]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/user_controller.rb
Make sure the ID of OpenID URL fields is openid_url
[rails.git] / app / controllers / user_controller.rb
index 1193ec9106b151887fb7518bd727184bd19276ef..b337dc04c6cd8fd50014344c8ec4ae5fdb1b3a73 100644 (file)
@@ -1,6 +1,7 @@
 class UserController < ApplicationController
 class UserController < ApplicationController
-  layout 'site', :except => :api_details
+  layout :choose_layout
 
 
+  before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details]
   before_filter :authorize, :only => [:api_details, :api_gpx_files]
   before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
   before_filter :set_locale, :except => [:api_details, :api_gpx_files]
   before_filter :authorize, :only => [:api_details, :api_gpx_files]
   before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
   before_filter :set_locale, :except => [:api_details, :api_gpx_files]
@@ -24,7 +25,7 @@ class UserController < ApplicationController
 
     if request.xhr?
       render :update do |page|
 
     if request.xhr?
       render :update do |page|
-        page.replace_html "contributorTerms", :partial => "terms", :locals => { :has_decline => params[:has_decline] }
+        page.replace_html "contributorTerms", :partial => "terms"
       end
     elsif using_open_id?
       # The redirect from the OpenID provider reenters here
       end
     elsif using_open_id?
       # The redirect from the OpenID provider reenters here
@@ -66,7 +67,7 @@ class UserController < ApplicationController
         elsif @user.terms_agreed?
           # Already agreed to terms, so just show settings
           redirect_to :action => :account, :display_name => @user.display_name
         elsif @user.terms_agreed?
           # Already agreed to terms, so just show settings
           redirect_to :action => :account, :display_name => @user.display_name
-        elsif params[:user] and params[:user][:openid_url]
+        elsif params[:user] and params[:user][:openid_url] and not params[:user][:openid_url].empty?
           # Verify OpenID before moving on
           session[:new_user] = @user
           openid_verify(params[:user][:openid_url], @user)
           # Verify OpenID before moving on
           session[:new_user] = @user
           openid_verify(params[:user][:openid_url], @user)
@@ -84,17 +85,36 @@ class UserController < ApplicationController
     if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"})
       render :action => 'new'
     elsif params[:decline]
     if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"})
       render :action => 'new'
     elsif params[:decline]
-      redirect_to t('user.terms.declined')
+      if @user
+        @user.terms_seen = true
+
+        if @user.save
+          flash[:notice] = t 'user.new.terms declined', :url => t('user.new.terms declined url')
+        end
+
+        if params[:referer]
+          redirect_to params[:referer]
+        else
+          redirect_to :action => :account, :display_name => @user.display_name
+        end
+      else
+        redirect_to t('user.terms.declined')
+      end
     elsif @user
       if !@user.terms_agreed?
         @user.consider_pd = params[:user][:consider_pd]
         @user.terms_agreed = Time.now.getutc
     elsif @user
       if !@user.terms_agreed?
         @user.consider_pd = params[:user][:consider_pd]
         @user.terms_agreed = Time.now.getutc
+        @user.terms_seen = true
         if @user.save
           flash[:notice] = t 'user.new.terms accepted'
         end
       end
 
         if @user.save
           flash[:notice] = t 'user.new.terms accepted'
         end
       end
 
-      redirect_to :action => :account, :display_name => @user.display_name
+      if params[:referer]
+        redirect_to params[:referer]
+      else
+        redirect_to :action => :account, :display_name => @user.display_name
+      end
     else
       @user = User.new(params[:user])
 
     else
       @user = User.new(params[:user])
 
