]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/user_controller.rb
Use gpx as the extension when we ask for /trace/N/data.gpx
[rails.git] / app / controllers / user_controller.rb
index 3d97c58f1753dd10c91f7c2533ec7bb35591d6f3..a9006e82b334e6edfe19ae24fad0dcfdbf8d9e78 100644 (file)
@@ -73,9 +73,7 @@ class UserController < ApplicationController
     else
       @user = session.delete(:new_user)
 
     else
       @user = session.delete(:new_user)
 
-      if Acl.no_account_creation(request.remote_ip, @user.email.split("@").last)
-        render :action => 'blocked'
-      else
+      if check_signup_allowed(@user.email)
         @user.data_public = true
         @user.description = "" if @user.description.nil?
         @user.creation_ip = request.remote_ip
         @user.data_public = true
         @user.description = "" if @user.description.nil?
         @user.creation_ip = request.remote_ip
@@ -200,6 +198,8 @@ class UserController < ApplicationController
         flash[:error] = t 'user.reset_password.flash token bad'
         redirect_to :action => 'lost_password'
       end
         flash[:error] = t 'user.reset_password.flash token bad'
         redirect_to :action => 'lost_password'
       end
+    else
+      render :text => "", :status => :bad_request
     end
   end
 
     end
   end
 
@@ -238,19 +238,17 @@ class UserController < ApplicationController
                        :openid_url => params[:openid])
 
       flash.now[:notice] = t 'user.new.openid association'
                        :openid_url => params[:openid])
 
       flash.now[:notice] = t 'user.new.openid association'
-    elsif Acl.no_account_creation(request.remote_ip)
-      render :action => 'blocked'
+    else
+      check_signup_allowed
     end
   end
 
   def create
     end
   end
 
   def create
-    if params[:user] and Acl.no_account_creation(request.remote_ip, params[:user][:email].split("@").last)
-      render :action => 'blocked'
+    @user = User.new(user_params)
 
 
-    else
+    if check_signup_allowed(@user.email)
       session[:referer] = params[:referer]
 
       session[:referer] = params[:referer]
 
-      @user = User.new(user_params)
       @user.status = "pending"
 
       if @user.openid_url.present? && @user.pass_crypt.empty?
       @user.status = "pending"
 
       if @user.openid_url.present? && @user.pass_crypt.empty?
@@ -814,4 +812,22 @@ private
   def user_params
     params.require(:user).permit(:email, :email_confirmation, :display_name, :openid_url, :pass_crypt, :pass_crypt_confirmation)
   end
   def user_params
     params.require(:user).permit(:email, :email_confirmation, :display_name, :openid_url, :pass_crypt, :pass_crypt_confirmation)
   end
+
+  ##
+  # check signup acls
+  def check_signup_allowed(email = nil)
+    if email.nil?
+      domain = nil
+    else
+      domain = email.split("@").last
+    end
+
+    if blocked = Acl.no_account_creation(request.remote_ip, domain)
+      logger.info "Blocked signup from #{request.remote_ip} for #{email}"
+
+      render :action => 'blocked'
+    end
+
+    not blocked
+  end
 end
 end