:new_user].nil?
35         redirect_to :action => :login, :referer => request.fullpath
36       end
37     end
38   end
39
40   def save
41     @title = t "user.new.title"
42
43     if params[:decline]
44       if current_user
45         current_user.terms_seen = true
46
47         if current_user.save
48           flash[:notice] = t("user.new.terms declined", :url => t("user.new.terms declined url")).html_safe
49         end
50
51         if params[:referer]
52           redirect_to params[:referer]
53         else
54           redirect_to :action => :account, :display_name => current_user.display_name
55         end
56       else
57         redirect_to t("user.terms.declined")
58       end
59     elsif current_user
60       unless current_user.terms_agreed?
61         current_user.consider_pd = params[:user][:consider_pd]
62         current_user.terms_agreed = Time.now.getutc
63         current_user.terms_seen = true
64
65         flash[:notice] = t "user.new.terms accepted" if current_user.save
66       end
67
68       if params[:referer]
69         redirect_to params[:referer]
70       else
71         redirect_to :action => :account, :display_name => current_user.display_name
72       end
73     else
74       self.current_user = session.delete(:new_user)
75
76       if check_signup_allowed(current_user.email)
77         current_user.data_public = true
78         current_user.description = "" if current_user.description.nil?
79         current_user.creation_ip = request.remote_ip
80         current_user.languages = http_accept_language.user_preferred_languages
81         current_user.terms_agreed = Time.now.getutc
82         current_user.terms_seen = true
83
84         if current_user.auth_uid.blank?
85           current_user.auth_provider = nil
86           current_user.auth_uid = nil
87         end
88
89         if current_user.save
90           flash[:piwik_goal] = PIWIK["goals"]["signup"] if defined?(PIWIK)
91
92           referer = welcome_path
93
94           begin
95             uri = URI(session[:referer])
96             %r{map=(.*)/(.*)/(.*)}.match(uri.fragment) do |m|
97               editor = Rack::Utils.parse_query(uri.query).slice("editor")
98               referer = welcome_path({ "zoom" => m[1],
99                                        "lat" => m[2],
100                                        "lon" => m[3] }.merge(editor))
101             end
102           rescue
103             # Use default
104           end
105
106           if current_user.status == "active"
107             session[:referer] = referer
108             successful_login(current_user)
109           else
110             session[:token] = current_user.tokens.create.token
111             Notifier.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_now
112             redirect_to :action => "confirm", :display_name => current_user.display_name
113           end
114         else
115           render :action => "new", :referer => params[:referer]
116         end
117       end
118     end
119   end
120
121   def account
122     @title = t "user.account.title"
123     @tokens = current_user.oauth_tokens.authorized
124
125     if params[:user] && params[:user][:display_name] && params[:user][:description]
126       if params[:user][:auth_provider].blank? ||
127          (params[:user][:auth_provider] == current_user.auth_provider &&
128           params[:user][:auth_uid] == current_user.auth_uid)
129         update_user(current_user, params)
130       else
131         session[:new_user_settings] = params
132         redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid])
133       end
134     elsif errors = session.delete(:user_errors)
135       errors.each do |attribute, error|
136         current_user.errors.add(attribute, error)
137       end
138     end
139   end
140
141   def go_public
142     current_user.data_public = true
143     current_user.save
144     flash[:notice] = t "user.go_public.flash success"
145     redirect_to :action => "account", :display_name => current_user.display_name
146   end
147
148   def lost_password
149     @title = t "user.lost_password.title"
150
151     if params[:user] && params[:user][:email]
152       user = User.visible.find_by(:email => params[:user][:email])
153
154       if user.nil?
