X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/2dcc6b620e7f1f577fe09e18456e30907a4a2e29..17f926fefb1329aaa41a64634d17d1dffd3ddba5:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index a3d1b6e67..ea50113e5 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -1,5 +1,5 @@ class UserController < ApplicationController - layout :choose_layout + layout 'site', :except => [:api_details] skip_before_filter :verify_authenticity_token, :only => [:api_read, :api_details, :api_gpx_files] before_filter :disable_terms_redirect, :only => [:terms, :save, :logout, :api_details] @@ -7,6 +7,7 @@ class UserController < ApplicationController before_filter :authorize_web, :except => [:api_read, :api_details, :api_gpx_files] before_filter :set_locale, :except => [:api_read, :api_details, :api_gpx_files] before_filter :require_user, :only => [:account, :go_public, :make_friend, :remove_friend] + before_filter :require_self, :only => [:account] before_filter :check_database_readable, :except => [:login, :api_read, :api_details, :api_gpx_files] before_filter :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public, :make_friend, :remove_friend] before_filter :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files] @@ -104,7 +105,7 @@ class UserController < ApplicationController successful_login(@user) else session[:token] = @user.tokens.create.token - Notifier.signup_confirm(@user, @user.tokens.create(:referer => referer)).deliver + Notifier.signup_confirm(@user, @user.tokens.create(:referer => referer)).deliver_now redirect_to :action => 'confirm', :display_name => @user.display_name end else @@ -164,7 +165,7 @@ class UserController < ApplicationController if user token = user.tokens.create - Notifier.lost_password(user, token).deliver + Notifier.lost_password(user, token).deliver_now flash[:notice] = t 'user.lost_password.notice email on way' redirect_to :action => 'login' else @@ -198,6 +199,8 @@ class UserController < ApplicationController flash[:error] = t 'user.reset_password.flash token bad' redirect_to :action => 'lost_password' end + else + render :text => "", :status => :bad_request end end @@ -273,12 +276,13 @@ class UserController < ApplicationController def login if params[:username] or using_open_id? - session[:remember_me] ||= params[:remember_me] session[:referer] ||= params[:referer] if using_open_id? + session[:remember_me] ||= params[:remember_me_openid] openid_authentication(params[:openid_url]) else + session[:remember_me] ||= params[:remember_me] password_authentication(params[:username], params[:password]) end end @@ -336,7 +340,6 @@ class UserController < ApplicationController token.destroy session[:user] = user.id - cookies.permanent["_osm_username"] = user.display_name redirect_to referer || welcome_path end @@ -351,7 +354,7 @@ class UserController < ApplicationController def confirm_resend if user = User.find_by_display_name(params[:display_name]) - Notifier.signup_confirm(user, user.tokens.create).deliver + Notifier.signup_confirm(user, user.tokens.create).deliver_now flash[:notice] = t 'user.confirm_resend.success', :email => user.email else flash[:notice] = t 'user.confirm_resend.failure', :name => params[:display_name] @@ -375,7 +378,6 @@ class UserController < ApplicationController end token.destroy session[:user] = @user.id - cookies.permanent["_osm_username"] = @user.display_name redirect_to :action => 'account', :display_name => @user.display_name else flash[:error] = t 'user.confirm_email.failure' @@ -423,7 +425,7 @@ class UserController < ApplicationController unless @user.is_friends_with?(@new_friend) if friend.save flash[:notice] = t 'user.make_friend.success', :name => @new_friend.display_name - Notifier.friend_notification(friend).deliver + Notifier.friend_notification(friend).deliver_now else friend.add_error(t('user.make_friend.failed', :name => @new_friend.display_name)) end @@ -636,8 +638,6 @@ private ## # process a successful login def successful_login(user) - cookies.permanent["_osm_username"] = user.display_name - session[:user] = user.id session_expires_after 28.days if session[:remember_me] @@ -725,8 +725,6 @@ private if user.save set_locale - cookies.permanent["_osm_username"] = user.display_name - if user.new_email.blank? or user.new_email == user.email flash.now[:notice] = t 'user.account.flash update success' else @@ -736,7 +734,7 @@ private flash.now[:notice] = t 'user.account.flash update success confirm needed' begin - Notifier.email_confirm(user, user.tokens.create).deliver + Notifier.email_confirm(user, user.tokens.create).deliver_now rescue # Ignore errors sending email end @@ -745,7 +743,7 @@ private @user.errors.set(:email, []) end - user.reset_email! + user.restore_email! end end end @@ -767,6 +765,14 @@ private end end + ## + # require that the user in the URL is the logged in user + def require_self + if params[:display_name] != @user.display_name + render :text => "", :status => :forbidden + end + end + ## # ensure that there is a "this_user" instance variable def lookup_user_by_id @@ -781,21 +787,6 @@ private redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user end - ## - # Choose the layout to use. See - # https://rails.lighthouseapp.com/projects/8994/tickets/5371-layout-with-onlyexcept-options-makes-other-actions-render-without-layouts - def choose_layout - oauth_url = url_for(:controller => :oauth, :action => :authorize, :only_path => true) - - if [ 'api_details' ].include? action_name - nil - elsif params[:referer] and URI.parse(params[:referer]).path == oauth_url - 'slim' - else - 'site' - end - end - ## # def disable_terms_redirect