@@ -104,14 +124,16 @@ class UserController < ApplicationController
       @user.creation_ip = request.remote_ip
       @user.languages = request.user_preferred_languages
       @user.terms_agreed = Time.now.getutc
       @user.creation_ip = request.remote_ip
       @user.languages = request.user_preferred_languages
       @user.terms_agreed = Time.now.getutc
-
+      @user.terms_seen = true
+      @user.openid_url = nil if @user.openid_url and @user.openid_url.empty?
+      
       if @user.save
         flash[:notice] = t 'user.new.flash create success message', :email => @user.email
         Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer)))
         session[:token] = @user.tokens.create.token
       if @user.save
         flash[:notice] = t 'user.new.flash create success message', :email => @user.email
         Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer)))
         session[:token] = @user.tokens.create.token
-        redirect_to :action => 'login'
+        redirect_to :action => 'login', :referer => params[:referer]
       else
       else
-        render :action => 'new'
+        render :action => 'new', :referer => params[:referer]
       end
     end
   end
       end
     end
   end
@@ -265,9 +287,9 @@ class UserController < ApplicationController
         if token
           token.destroy
         end
         if token
           token.destroy
         end
-        session[:token] = nil
+        session.delete(:token)
       end
       end
-      session[:user] = nil
+      session.delete(:user)
       session_expires_automatically
       if params[:referer]
         redirect_to params[:referer]
       session_expires_automatically
       if params[:referer]
         redirect_to params[:referer]
@@ -517,6 +539,10 @@ private
               failed_login t('user.login.auth failure')
           end
         else
               failed_login t('user.login.auth failure')
           end
         else
+          # Guard against not getting any extension data
+          sreg = Hash.new if sreg.nil?
+          ax = Hash.new if ax.nil?
+
           # We don't have a user registered to this OpenID, so redirect
           # to the create account page with username and email filled
           # in if they have been given by the OpenID provider through
           # We don't have a user registered to this OpenID, so redirect
           # to the create account page with username and email filled
           # in if they have been given by the OpenID provider through
@@ -581,15 +607,22 @@ private
   # process a successful login
   def successful_login(user)
     session[:user] = user.id
   # process a successful login
   def successful_login(user)
     session[:user] = user.id
-
     session_expires_after 1.month if session[:remember_me]
 
     session_expires_after 1.month if session[:remember_me]
 
-    if user.blocked_on_view
-      redirect_to user.blocked_on_view, :referer => params[:referer]
-    elsif session[:referer]
-      redirect_to session[:referer]
+    target = session[:referer] || url_for(:controller => :site, :action => :index)
+
+    # The user is logged in, so decide where to send them:
+    #
+    # - If they haven't seen the contributor terms, send them there.
+    # - If they have a block on them, show them that.
+    # - If they were referred to the login, send them back there.
+    # - Otherwise, send them to the home page.
+    if REQUIRE_TERMS_SEEN and not user.terms_seen
+      redirect_to :controller => :user, :action => :terms, :referer => target
+    elsif user.blocked_on_view
+      redirect_to user.blocked_on_view, :referer => target
     else
     else
-      redirect_to :controller => 'site', :action => 'index'
+      redirect_to target
     end
 
     session.delete(:remember_me)
     end
 
     session.delete(:remember_me)
@@ -651,4 +684,28 @@ private
   rescue ActiveRecord::RecordNotFound
     redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user
   end
   rescue ActiveRecord::RecordNotFound
     redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user
   end
+
+  ##
+  # Choose the layout to use. See
+  # https://rails.lighthouseapp.com/projects/8994/tickets/5371-layout-with-onlyexcept-options-makes-other-actions-render-without-layouts
+  def choose_layout
+    oauth_url = url_for(:controller => :oauth, :action => :oauthorize, :only_path => true)
+
+    if [ 'api_details' ].include? action_name
+      nil
+    elsif params[:referer] and URI.parse(params[:referer]).path == oauth_url
+      'slim'
+    else
+      'site'
+    end
+  end
+
+  ##
+  #
+  def disable_terms_redirect
+    # this is necessary otherwise going to the user terms page, when 
+    # having not agreed already would cause an infinite redirect loop.
+    # it's .now so that this doesn't propagate to other pages.
+    flash.now[:skip_terms] = true
+  end
 end
 end