155         users = User.visible.where("LOWER(email) = LOWER(?)", params[:user][:email])
156
157         user = users.first if users.count == 1
158       end
159
160       if user
161         token = user.tokens.create
162         Notifier.lost_password(user, token).deliver_now
163         flash[:notice] = t "user.lost_password.notice email on way"
164         redirect_to :action => "login"
165       else
166         flash.now[:error] = t "user.lost_password.notice email cannot find"
167       end
168     end
169   end
170
171   def reset_password
172     @title = t "user.reset_password.title"
173
174     if params[:token]
175       token = UserToken.find_by(:token => params[:token])
176
177       if token
178         self.current_user = token.user
179
180         if params[:user]
181           current_user.pass_crypt = params[:user][:pass_crypt]
182           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
183           current_user.status = "active" if current_user.status == "pending"
184           current_user.email_valid = true
185
186           if current_user.save
187             token.destroy
188             flash[:notice] = t "user.reset_password.flash changed"
189             successful_login(current_user)
190           end
191         end
192       else
193         flash[:error] = t "user.reset_password.flash token bad"
194         redirect_to :action => "lost_password"
195       end
196     else
197       head :bad_request
198     end
199   end
200
201   def new
202     @title = t "user.new.title"
203     @referer = params[:referer] || session[:referer]
204
205     if current_user
206       # The user is logged in already, so don't show them the signup
207       # page, instead send them to the home page
208       if @referer
209         redirect_to @referer
210       else
211         redirect_to :controller => "site", :action => "index"
212       end
213     elsif params.key?(:auth_provider) && params.key?(:auth_uid)
214       self.current_user = User.new(:email => params[:email],
215                                    :email_confirmation => params[:email],
216                                    :display_name => params[:nickname],
217                                    :auth_provider => params[:auth_provider],
218                                    :auth_uid => params[:auth_uid])
219
220       flash.now[:notice] = render_to_string :partial => "auth_association"
221     else
222       check_signup_allowed
223
224       self.current_user = User.new
225     end
226   end
227
228   def create
229     self.current_user = User.new(user_params)
230
231     if check_signup_allowed(current_user.email)
232       session[:referer] = params[:referer]
233
234       current_user.status = "pending"
235
236       if current_user.auth_provider.present? && current_user.pass_crypt.empty?
237         # We are creating an account with external authentication and
238         # no password was specified so create a random one
239         current_user.pass_crypt = SecureRandom.base64(16)
240         current_user.pass_crypt_confirmation = current_user.pass_crypt
241       end
242
243       if current_user.invalid?
244         # Something is wrong with a new user, so rerender the form
245         render :action => "new"
246       elsif current_user.auth_provider.present?
247         # Verify external authenticator before moving on
248         session[:new_user] = current_user
249         redirect_to auth_url(current_user.auth_provider, current_user.auth_uid)
250       else
251         # Save the user record
252         session[:new_user] = current_user
253         redirect_to :action => :terms
254       end
255     end
256   end
257
258   def login
259     session[:referer] = params[:referer] if params[:referer]
260
261     if params[:username].present? && params[:password].present?
262       session[:remember_me] ||= params[:remember_me]
263       password_authentication(params[:username], params[:password])
264     elsif params[:openid_url].present?
265       session[:remember_me] ||= params[:remember_me_openid]
266       redirect_to auth_url("openid", params[:openid_url], params[:referer])
267     end
268   end
269
270   def logout
271     @title = t "user.logout.title"
272
273     if params[:session] == session.id
274       if session[:token]
275         token = UserToken.find_by(:token => session[:token])
276         token.destroy if token
277         session.delete(:token)
278       end
279       session.delete(:user)
280       session_expires_automatically
281       if params[:referer]
282         redirect_to params[:referer]
283       else
284         redirect_to :controller => "site", :action => "index"
285       end
286     end
287   end
288
289   def confirm
290     if request.post?
291       token = UserToken.find_by(:token => params[:confirm_string])
292       if token && token.user.active?
293         flash[:error] = t("user.confirm.already active")
294         redirect_to :action => "login"
295       elsif !token || token.expired?
