X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/5432409ab6d20a107debf9935e0ec55c6183fcb6..e2f55c1c1b3345be7c7737a27eb27c8964420b9c:/app/controllers/user_controller.rb?ds=inline diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 7a0fa5f27..a3d1b6e67 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -30,7 +30,7 @@ class UserController < ApplicationController if @user and @user.terms_agreed? # Already agreed to terms, so just show settings redirect_to :action => :account, :display_name => @user.display_name - elsif session[:new_user].nil? + elsif @user.nil? and session[:new_user].nil? redirect_to :action => :login, :referer => request.fullpath end end @@ -73,13 +73,11 @@ class UserController < ApplicationController else @user = session.delete(:new_user) - if Acl.no_account_creation(request.remote_ip, @user.email.split("@").last) - render :action => 'blocked' - else + if check_signup_allowed(@user.email) @user.data_public = true @user.description = "" if @user.description.nil? @user.creation_ip = request.remote_ip - @user.languages = request.user_preferred_languages + @user.languages = http_accept_language.user_preferred_languages @user.terms_agreed = Time.now.getutc @user.terms_seen = true @user.openid_url = nil if @user.openid_url and @user.openid_url.empty? @@ -238,19 +236,17 @@ class UserController < ApplicationController :openid_url => params[:openid]) flash.now[:notice] = t 'user.new.openid association' - elsif Acl.no_account_creation(request.remote_ip) - render :action => 'blocked' + else + check_signup_allowed end end def create - if params[:user] and Acl.no_account_creation(request.remote_ip, params[:user][:email].split("@").last) - render :action => 'blocked' + @user = User.new(user_params) - else + if check_signup_allowed(@user.email) session[:referer] = params[:referer] - @user = User.new(user_params) @user.status = "pending" if @user.openid_url.present? && @user.pass_crypt.empty? @@ -814,4 +810,22 @@ private def user_params params.require(:user).permit(:email, :email_confirmation, :display_name, :openid_url, :pass_crypt, :pass_crypt_confirmation) end + + ## + # check signup acls + def check_signup_allowed(email = nil) + if email.nil? + domain = nil + else + domain = email.split("@").last + end + + if blocked = Acl.no_account_creation(request.remote_ip, domain) + logger.info "Blocked signup from #{request.remote_ip} for #{email}" + + render :action => 'blocked' + end + + not blocked + end end