+ redirect_to url_for(:status => params[:status], :ip => params[:ip], :page => params[:page])
+ else
+ conditions = {}
+ conditions[:status] = params[:status] if params[:status]
+ conditions[:creation_ip] = params[:ip] if params[:ip]
+
+ @user_pages, @users = paginate(:users,
+ :conditions => conditions,
+ :order => :id,
+ :per_page => 50)
+ end
+ end
+
+ ##
+ # omniauth success callback
+ def auth_success
+ auth_info = env["omniauth.auth"]
+
+ provider = auth_info[:provider]
+ uid = auth_info[:uid]
+ name = auth_info[:info][:name]
+ email = auth_info[:info][:email]
+
+ case provider
+ when "openid"
+ email_verified = uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
+ uid.match(%r{https://me.yahoo.com/(.*)})
+ when "google", "facebook"
+ email_verified = true
+ else
+ email_verified = false
+ end
+
+ if settings = session.delete(:new_user_settings)
+ @user.auth_provider = provider
+ @user.auth_uid = uid
+
+ update_user(@user, settings)
+
+ session[:user_errors] = @user.errors.as_json
+
+ redirect_to :action => "account", :display_name => @user.display_name
+ elsif session[:new_user]
+ session[:new_user].auth_provider = provider
+ session[:new_user].auth_uid = uid
+
+ if email_verified && email == session[:new_user].email
+ session[:new_user].status = "active"
+ end
+
+ redirect_to :action => "terms"
+ else
+ user = User.find_by(:auth_provider => provider, :auth_uid => uid)
+
+ if user.nil? && provider == "google"
+ openid_url = auth_info[:extra][:id_info]["openid_id"]
+ user = User.find_by(:auth_provider => "openid", :auth_uid => openid_url) if openid_url
+ user.update(:auth_provider => provider, :auth_uid => uid) if user
+ end
+
+ if user
+ case user.status
+ when "pending" then
+ unconfirmed_login(user)
+ when "active", "confirmed" then
+ successful_login(user, env["omniauth.params"]["referer"])
+ when "suspended" then
+ failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}")
+ else
+ failed_login t("user.login.auth failure")
+ end
+ else
+ redirect_to :action => "new", :nickname => name, :email => email,
+ :auth_provider => provider, :auth_uid => uid
+ end
+ end
+ end
+
+ ##
+ # omniauth failure callback
+ def auth_failure
+ flash[:error] = t("user.auth_failure." + params[:message])
+ redirect_to params[:origin] || login_url
+ end
+
+ private
+
+ ##
+ # handle password authentication
+ def password_authentication(username, password)
+ if user = User.authenticate(:username => username, :password => password)
+ successful_login(user)
+ elsif user = User.authenticate(:username => username, :password => password, :pending => true)
+ unconfirmed_login(user)
+ elsif User.authenticate(:username => username, :password => password, :suspended => true)
+ failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}"), username
+ else
+ failed_login t("user.login.auth failure"), username
+ end
+ end
+
+ ##
+ # return the URL to use for authentication
+ def auth_url(provider, uid, referer = nil)
+ params = { :provider => provider }
+
+ params[:openid_url] = openid_expand_url(uid) if provider == "openid"
+
+ if referer.nil?
+ params[:origin] = request.path
+ else
+ params[:origin] = request.path + "?referer=" + CGI.escape(referer)
+ params[:referer] = referer
+ end
+
+ auth_path(params)
+ end
+
+ ##
+ # special case some common OpenID providers by applying heuristics to
+ # try and come up with the correct URL based on what the user entered
+ def openid_expand_url(openid_url)
+ if openid_url.nil?
+ nil
+ elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
+ # Special case gmail.com as it is potentially a popular OpenID
+ # provider and, unlike yahoo.com, where it works automatically, Google
+ # have hidden their OpenID endpoint somewhere obscure this making it
+ # somewhat less user friendly.
+ "https://www.google.com/accounts/o8/id"
+ else
+ openid_url
projects / rails.git / blobdiff