Use javascript to automatically submit confirmation forms

In order to avoid forcing the user to press a confirm button, whilst
still not running into the problems we used to have with virus scanners
activating accounts we use javascript to hide and then automatically
submit the confirmation form.

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 21561736c53b6c78d57a5257d58a5b8c602be0ba..86b79e8f4d26636ac909a59bcce3b1750217ef76 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -247,7 +247,7 @@ class UserController < ApplicationController
   end
 
   def confirm
-    if params[:confirm_action]
+    if request.post?
       token = UserToken.find_by_token(params[:confirm_string])
       if token and !token.user.active?
         @user = token.user
@@ -264,13 +264,14 @@ class UserController < ApplicationController
           redirect_to :action => 'account', :display_name => @user.display_name
         end
       else
-        flash.now[:error] = t 'user.confirm.failure'
+        flash[:error] = t 'user.confirm.failure'
+        redirect_to :action => 'login', :display_name => @user.display_name
       end
     end
   end
 
   def confirm_email
-    if params[:confirm_action]
+    if request.post?
       token = UserToken.find_by_token(params[:confirm_string])
       if token and token.user.new_email?
         @user = token.user
@@ -286,7 +287,8 @@ class UserController < ApplicationController
         session[:user] = @user.id
         redirect_to :action => 'account', :display_name => @user.display_name
       else
-        flash.now[:error] = t 'user.confirm_email.failure'
+        flash[:error] = t 'user.confirm_email.failure'
+        redirect_to :action => 'account', :display_name => @user.display_name
       end
     end
   end

diff --git a/app/views/user/confirm.html.erb b/app/views/user/confirm.html.erb
index 5a4106ee395d441efd59b6463f30d9e40a6e42ea..c7894380cc6c129a5599a1865ecb2687590a287a 100644 (file)
--- a/app/views/user/confirm.html.erb
+++ b/app/views/user/confirm.html.erb
@@ -1,10 +1,16 @@
+<script>
+$("content").style.display = "none";
+</script>
+
 <h1><%= t 'user.confirm.heading' %></h1>
 
 <p><%= t 'user.confirm.press confirm button' %></p>
 
-<form method="post">
-<input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
-<input type="submit" name="confirm_action" value="<%= t 'user.confirm.button' %>">
+<form id="confirm" method="post">
+  <input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
+  <input type="submit" name="confirm_action" value="<%= t 'user.confirm.button' %>">
 </form>
 
-
+<script>
+$("confirm").submit();
+</script>

diff --git a/app/views/user/confirm_email.html.erb b/app/views/user/confirm_email.html.erb
index 16e718a4ab4e33886eabcbe4580c012f6f82af84..fd17ef08a656b49a3e3ace8987b23d8b6cee2e32 100644 (file)
--- a/app/views/user/confirm_email.html.erb
+++ b/app/views/user/confirm_email.html.erb
@@ -1,8 +1,16 @@
+<script>
+$("content").style.display = "none";
+</script>
+
 <h1><%= t 'user.confirm_email.heading' %></h1>
 
 <p><%= t 'user.confirm_email.press confirm button' %></p>
 
-<form method="post">
-<input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
-<input type="submit" name="confirm_action" value="<%= t 'user.confirm_email.button' %>">
+<form id="confirm" method="post">
+  <input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
+  <input type="submit" name="confirm_action" value="<%= t 'user.confirm_email.button' %>">
 </form>
+
+<script>
+$("confirm").submit();
+</script>