]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/user_controller.rb
Change Where am I to Where is this on left sidebar
[rails.git] / app / controllers / user_controller.rb
index 79b411e24e9d10e6775500a5c2f0912458d40682..37f9cd7c204d0c73a8a24ac97d23e60f8267792c 100644 (file)
@@ -45,7 +45,7 @@ class UserController < ApplicationController
         @user.terms_seen = true
 
         if @user.save
-          flash[:notice] = t "user.new.terms declined", :url => t("user.new.terms declined url")
+          flash[:notice] = t("user.new.terms declined", :url => t("user.new.terms declined url")).html_safe
         end
 
         if params[:referer]
@@ -227,7 +227,7 @@ class UserController < ApplicationController
 
       @user.status = "pending"
 
-      if @user.auth_provider.present? && @user.auth_uid.present? && @user.pass_crypt.empty?
+      if @user.auth_provider.present? && @user.pass_crypt.empty?
         # We are creating an account with external authentication and
         # no password was specified so create a random one
         @user.pass_crypt = SecureRandom.base64(16)
@@ -237,7 +237,7 @@ class UserController < ApplicationController
       if @user.invalid?
         # Something is wrong with a new user, so rerender the form
         render :action => "new"
-      elsif @user.auth_provider.present? && @user.auth_uid.present?
+      elsif @user.auth_provider.present?
         # Verify external authenticator before moving on
         session[:new_user] = @user
         redirect_to auth_url(@user.auth_provider, @user.auth_uid)
@@ -250,16 +250,14 @@ class UserController < ApplicationController
   end
 
   def login
-    if params[:username] || params[:openid_url]
-      session[:referer] ||= params[:referer]
+    session[:referer] = params[:referer] if params[:referer]
 
-      if params[:openid_url].present?
-        session[:remember_me] ||= params[:remember_me_openid]
-        redirect_to auth_url("openid", params[:openid_url])
-      else
-        session[:remember_me] ||= params[:remember_me]
-        password_authentication(params[:username], params[:password])
-      end
+    if params[:username].present? && params[:password].present?
+      session[:remember_me] ||= params[:remember_me]
+      password_authentication(params[:username], params[:password])
+    elsif params[:openid_url].present?
+      session[:remember_me] ||= params[:remember_me_openid]
+      redirect_to auth_url("openid", params[:openid_url])
     end
   end
 
@@ -320,16 +318,19 @@ class UserController < ApplicationController
     else
       user = User.find_by_display_name(params[:display_name])
 
-      redirect_to root_path if !user || user.active?
+      redirect_to root_path if user.nil? || user.active?
     end
   end
 
   def confirm_resend
-    if user = User.find_by_display_name(params[:display_name])
-      Notifier.signup_confirm(user, user.tokens.create).deliver_now
-      flash[:notice] = t "user.confirm_resend.success", :email => user.email
-    else
+    user = User.find_by_display_name(params[:display_name])
+    token = UserToken.find_by_token(session[:token])
+
+    if user.nil? || token.nil? || token.user != user
       flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name]
+    else
+      Notifier.signup_confirm(user, user.tokens.create).deliver_now
+      flash[:notice] = t("user.confirm_resend.success", :email => user.email).html_safe
     end
 
     redirect_to :action => "login"
@@ -466,8 +467,8 @@ class UserController < ApplicationController
     if request.post?
       ids = params[:user].keys.collect(&:to_i)
 
-      User.update_all("status = 'confirmed'", :id => ids) if params[:confirm]
-      User.update_all("status = 'deleted'", :id => ids) if params[:hide]
+      User.where(:id => ids).update_all(:status => "confirmed") if params[:confirm]
+      User.where(:id => ids).update_all(:status => "deleted") if params[:hide]
 
       redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page])
     else
@@ -496,11 +497,21 @@ class UserController < ApplicationController
     when "openid"
       email_verified = uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
                        uid.match(%r{https://me.yahoo.com/(.*)})
+    when "google"
+      email_verified = true
     else
       email_verified = false
     end
 
-    if user = User.find_by_auth_provider_and_auth_uid(provider, uid)
+    user = User.find_by_auth_provider_and_auth_uid(provider, uid)
+
+    if user.nil? && provider == "google"
+      openid_url = auth_info[:extra][:id_info]["openid_id"]
+      user = User.find_by_auth_provider_and_auth_uid("openid", openid_url) if openid_url
+      user.update(:auth_provider => provider, :auth_uid => uid) if user
+    end
+
+    if user
       case user.status
       when "pending" then
         unconfirmed_login(user)
@@ -537,7 +548,7 @@ class UserController < ApplicationController
   # omniauth failure callback
   def auth_failure
     flash[:error] = t("user.auth_failure." + params[:message])
-    redirect_to params[:origin]
+    redirect_to params[:origin] || login_url
   end
 
   private
@@ -572,7 +583,7 @@ class UserController < ApplicationController
   def openid_expand_url(openid_url)
     if openid_url.nil?
       return nil
-    elsif openid_url.match(/(.*)gmail.com(\/?)$/) || openid_url.match(/(.*)googlemail.com(\/?)$/)
+    elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
       # Special case gmail.com as it is potentially a popular OpenID
       # provider and, unlike yahoo.com, where it works automatically, Google
       # have hidden their OpenID endpoint somewhere obscure this making it
@@ -614,7 +625,7 @@ class UserController < ApplicationController
   def failed_login(message)
     flash[:error] = message
 
-    redirect_to :action => "login", :referer =>  session[:referer]
+    redirect_to :action => "login", :referer => session[:referer]
 
     session.delete(:remember_me)
     session.delete(:referer)
@@ -623,6 +634,8 @@ class UserController < ApplicationController
   ##
   #
   def unconfirmed_login(user)
+    session[:token] = user.tokens.create.token
+
     redirect_to :action => "confirm", :display_name => user.display_name
 
     session.delete(:remember_me)
@@ -668,8 +681,7 @@ class UserController < ApplicationController
       user.preferred_editor = params[:user][:preferred_editor]
     end
 
-    if params[:user][:auth_provider].nil? || params[:user][:auth_provider].blank? ||
-       params[:user][:auth_uid].nil? || params[:user][:auth_uid].blank?
+    if params[:user][:auth_provider].nil? || params[:user][:auth_provider].blank?
       user.auth_provider = nil
       user.auth_uid = nil
     end