X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3296514ab8067ebd9758f18a2349d40d6fa3585e..fd35873a4be94155746b6d410d601aa97e93687f:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 64e1e157d..eb1471b00 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -1,35 +1,63 @@ class UserController < ApplicationController layout 'site' - before_filter :authorize, :only => [:preferences, :api_details, :api_gpx_files] - before_filter :authorize_web, :only => [:edit, :account, :go_public, :view, :diary, :make_friend] - before_filter :require_user, :only => [:edit, :set_home, :account, :go_public, :make_friend] + before_filter :authorize, :only => [:api_details, :api_gpx_files] + before_filter :authorize_web, :except => [:api_details, :api_gpx_files] + before_filter :require_user, :only => [:set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image] + before_filter :check_database_readable, :except => [:api_details, :api_gpx_files] + before_filter :check_database_writable, :only => [:login, :new, :set_home, :account, :go_public, :make_friend, :remove_friend, :upload_image, :delete_image] + before_filter :check_api_readable, :only => [:api_details, :api_gpx_files] + + filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation def save - @user = User.new(params[:user]) - @user.set_defaults + @title = 'create account' - if @user.save - flash[:notice] = 'User was successfully created. Check your email for a confirmation note, and you\'ll be mapping in no time :-)' - Notifier::deliver_signup_confirm(@user) - redirect_to :action => 'login' - else + if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"}) render :action => 'new' + else + @user = User.new(params[:user]) + + @user.visible = true + @user.data_public = true + @user.description = "" if @user.description.nil? + @user.creation_ip = request.remote_ip + + if @user.save + flash[:notice] = "User was successfully created. Check your email for a confirmation note, and you\'ll be mapping in no time :-)

Please note that you won't be able to login until you've received and confirmed your email address.

If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests." + Notifier.deliver_signup_confirm(@user, @user.tokens.create) + redirect_to :action => 'login' + else + render :action => 'new' + end end end - def edit + def account + @title = 'edit account' if params[:user] and params[:user][:display_name] and params[:user][:description] - home_lat = params[:user][:home_lat] - home_lon = params[:user][:home_lon] + if params[:user][:email] != @user.email + @user.new_email = params[:user][:email] + end @user.display_name = params[:user][:display_name] + + if params[:user][:pass_crypt].length > 0 or params[:user][:pass_crypt_confirmation].length > 0 + @user.pass_crypt = params[:user][:pass_crypt] + @user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation] + end + @user.description = params[:user][:description] - @user.home_lat = home_lat.to_f - @user.home_lon = home_lon.to_f + @user.home_lat = params[:user][:home_lat] + @user.home_lon = params[:user][:home_lon] + if @user.save - flash[:notice] = "User edited OK." - redirect_to :controller => 'user', :action => 'account' + if params[:user][:email] == @user.new_email + @notice = "User information updated successfully. Check your email for a note to confirm your new email address." + Notifier.deliver_email_confirm(@user, @user.tokens.create) + else + @notice = "User information updated successfully." + end end end end @@ -39,7 +67,7 @@ class UserController < ApplicationController @user.home_lat = params[:user][:home_lat].to_f @user.home_lon = params[:user][:home_lon].to_f if @user.save - flash[:notice] = "User home saved." + flash[:notice] = "Home location saved successfully." redirect_to :controller => 'user', :action => 'account' end end @@ -48,103 +76,154 @@ class UserController < ApplicationController def go_public @user.data_public = true @user.save - flash[:notice] = 'All your edits are now public' + flash[:notice] = 'All your edits are now public.' redirect_to :controller => 'user', :action => 'account', :display_name => @user.display_name end def lost_password - if params[:user][:email] - user = User.find_by_email(params['user']['email']) + @title = 'lost password' + if params[:user] and params[:user][:email] + user = User.find_by_email(params[:user][:email], :conditions => {:visible => true}) + if user - user.token = User.make_token - user.save - Notifier::deliver_lost_password(user) - flash[:notice] = "Sorry you lost it :-( but an email is on it's way so you can reset it soon." + token = user.tokens.create + Notifier.deliver_lost_password(user, token) + @notice = "Sorry you lost it :-( but an email is on its way so you can reset it soon." else - flash[:notice] = "Couldn't find that email address, sorry." + @notice = "Couldn't find that email address, sorry." end end end def reset_password + @title = 'reset password' if params['token'] - user = User.find_by_token(params['token']) - if user - pass = User.make_token(8) + token = UserToken.find_by_token(params[:token]) + if token + pass = OSM::make_token(8) + user = token.user user.pass_crypt = pass - user.save - Notifier::deliver_reset_password(user, pass) - flash[:notice] = "You're password has been changed and is on the way to your mailbox :-)" + user.pass_crypt_confirmation = pass + user.active = true + user.email_valid = true + user.save! + token.destroy + Notifier.deliver_reset_password(user, pass) + flash[:notice] = "Your password has been changed and is on its way to your mailbox :-)" else flash[:notice] = "Didn't find that token, check the URL maybe?" end end + redirect_to :action => 'login' end def new + @title = 'create account' + # The user is logged in already, so don't show them the signup page, instead + # send them to the home page + redirect_to :controller => 'site', :action => 'index' if session[:user] end def login + if session[:user] + # The user is logged in already, if the referer param exists, redirect them to that + if params[:referer] + redirect_to params[:referer] + else + redirect_to :controller => 'site', :action => 'index' + end + return + end + @title = 'login' if params[:user] - email = params[:user][:email] + email_or_display_name = params[:user][:email] pass = params[:user][:password] - u = User.authenticate(email, pass) - if u - u.token = User.make_token - u.timeout = 1.day.from_now - u.save - session[:token] = u.token - redirect_to :controller => 'site', :action => 'index' + user = User.authenticate(:username => email_or_display_name, :password => pass) + if user + session[:user] = user.id + if params[:referer] + redirect_to params[:referer] + else + redirect_to :controller => 'site', :action => 'index' + end return + elsif User.authenticate(:username => email_or_display_name, :password => pass, :inactive => true) + @notice = "Sorry, your account is not active yet.
