X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/b7b68aee36b19700aa95a3ea613bede6a841f7ee..452eabc941b9500d737956f698a88624fa86dc86:/app/controllers/user_controller.rb?ds=sidebyside diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 321b61918..57d2f7d13 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -12,77 +12,27 @@ class UserController < ApplicationController before_filter :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files] before_filter :require_allow_read_prefs, :only => [:api_details] before_filter :require_allow_read_gpx, :only => [:api_gpx_files] - before_filter :require_cookies, :only => [:login, :confirm] + before_filter :require_cookies, :only => [:new, :login, :confirm] before_filter :require_administrator, :only => [:set_status, :delete, :list] around_filter :api_call_handle_error, :only => [:api_read, :api_details, :api_gpx_files] before_filter :lookup_user_by_id, :only => [:api_read] before_filter :lookup_user_by_name, :only => [:set_status, :delete] - cache_sweeper :user_sweeper, :only => [:account, :set_status, :delete] - def terms @legale = params[:legale] || OSM.IPToCountry(request.remote_ip) || DEFAULT_LEGALE @text = OSM.legal_text_for_country(@legale) if request.xhr? render :partial => "terms" - elsif using_open_id? - # The redirect from the OpenID provider reenters here - # again and we need to pass the parameters through to - # the open_id_authentication function - @user = session.delete(:new_user) - - openid_verify(nil, @user) do |user,verified_email| - user.status = "active" if user.email == verified_email - end - - if @user.openid_url.nil? or @user.invalid? - render :action => 'new' - else - session[:new_user] = @user - render :action => 'terms' - end - elsif params[:user] and Acl.no_account_creation(request.remote_ip, params[:user][:email].split("@").last) - render :action => 'blocked' else - session[:referer] = params[:referer] - @title = t 'user.terms.title' - @user = User.new(params[:user]) if params[:user] - - if params[:user] and params[:user][:openid_url] and @user.pass_crypt.empty? - # We are creating an account with OpenID and no password - # was specified so create a random one - @user.pass_crypt = SecureRandom.base64(16) - @user.pass_crypt_confirmation = @user.pass_crypt - end - - if @user - @user.status = "pending" + @user ||= session[:new_user] - if @user.invalid? - if @user.new_record? - # Something is wrong with a new user, so rerender the form - render :action => :new - else - # Error in existing user, so go to account settings - flash[:errors] = @user.errors - redirect_to :action => :account, :display_name => @user.display_name - end - elsif @user.terms_agreed? - # Already agreed to terms, so just show settings - redirect_to :action => :account, :display_name => @user.display_name - elsif params[:user] and params[:user][:openid_url] and not params[:user][:openid_url].empty? - # Verify OpenID before moving on - session[:new_user] = @user - openid_verify(params[:user][:openid_url], @user) - elsif @user.new_record? - # Save the user record - session[:new_user] = @user - end - else - # Not logged in, so redirect to the login page + if !@user redirect_to :action => :login, :referer => request.fullpath + elsif @user.terms_agreed? + # Already agreed to terms, so just show settings + redirect_to :action => :account, :display_name => @user.display_name end end end @@ -250,7 +200,23 @@ class UserController < ApplicationController @title = t 'user.new.title' @referer = params[:referer] || session[:referer] - if @user + if using_open_id? + # The redirect from the OpenID provider reenters here + # again and we need to pass the parameters through to + # the open_id_authentication function + @user = session.delete(:new_user) + + openid_verify(nil, @user) do |user, verified_email| + user.status = "active" if user.email == verified_email + end + + if @user.openid_url.nil? or @user.invalid? + render :action => 'new' + else + session[:new_user] = @user + redirect_to :action => 'terms' + end + elsif @user # The user is logged in already, so don't show them the signup # page, instead send them to the home page if @referer @@ -270,6 +236,38 @@ class UserController < ApplicationController end end + def create + if params[:user] and Acl.no_account_creation(request.remote_ip, params[:user][:email].split("@").last) + render :action => 'blocked' + + else + session[:referer] = params[:referer] + + @user = User.new(params[:user]) + @user.status = "pending" + + if @user.openid_url.present? && @user.pass_crypt.empty? + # We are creating an account with OpenID and no password + # was specified so create a random one + @user.pass_crypt = SecureRandom.base64(16) + @user.pass_crypt_confirmation = @user.pass_crypt + end + + if @user.invalid? + # Something is wrong with a new user, so rerender the form + render :action => "new" + elsif @user.openid_url.present? + # Verify OpenID before moving on + session[:new_user] = @user + openid_verify(@user.openid_url, @user) + else + # Save the user record + session[:new_user] = @user + redirect_to :action => :terms + end + end + end + def login if params[:username] or using_open_id? session[:remember_me] ||= params[:remember_me] @@ -395,7 +393,7 @@ class UserController < ApplicationController end def api_read - render :nothing => true, :status => :gone unless @this_user.visible? + render :text => "", :status => :gone unless @this_user.visible? end def api_details