X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dd4e7667885db46bc24a79be6431e27cdad13b07..e5b5faad7228253147bc489402ef7640b071eaaf:/app/controllers/user_controller.rb?ds=sidebyside diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 3a0e0a149..0c2514927 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -318,16 +318,19 @@ class UserController < ApplicationController else user = User.find_by_display_name(params[:display_name]) - redirect_to root_path if !user || user.active? + redirect_to root_path if user.nil? || user.active? end end def confirm_resend - if user = User.find_by_display_name(params[:display_name]) + user = User.find_by_display_name(params[:display_name]) + token = UserToken.find_by_token(session[:token]) + + if user.nil? || token.nil? || token.user != user + flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name] + else Notifier.signup_confirm(user, user.tokens.create).deliver_now flash[:notice] = t "user.confirm_resend.success", :email => user.email - else - flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name] end redirect_to :action => "login" @@ -631,6 +634,8 @@ class UserController < ApplicationController ## # def unconfirmed_login(user) + session[:token] = user.tokens.create.token + redirect_to :action => "confirm", :display_name => user.display_name session.delete(:remember_me)