X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c34ed1e3706020c59aa8dc70ece41c36a8a30930..d23763d6cdbf5ec11f0e83f8e6e8fb32ed973e6a:/app/controllers/confirmations_controller.rb diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb index bcb4c1617..48b8dabf2 100644 --- a/app/controllers/confirmations_controller.rb +++ b/app/controllers/confirmations_controller.rb @@ -1,5 +1,6 @@ class ConfirmationsController < ApplicationController include SessionMethods + include UserMethods layout "site" @@ -14,41 +15,37 @@ class ConfirmationsController < ApplicationController def confirm if request.post? - token = UserToken.find_by(:token => params[:confirm_string]) - if token&.user&.active? - flash[:error] = t("confirmations.confirm.already active") - redirect_to login_path - elsif !token || token.expired? - flash[:error] = t("confirmations.confirm.unknown token") + token = params[:confirm_string] + + user = User.find_by_token_for(:new_user, token) || + UserToken.unexpired.find_by(:token => token)&.user + + if !user + flash[:error] = t(".unknown token") redirect_to :action => "confirm" - elsif !token.user.visible? - render_unknown_user token.user.display_name + elsif user.active? + flash[:error] = t(".already active") + redirect_to login_path + elsif !user.visible? + render_unknown_user user.display_name else - user = token.user - user.status = "active" + user.activate user.email_valid = true flash[:notice] = gravatar_status_message(user) if gravatar_enable(user) user.save! - referer = safe_referer(token.referer) if token.referer - token.destroy - - if session[:token] - token = UserToken.find_by(:token => session[:token]) - session.delete(:token) - else - token = nil - end + referer = safe_referer(params[:referer]) if params[:referer] + UserToken.delete_by(:token => token) - if token.nil? || token.user != user - flash[:notice] = t("confirmations.confirm.success") - redirect_to login_path(:referer => referer) - else - token.destroy + pending_user = session.delete(:pending_user) + if user.id == pending_user session[:user] = user.id session[:fingerprint] = user.fingerprint redirect_to referer || welcome_path + else + flash[:notice] = t(".success") + redirect_to login_path(:referer => referer) end end else @@ -60,12 +57,11 @@ class ConfirmationsController < ApplicationController def confirm_resend user = User.visible.find_by(:display_name => params[:display_name]) - token = UserToken.find_by(:token => session[:token]) - if user.nil? || token.nil? || token.user != user - flash[:error] = t "confirmations.confirm_resend.failure", :name => params[:display_name] + if user.nil? || user.id != session[:pending_user] + flash[:error] = t ".failure", :name => params[:display_name] else - UserMailer.signup_confirm(user, user.tokens.create).deliver_later + UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } } end @@ -74,18 +70,21 @@ class ConfirmationsController < ApplicationController def confirm_email if request.post? - token = UserToken.find_by(:token => params[:confirm_string]) - if token&.user&.new_email? - self.current_user = token.user + token = params[:confirm_string] + + self.current_user = User.find_by_token_for(:new_email, token) || + UserToken.unexpired.find_by(:token => params[:confirm_string])&.user + + if current_user&.new_email? current_user.email = current_user.new_email current_user.new_email = nil current_user.email_valid = true gravatar_enabled = gravatar_enable(current_user) if current_user.save flash[:notice] = if gravatar_enabled - "#{t('confirmations.confirm_email.success')} #{gravatar_status_message(current_user)}" + "#{t('.success')} #{gravatar_status_message(current_user)}" else - t("confirmations.confirm_email.success") + t(".success") end else flash[:errors] = current_user.errors @@ -93,13 +92,13 @@ class ConfirmationsController < ApplicationController current_user.tokens.delete_all session[:user] = current_user.id session[:fingerprint] = current_user.fingerprint - redirect_to edit_account_path - elsif token - flash[:error] = t "confirmations.confirm_email.failure" - redirect_to edit_account_path + elsif current_user + flash[:error] = t ".failure" else - flash[:error] = t "confirmations.confirm_email.unknown_token" + flash[:error] = t ".unknown_token" end + + redirect_to edit_account_path end end