X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/eeb9866d50e35b8f8b75e59aed582caba533778f..76d365ce71b942466d07480ded13098860d4f1b3:/app/controllers/user_controller.rb diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index c7e44dab6..37f9cd7c2 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -45,7 +45,7 @@ class UserController < ApplicationController @user.terms_seen = true if @user.save - flash[:notice] = t "user.new.terms declined", :url => t("user.new.terms declined url") + flash[:notice] = t("user.new.terms declined", :url => t("user.new.terms declined url")).html_safe end if params[:referer] @@ -252,14 +252,12 @@ class UserController < ApplicationController def login session[:referer] = params[:referer] if params[:referer] - if params[:username] || params[:openid_url] - if params[:openid_url].present? - session[:remember_me] ||= params[:remember_me_openid] - redirect_to auth_url("openid", params[:openid_url]) - else - session[:remember_me] ||= params[:remember_me] - password_authentication(params[:username], params[:password]) - end + if params[:username].present? && params[:password].present? + session[:remember_me] ||= params[:remember_me] + password_authentication(params[:username], params[:password]) + elsif params[:openid_url].present? + session[:remember_me] ||= params[:remember_me_openid] + redirect_to auth_url("openid", params[:openid_url]) end end @@ -320,16 +318,19 @@ class UserController < ApplicationController else user = User.find_by_display_name(params[:display_name]) - redirect_to root_path if !user || user.active? + redirect_to root_path if user.nil? || user.active? end end def confirm_resend - if user = User.find_by_display_name(params[:display_name]) - Notifier.signup_confirm(user, user.tokens.create).deliver_now - flash[:notice] = t "user.confirm_resend.success", :email => user.email - else + user = User.find_by_display_name(params[:display_name]) + token = UserToken.find_by_token(session[:token]) + + if user.nil? || token.nil? || token.user != user flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name] + else + Notifier.signup_confirm(user, user.tokens.create).deliver_now + flash[:notice] = t("user.confirm_resend.success", :email => user.email).html_safe end redirect_to :action => "login" @@ -547,7 +548,7 @@ class UserController < ApplicationController # omniauth failure callback def auth_failure flash[:error] = t("user.auth_failure." + params[:message]) - redirect_to params[:origin] + redirect_to params[:origin] || login_url end private @@ -624,7 +625,7 @@ class UserController < ApplicationController def failed_login(message) flash[:error] = message - redirect_to :action => "login", :referer => session[:referer] + redirect_to :action => "login", :referer => session[:referer] session.delete(:remember_me) session.delete(:referer) @@ -633,6 +634,8 @@ class UserController < ApplicationController ## # def unconfirmed_login(user) + session[:token] = user.tokens.create.token + redirect_to :action => "confirm", :display_name => user.display_name session.delete(:remember_me)