296         flash[:error] = t("user.confirm.unknown token")
297         redirect_to :action => "confirm"
298       else
299         user = token.user
300         user.status = "active"
301         user.email_valid = true
302         flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
303         user.save!
304         referer = token.referer
305         token.destroy
306
307         if session[:token]
308           token = UserToken.find_by(:token => session[:token])
309           session.delete(:token)
310         else
311           token = nil
312         end
313
314         if token.nil? || token.user != user
315           flash[:notice] = t("user.confirm.success")
316           redirect_to :action => :login, :referer => referer
317         else
318           token.destroy
319
320           session[:user] = user.id
321
322           redirect_to referer || welcome_path
323         end
324       end
325     else
326       user = User.find_by(:display_name => params[:display_name])
327
328       redirect_to root_path if user.nil? || user.active?
329     end
330   end
331
332   def confirm_resend
333     user = User.find_by(:display_name => params[:display_name])
334     token = UserToken.find_by(:token => session[:token])
335
336     if user.nil? || token.nil? || token.user != user
337       flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name]
338     else
339       Notifier.signup_confirm(user, user.tokens.create).deliver_now
340       flash[:notice] = t("user.confirm_resend.success", :email => user.email, :sender => SUPPORT_EMAIL).html_safe
341     end
342
343     redirect_to :action => "login"
344   end
345
346   def confirm_email
347     if request.post?
348       token = UserToken.find_by(:token => params[:confirm_string])
349       if token && token.user.new_email?
350         self.current_user = token.user
351         current_user.email = current_user.new_email
352         current_user.new_email = nil
353         current_user.email_valid = true
354         gravatar_enabled = gravatar_enable(current_user)
355         if current_user.save
356           flash[:notice] = if gravatar_enabled
357                              t("user.confirm_email.success") + " " + gravatar_status_message(current_user)
358                            else
359                              t("user.confirm_email.success")
360                            end
361         else
362           flash[:errors] = current_user.errors
363         end
364         token.destroy
365         session[:user] = current_user.id
366         redirect_to :action => "account", :display_name => current_user.display_name
367       elsif token
368         flash[:error] = t "user.confirm_email.failure"
369         redirect_to :action => "account", :display_name => token.user.display_name
370       else
371         flash[:error] = t "user.confirm_email.unknown_token"
372       end
373     end
374   end
375
376   def api_read
377     if @this_user.visible?
378       render :action => :api_read, :content_type => "text/xml"
379     else
380       head :gone
381     end
382   end
383
384   def api_details
385     @this_user = current_user
386     render :action => :api_read, :content_type => "text/xml"
387   end
388
389   def api_gpx_files
390     doc = OSM::API.new.get_xml_doc
391     current_user.traces.reload.each do |trace|
392       doc.root << trace.to_xml_node
393     end
394     render :xml => doc.to_s
395   end
396
397   def view
398     @this_user = User.find_by(:display_name => params[:display_name])
399
400     if @this_user &&
401        (@this_user.visible? || (current_user && current_user.administrator?))
402       @title = @this_user.display_name
403     else
404       render_unknown_user params[:display_name]
405     end
406   end
407
408   def make_friend
409     @new_friend = User.find_by(:display_name => params[:display_name])
410
411     if @new_friend
412       if request.post?
413         friend = Friend.new
414         friend.user_id = current_user.id
415         friend.friend_user_id = @new_friend.id
416         if current_user.is_friends_with?(@new_friend)
417           flash[:warning] = t "user.make_friend.already_a_friend", :name => @new_friend.display_name
418         elsif friend.save
419           flash[:notice] = t "user.make_friend.success", :name => @new_friend.display_name
420           Notifier.friend_notification(friend).deliver_now
421         else
422           friend.add_error(t("user.make_friend.failed", :name => @new_friend.display_name))
423         end
424
425         if params[:referer]
426           redirect_to params[:referer]
427         else
428           redirect_to :action => "view"
429         end
430       end
431     else
432       render_unknown_user params[:display_name]
433     end
434   end
435
436   def remove_friend
437     @friend = User.find_by(:display_name => params[:display_name])
438
439     if @friend
440       if request.post?