Please click on the link in the account confirmation email to activate your account." else - flash[:notice] = "Couldn't log in with those details" + @notice = "Sorry, couldn't log in with those details." end end end def logout if session[:token] - u = User.find_by_token(session[:token]) - if u - u.token = User.make_token - u.timeout = Time.now - u.save + token = UserToken.find_by_token(session[:token]) + if token + token.destroy end + session[:token] = nil + end + session[:user] = nil + if params[:referer] + redirect_to params[:referer] + else + redirect_to :controller => 'site', :action => 'index' end - session[:token] = nil - redirect_to :controller => 'site', :action => 'index' end def confirm - @user = User.find_by_token(params[:confirm_string]) - if @user && @user.active == 0 - @user.active = true - @user.save - flash[:notice] = 'Confirmed your account, thanks for signing up!' - - #FIXME: login the person magically - - redirect_to :action => 'login' - else - flash[:notice] = 'Something went wrong confirming that user' + if params[:confirm_action] + token = UserToken.find_by_token(params[:confirm_string]) + if token and !token.user.active? + @user = token.user + @user.active = true + @user.email_valid = true + @user.save! + token.destroy + flash[:notice] = 'Confirmed your account, thanks for signing up!' + session[:user] = @user.id + redirect_to :action => 'account', :display_name => @user.display_name + else + @notice = 'Something went wrong confirming that user.' + end end end - def preferences - if request.get? - render_text @user.preferences - elsif request.post? or request.put? - @user.preferences = request.raw_post - @user.save! - render :nothing => true - else - render :status => 400, :nothing => true + def confirm_email + if params[:confirm_action] + token = UserToken.find_by_token(params[:confirm_string]) + if token and token.user.new_email? + @user = token.user + @user.email = @user.new_email + @user.new_email = nil + @user.active = true + @user.email_valid = true + @user.save! + token.destroy + flash[:notice] = 'Confirmed your email address, thanks for signing up!' + session[:user] = @user.id + redirect_to :action => 'account', :display_name => @user.display_name + else + @notice = 'Something went wrong confirming that email address.' + end end end + def upload_image + @user.image = params[:user][:image] + @user.save! + redirect_to :controller => 'user', :action => 'view', :display_name => @user.display_name + end + + def delete_image + @user.image = nil + @user.save! + redirect_to :controller => 'user', :action => 'view', :display_name => @user.display_name + end + def api_details - render :text => @user.to_xml.to_s + render :text => @user.to_xml.to_s, :content_type => "text/xml" end def api_gpx_files @@ -152,36 +231,54 @@ class UserController < ApplicationController @user.traces.each do |trace| doc.root << trace.to_xml_node() if trace.public? or trace.user == @user end - render :text => doc.to_s + render :text => doc.to_s, :content_type => "text/xml" end def view - @this_user = User.find_by_display_name(params[:display_name]) - end + @this_user = User.find_by_display_name(params[:display_name], :conditions => {:visible => true}) - def diary - @this_user = User.find_by_display_name(params[:display_name]) + if @this_user + @title = @this_user.display_name + else + @not_found_user = params[:display_name] + render :action => 'no_such_user', :status => :not_found + end end def make_friend - if params[:display_name] name = params[:display_name] + new_friend = User.find_by_display_name(name, :conditions => {:visible => true}) friend = Friend.new friend.user_id = @user.id - friend.friend_user_id = User.find_by_display_name(name).id - unless @user.is_friends_with?(friend) + friend.friend_user_id = new_friend.id + unless @user.is_friends_with?(new_friend) if friend.save - flash[:notice] = "#{name} is now your friend" + flash[:notice] = "#{name} is now your friend." + Notifier.deliver_friend_notification(friend) else - friend.add_error("adding a friend failed") + friend.add_error("Sorry, failed to add #{name} as a friend.") end else - flash[:notice] = "Your are already friends" + flash[:notice] = "You are already friends with #{name}." end - redirect_to :controller => 'user', :action => 'view' + + redirect_to :controller => 'user', :action => 'view' end end -end + def remove_friend + if params[:display_name] + name = params[:display_name] + friend = User.find_by_display_name(name, :conditions => {:visible => true}) + if @user.is_friends_with?(friend) + Friend.delete_all "user_id = #{@user.id} AND friend_user_id = #{friend.id}" + flash[:notice] = "#{friend.display_name} was removed from your friends." + else + flash[:notice] = "#{friend.display_name} is not one of your friends." + end + redirect_to :controller => 'user', :action => 'view' + end + end +end