- def login
- session[:referer] = params[:referer] if params[:referer]
-
- if params[:username].present? && params[:password].present?
- session[:remember_me] ||= params[:remember_me]
- password_authentication(params[:username], params[:password])
- end
- end
-
- def logout
- @title = t "users.logout.title"
-
- if params[:session] == session.id
- if session[:token]
- token = UserToken.find_by(:token => session[:token])
- token&.destroy
- session.delete(:token)
- end
- session.delete(:user)
- session_expires_automatically
- if params[:referer]
- redirect_to params[:referer]
- else
- redirect_to :controller => "site", :action => "index"
- end
- end
- end
-
- def confirm
- if request.post?
- token = UserToken.find_by(:token => params[:confirm_string])
- if token&.user&.active?
- flash[:error] = t("users.confirm.already active")
- redirect_to :action => "login"
- elsif !token || token.expired?
- flash[:error] = t("users.confirm.unknown token")
- redirect_to :action => "confirm"
- else
- user = token.user
- user.status = "active"
- user.email_valid = true
- flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
- user.save!
- referer = token.referer
- token.destroy
-
- if session[:token]
- token = UserToken.find_by(:token => session[:token])
- session.delete(:token)
- else
- token = nil
- end
-
- if token.nil? || token.user != user
- flash[:notice] = t("users.confirm.success")
- redirect_to :action => :login, :referer => referer
- else
- token.destroy
-
- session[:user] = user.id
-
- redirect_to referer || welcome_path
- end
- end
- else
- user = User.find_by(:display_name => params[:display_name])
-
- redirect_to root_path if user.nil? || user.active?
- end
- end
-
- def confirm_resend
- user = User.find_by(:display_name => params[:display_name])
- token = UserToken.find_by(:token => session[:token])
-
- if user.nil? || token.nil? || token.user != user
- flash[:error] = t "users.confirm_resend.failure", :name => params[:display_name]
- else
- Notifier.signup_confirm(user, user.tokens.create).deliver_later
- flash[:notice] = t("users.confirm_resend.success", :email => user.email, :sender => SUPPORT_EMAIL).html_safe
- end
-
- redirect_to :action => "login"
- end
-
- def confirm_email
- if request.post?
- token = UserToken.find_by(:token => params[:confirm_string])
- if token&.user&.new_email?
- self.current_user = token.user
- current_user.email = current_user.new_email
- current_user.new_email = nil
- current_user.email_valid = true
- gravatar_enabled = gravatar_enable(current_user)
- if current_user.save
- flash[:notice] = if gravatar_enabled
- t("users.confirm_email.success") + " " + gravatar_status_message(current_user)
- else
- t("users.confirm_email.success")
- end
- else
- flash[:errors] = current_user.errors
- end
- token.destroy
- session[:user] = current_user.id
- redirect_to :action => "account", :display_name => current_user.display_name
- elsif token
- flash[:error] = t "users.confirm_email.failure"
- redirect_to :action => "account", :display_name => token.user.display_name
- else
- flash[:error] = t "users.confirm_email.unknown_token"
- end
- end
- end
-
- def api_read
- if @user.visible?
- render :action => :api_read, :content_type => "text/xml"
- else
- head :gone
- end
- end
-
- def api_details
- @user = current_user
- render :action => :api_read, :content_type => "text/xml"
- end
-
- def api_users
- raise OSM::APIBadUserInput, "The parameter users is required, and must be of the form users=id[,id[,id...]]" unless params["users"]
-
- ids = params["users"].split(",").collect(&:to_i)
-
- raise OSM::APIBadUserInput, "No users were given to search for" if ids.empty?
-
- @users = User.visible.find(ids)
-
- render :action => :api_users, :content_type => "text/xml"
- end
-
- def api_gpx_files
- doc = OSM::API.new.get_xml_doc
- current_user.traces.reload.each do |trace|
- doc.root << trace.to_xml_node
- end
- render :xml => doc.to_s
- end
-