Missed a couple close buttons

[rails.git] / app / controllers / user_controller.rb
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb

index fdef4ea04de9da617499567b76330001d0c1b3ff..a3d1b6e6757511742311cf82ae535b924f9ccd3f 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -26,13 +26,12 @@ class UserController < ApplicationController
        render :partial => "terms"
      else
        @title = t 'user.terms.title'
        render :partial => "terms"
      else
        @title = t 'user.terms.title'
-      @user ||= session[:new_user]
  
  
-      if !@user
-        redirect_to :action => :login, :referer => request.fullpath
-      elsif @user.terms_agreed?
+      if @user and @user.terms_agreed?
          # Already agreed to terms, so just show settings
          redirect_to :action => :account, :display_name => @user.display_name
          # Already agreed to terms, so just show settings
          redirect_to :action => :account, :display_name => @user.display_name
+      elsif @user.nil? and session[:new_user].nil?
+        redirect_to :action => :login, :referer => request.fullpath
        end
      end
    end
        end
      end
    end
@@ -74,25 +73,30 @@ class UserController < ApplicationController
      else
        @user = session.delete(:new_user)
  
      else
        @user = session.delete(:new_user)
  
-      if Acl.no_account_creation(request.remote_ip, @user.email.split("@").last)
-        render :action => 'blocked'
-      else
+      if check_signup_allowed(@user.email)
          @user.data_public = true
          @user.description = "" if @user.description.nil?
          @user.creation_ip = request.remote_ip
          @user.data_public = true
          @user.description = "" if @user.description.nil?
          @user.creation_ip = request.remote_ip
-        @user.languages = request.user_preferred_languages
+        @user.languages = http_accept_language.user_preferred_languages
          @user.terms_agreed = Time.now.getutc
          @user.terms_seen = true
          @user.openid_url = nil if @user.openid_url and @user.openid_url.empty?
  
          if @user.save
          @user.terms_agreed = Time.now.getutc
          @user.terms_seen = true
          @user.openid_url = nil if @user.openid_url and @user.openid_url.empty?
  
          if @user.save
-          flash[:piwik_goal] = PIWIK_SIGNUP_GOAL if defined?(PIWIK_SIGNUP_GOAL)
+          flash[:piwik_goal] = PIWIK["goals"]["signup"] if defined?(PIWIK)
+
+          referer = welcome_path
  
            begin
  
            begin
-            referer_params = Rack::Utils.parse_query(URI(session[:referer]).query)
-            referer = welcome_path(referer_params.slice(:lat, :lon, :zoom, :editor))
+            uri = URI(session[:referer])
+            /map=(.*)\/(.*)\/(.*)/.match(uri.fragment) do |m|
+              editor = Rack::Utils.parse_query(uri.query).slice('editor')
+              referer = welcome_path({'zoom' => m[1],
+                                      'lat' => m[2],
+                                      'lon' => m[3]}.merge(editor))
+            end
            rescue
            rescue
-            referer = welcome_path
+            # Use default
            end
  
            if @user.status == "active"
            end
  
            if @user.status == "active"
@@ -232,19 +236,17 @@ class UserController < ApplicationController
                         :openid_url => params[:openid])
  
        flash.now[:notice] = t 'user.new.openid association'
                         :openid_url => params[:openid])
  
        flash.now[:notice] = t 'user.new.openid association'
-    elsif Acl.no_account_creation(request.remote_ip)
-      render :action => 'blocked'
+    else
+      check_signup_allowed
      end
    end
  
    def create
      end
    end
  
    def create
-    if params[:user] and Acl.no_account_creation(request.remote_ip, params[:user][:email].split("@").last)
-      render :action => 'blocked'
+    @user = User.new(user_params)
  
  
-    else
+    if check_signup_allowed(@user.email)
        session[:referer] = params[:referer]
  
        session[:referer] = params[:referer]
  
-      @user = User.new(params[:user])
        @user.status = "pending"
  
        if @user.openid_url.present? && @user.pass_crypt.empty?
        @user.status = "pending"
  
        if @user.openid_url.present? && @user.pass_crypt.empty?
@@ -304,10 +306,14 @@ class UserController < ApplicationController
    end
  
    def confirm
    end
  
    def confirm
-    if request.post? && (token = UserToken.find_by_token(params[:confirm_string]))
-      if token.user.active?
+    if request.post?
+      token = UserToken.find_by_token(params[:confirm_string])
+      if token && token.user.active?
          flash[:error] = t('user.confirm.already active')
          redirect_to :action => 'login'
          flash[:error] = t('user.confirm.already active')
          redirect_to :action => 'login'
+      elsif !token || token.expired?
+        flash[:error] = t('user.confirm.unknown token')
+        redirect_to :action => 'confirm'
        else
          user = token.user
          user.status = "active"
        else
          user = token.user
          user.status = "active"
@@ -721,7 +727,7 @@ private
  
        cookies.permanent["_osm_username"] = user.display_name
  
  
        cookies.permanent["_osm_username"] = user.display_name
  
-      if user.new_email.blank?
+      if user.new_email.blank? or user.new_email == user.email
          flash.now[:notice] = t 'user.account.flash update success'
        else
          user.email = user.new_email
          flash.now[:notice] = t 'user.account.flash update success'
        else
          user.email = user.new_email
@@ -798,4 +804,28 @@ private
      # it's .now so that this doesn't propagate to other pages.
      flash.now[:skip_terms] = true
    end
      # it's .now so that this doesn't propagate to other pages.
      flash.now[:skip_terms] = true
    end
+
+  ##
+  # return permitted user parameters
+  def user_params
+    params.require(:user).permit(:email, :email_confirmation, :display_name, :openid_url, :pass_crypt, :pass_crypt_confirmation)
+  end
+
+  ##
+  # check signup acls
+  def check_signup_allowed(email = nil)
+    if email.nil?
+      domain = nil
+    else
+      domain = email.split("@").last
+    end
+
+    if blocked = Acl.no_account_creation(request.remote_ip, domain)
+      logger.info "Blocked signup from #{request.remote_ip} for #{email}"
+
+      render :action => 'blocked'
+    end
+
+    not blocked
+  end
  end
  end