Use rails tokens for signup confirmations

[rails.git] / app / controllers / users_controller.rb
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb

index 36c9f4e2288f06185726045826ae82ed9d927bb0..429fa47a4096ec2174b0bc8bfb258677736eff95 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -104,11 +104,11 @@ class UsersController < ApplicationController
          render :action => "new"
        elsif current_user.auth_provider.present?
          # Verify external authenticator before moving on
-        session[:new_user] = current_user.attributes.slice("email", "display_name", "pass_crypt")
+        session[:new_user] = current_user.slice("email", "display_name", "pass_crypt", "pass_crypt_confirmation")
          redirect_to auth_url(current_user.auth_provider, current_user.auth_uid), :status => :temporary_redirect
        else
          # Save the user record
-        session[:new_user] = current_user.attributes.slice("email", "display_name", "pass_crypt")
+        session[:new_user] = current_user.slice("email", "display_name", "pass_crypt", "pass_crypt_confirmation")
          redirect_to :action => :terms
        end
      end
@@ -197,26 +197,14 @@ class UsersController < ApplicationController
  
            flash[:matomo_goal] = Settings.matomo["goals"]["signup"] if defined?(Settings.matomo)
  
-          referer = welcome_path
-
-          begin
-            uri = URI(session[:referer])
-            %r{map=(.*)/(.*)/(.*)}.match(uri.fragment) do |m|
-              editor = Rack::Utils.parse_query(uri.query).slice("editor")
-              referer = welcome_path({ "zoom" => m[1],
-                                       "lat" => m[2],
-                                       "lon" => m[3] }.merge(editor))
-            end
-          rescue StandardError
-            # Use default
-          end
+          referer = welcome_path(welcome_options)
  
            if current_user.status == "active"
              session[:referer] = referer
              successful_login(current_user)
            else
-            session[:token] = current_user.tokens.create.token
-            UserMailer.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_later
+            session[:pending_user] = current_user.id
+            UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later
              redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name
            end
          else
@@ -321,6 +309,21 @@ class UsersController < ApplicationController
  
    private
  
+  def welcome_options
+    uri = URI(session[:referer]) if session[:referer].present?
+
+    return { "oauth_return_url" => uri&.to_s } if uri&.path == oauth_authorization_path
+
+    begin
+      %r{map=(.*)/(.*)/(.*)}.match(uri.fragment) do |m|
+        editor = Rack::Utils.parse_query(uri.query).slice("editor")
+        return { "zoom" => m[1], "lat" => m[2], "lon" => m[3] }.merge(editor)
+      end
+    rescue StandardError
+      # Use default
+    end
+  end
+
    ##
    # ensure that there is a "user" instance variable
    def lookup_user_by_name
@@ -352,6 +355,8 @@ class UsersController < ApplicationController
                     domain_mx_servers(domain)
                   end
  
+    return true if Acl.allow_account_creation(request.remote_ip, :domain => domain, :mx => mx_servers)
+
      blocked = Acl.no_account_creation(request.remote_ip, :domain => domain, :mx => mx_servers)
  
      blocked ||= SIGNUP_IP_LIMITER && !SIGNUP_IP_LIMITER.allow?(request.remote_ip)