441         if current_user.is_friends_with?(@friend)
442           Friend.where(:user_id => current_user.id, :friend_user_id => @friend.id).delete_all
443           flash[:notice] = t "user.remove_friend.success", :name => @friend.display_name
444         else
445           flash[:error] = t "user.remove_friend.not_a_friend", :name => @friend.display_name
446         end
447
448         if params[:referer]
449           redirect_to params[:referer]
450         else
451           redirect_to :action => "view"
452         end
453       end
454     else
455       render_unknown_user params[:display_name]
456     end
457   end
458
459   ##
460   # sets a user's status
461   def set_status
462     @this_user.status = params[:status]
463     @this_user.save
464     redirect_to :action => "view", :display_name => params[:display_name]
465   end
466
467   ##
468   # delete a user, marking them as deleted and removing personal data
469   def delete
470     @this_user.delete
471     redirect_to :action => "view", :display_name => params[:display_name]
472   end
473
474   ##
475   # display a list of users matching specified criteria
476   def list
477     if request.post?
478       ids = params[:user].keys.collect(&:to_i)
479
480       User.where(:id => ids).update_all(:status => "confirmed") if params[:confirm]
481       User.where(:id => ids).update_all(:status => "deleted") if params[:hide]
482
483       redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page])
484     else
485       @params = params.permit(:status, :ip)
486
487       conditions = {}
488       conditions[:status] = @params[:status] if @params[:status]
489       conditions[:creation_ip] = @params[:ip] if @params[:ip]
490
491       @user_pages, @users = paginate(:users,
492                                      :conditions => conditions,
493                                      :order => :id,
494                                      :per_page => 50)
495     end
496   end
497
498   ##
499   # omniauth success callback
500   def auth_success
501     auth_info = request.env["omniauth.auth"]
502
503     provider = auth_info[:provider]
504     uid = auth_info[:uid]
505     name = auth_info[:info][:name]
506     email = auth_info[:info][:email]
507
508     case provider
509     when "openid"
510       email_verified = uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
511                        uid.match(%r{https://me.yahoo.com/(.*)})
512     when "google", "facebook"
513       email_verified = true
514     else
515       email_verified = false
516     end
517
518     if settings = session.delete(:new_user_settings)
519       current_user.auth_provider = provider
520       current_user.auth_uid = uid
521
522       update_user(current_user, settings)
523
524       session[:user_errors] = current_user.errors.as_json
525
526       redirect_to :action => "account", :display_name => current_user.display_name
527     elsif session[:new_user]
528       session[:new_user].auth_provider = provider
529       session[:new_user].auth_uid = uid
530
531       if email_verified && email == session[:new_user].email
532         session[:new_user].status = "active"
533       end
534
535       redirect_to :action => "terms"
536     else
537       user = User.find_by(:auth_provider => provider, :auth_uid => uid)
538
539       if user.nil? && provider == "google"
540         openid_url = auth_info[:extra][:id_info]["openid_id"]
541         user = User.find_by(:auth_provider => "openid", :auth_uid => openid_url) if openid_url
542         user.update(:auth_provider => provider, :auth_uid => uid) if user
543       end
544
545       if user
546         case user.status
547         when "pending" then
548           unconfirmed_login(user)
549         when "active", "confirmed" then
550           successful_login(user, request.env["omniauth.params"]["referer"])
551         when "suspended" then
552           failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}").html_safe
553         else
554           failed_login t("user.login.auth failure")
555         end
556       else
557         redirect_to :action => "new", :nickname => name, :email => email,
558                     :auth_provider => provider, :auth_uid => uid
559       end
560     end
561   end
562
563   ##
564   # omniauth failure callback
565   def auth_failure
566     flash[:error] = t("user.auth_failure." + params[:message])
567     redirect_to params[:origin] || login_url
568   end
569
570   private
571
572   ##
573   # handle password authentication
574   def password_authentication(username, password)
575     if user = User.authenticate(:username => username, :password => password)
576       successful_login(user)
577     elsif user = User.authenticate(:username => username, :password => password, :pending => true)
578       unconfirmed_login(user)
579     elsif User.authenticate(:username => username, :password => password, :suspended => true)
580       failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}").html_safe, username
581     else
582       failed_login t("user.login.auth failure"), username
583     end
584   end
585
586   ##
587   # return the URL to use for authentication
588   def auth_url(provider, uid, referer = nil)
589     params = { :provider => provider }
590
591     params[:openid_url] = openid_expand_url(uid) if provider == "openid"
592
593     if referer.nil?
