def logout
@title = t "users.logout.title"
- if params[:session] == session.id
+ if request.post?
if session[:token]
token = UserToken.find_by(:token => session[:token])
token&.destroy
@user = User.find_by(:display_name => params[:display_name])
if @user &&
- (@user.visible? || (current_user&.administrator?))
+ (@user.visible? || current_user&.administrator?)
@title = @user.display_name
else
render_unknown_user params[:display_name]
if user
case user.status
- when "pending" then
+ when "pending"
unconfirmed_login(user)
- when "active", "confirmed" then
+ when "active", "confirmed"
successful_login(user, request.env["omniauth.params"]["referer"])
- when "suspended" then
+ when "suspended"
failed_login t("users.login.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe
else
failed_login t("users.login.auth failure")
# check if this user has a gravatar and set the user pref is true
def gravatar_enable(user)
# code from example https://en.gravatar.com/site/implement/images/ruby/
- return false if user.image.present?
+ return false if user.avatar.attached?
hash = Digest::MD5.hexdigest(user.email.downcase)
url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back