594       params[:origin] = request.path
595     else
596       params[:origin] = request.path + "?referer=" + CGI.escape(referer)
597       params[:referer] = referer
598     end
599
600     auth_path(params)
601   end
602
603   ##
604   # special case some common OpenID providers by applying heuristics to
605   # try and come up with the correct URL based on what the user entered
606   def openid_expand_url(openid_url)
607     if openid_url.nil?
608       nil
609     elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
610       # Special case gmail.com as it is potentially a popular OpenID
611       # provider and, unlike yahoo.com, where it works automatically, Google
612       # have hidden their OpenID endpoint somewhere obscure this making it
613       # somewhat less user friendly.
614       "https://www.google.com/accounts/o8/id"
615     else
616       openid_url
617     end
618   end
619
620   ##
621   # process a successful login
622   def successful_login(user, referer = nil)
623     session[:user] = user.id
624     session_expires_after 28.days if session[:remember_me]
625
626     target = referer || session[:referer] || url_for(:controller => :site, :action => :index)
627
628     # The user is logged in, so decide where to send them:
629     #
630     # - If they haven't seen the contributor terms, send them there.
631     # - If they have a block on them, show them that.
632     # - If they were referred to the login, send them back there.
633     # - Otherwise, send them to the home page.
634     if REQUIRE_TERMS_SEEN && !user.terms_seen
635       redirect_to :action => :terms, :referer => target
636     elsif user.blocked_on_view
637       redirect_to user.blocked_on_view, :referer => target
638     else
639       redirect_to target
640     end
641
642     session.delete(:remember_me)
643     session.delete(:referer)
644   end
645
646   ##
647   # process a failed login
648   def failed_login(message, username = nil)
649     flash[:error] = message
650
651     redirect_to :action => "login", :referer => session[:referer],
652                 :username => username, :remember_me => session[:remember_me]
653
654     session.delete(:remember_me)
655     session.delete(:referer)
656   end
657
658   ##
659   #
660   def unconfirmed_login(user)
661     session[:token] = user.tokens.create.token
662
663     redirect_to :action => "confirm", :display_name => user.display_name
664
665     session.delete(:remember_me)
666     session.delete(:referer)
667   end
668
669   ##
670   # update a user's details
671   def update_user(user, params)
672     user.display_name = params[:user][:display_name]
673     user.new_email = params[:user][:new_email]
674
675     unless params[:user][:pass_crypt].empty? && params[:user][:pass_crypt_confirmation].empty?
676       user.pass_crypt = params[:user][:pass_crypt]
677       user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
678     end
679
680     if params[:user][:description] != user.description
681       user.description = params[:user][:description]
682       user.description_format = "markdown"
683     end
684
685     user.languages = params[:user][:languages].split(",")
686
687     case params[:image_action]
688     when "new" then
689       user.image = params[:user][:image]
690       user.image_use_gravatar = false
691     when "delete" then
692       user.image = nil
693       user.image_use_gravatar = false
694     when "gravatar" then
695       user.image = nil
696       user.image_use_gravatar = true
697     end
698
699     user.home_lat = params[:user][:home_lat]
700     user.home_lon = params[:user][:home_lon]
701
702     user.preferred_editor = if params[:user][:preferred_editor] == "default"
703                               nil
704                             else
705                               params[:user][:preferred_editor]
706                             end
707
708     if params[:user][:auth_provider].nil? || params[:user][:auth_provider].blank?
709       user.auth_provider = nil
710       user.auth_uid = nil
711     end
712
713     if user.save
714       set_locale
715
716       if user.new_email.blank? || user.new_email == user.email
717         flash.now[:notice] = t "user.account.flash update success"
718       else
719         user.email = user.new_email
720
721         if user.valid?
722           flash.now[:notice] = t "user.account.flash update success confirm needed"
723
724           begin
725             Notifier.email_confirm(user, user.tokens.create).deliver_now
726           rescue
727             # Ignore errors sending email
728           end
729         else
730           current_user.errors.add(:new_email, current_user.errors[:email])
731           current_user.errors.add(:email, [])
732         end
733
734         user.restore_email!
735       end
736     end
737   end
738
739   ##
740   # require that the user is a administrator, or fill out a helpful error message
741   # and return them to the user page.
742   def require_administrator
743     if current_user && !current_user.administrator?
744       flash[:error] = t("user.filter.not_an_administrator")
745
746       if params[:display_name]
747         redirect_to :action => "view", :display_name => params[:display_name]
748       else
749         redirect_to :action => "login", :referer => request.fullpath
750       end
751     elsif !current_user
752       redirect_to :action => "login", :referer => request.fullpath
753     end
754   end
755
756   ##
757   # require that the user in the URL is the logged in user
758   def require_self
759     head :forbidden if params[:display_name] != current_user.display_name
760   end
761
762   ##
763   # ensure that there is a "this_user" instance variable
764   def lookup_user_by_id
765     @this_user = User.find(params[:id])
766   end
767
768   ##
769   # ensure that there is a "this_user" instance variable
770   def lookup_user_by_name
771     @this_user = User.find_by(:display_name => params[:display_name])
772   rescue ActiveRecord::RecordNotFound
773     redirect_to :action => "view", :display_name => params[:display_name] unless @this_user
774   end
775
776   ##
777   #
778   def disable_terms_redirect
779     # this is necessary otherwise going to the user terms page, when
780     # having not agreed already would cause an infinite redirect loop.
781     # it's .now so that this doesn't propagate to other pages.
782     flash.now[:skip_terms] = true
783   end
784
785   ##
786   # return permitted user parameters
787   def user_params
788     params.require(:user).permit(:email, :email_confirmation, :display_name,
789                                  :auth_provider, :auth_uid,
790                                  :pass_crypt, :pass_crypt_confirmation)
791   end
792
793   ##
794   # check signup acls
795   def check_signup_allowed(email = nil)
796     domain = if email.nil?
797                nil
798              else
799                email.split("@").last
800              end
801
802     if blocked = Acl.no_account_creation(request.remote_ip, domain)
803       logger.info "Blocked signup from #{request.remote_ip} for #{email}"
804
805       render :action => "blocked"
806     end
807
808     !blocked
809   end
810
811   ##
812   # check if this user has a gravatar and set the user pref is true
813   def gravatar_enable(user)
814     # code from example https://en.gravatar.com/site/implement/images/ruby/
815     return false if user.image.present?
816     hash = Digest::MD5.hexdigest(user.email.downcase)
817     url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back
818     response = OSM.http_client.get(URI.parse(url))
819     oldsetting = user.image_use_gravatar
820     user.image_use_gravatar = response.success?
821     oldsetting != user.image_use_gravatar
822   end
823
824   ##
825   # display a message about th current status of the gravatar setting
826   def gravatar_status_message(user)
827     if user.image_use_gravatar
828       t "user.account.gravatar.enabled"
829     else
830       t "user.account.gravatar.disabled"
831     end
832   end
833 end