app/controllers/confirmations_controller.rb

   1 # frozen_string_literal: true
   2
   3 class ConfirmationsController < ApplicationController
   4   include SessionMethods
   5   include UserMethods
   6
   7   layout :site_layout
   8
   9   before_action :authorize_web
  10   before_action :set_locale
  11   before_action :check_database_readable
  12
  13   authorize_resource :class => false
  14
  15   before_action :check_database_writable, :only => [:confirm, :confirm_email]
  16   before_action :require_cookies, :only => [:confirm]
  17
  18   def confirm
  19     if request.post?
  20       user = User.find_by_token_for(:new_user, params[:confirm_string])
  21
  22       if !user
  23         flash[:error] = t(".unknown token")
  24         redirect_to :action => "confirm"
  25       elsif user.active?
  26         flash[:error] = t(".already active")
  27         redirect_to login_path
  28       elsif !user.visible?
  29         render_unknown_user user.display_name
  30       else
  31         user.activate
  32         user.email_valid = true
  33         flash[:notice] = gravatar_status_message(user) if user.gravatar_enable!
  34         user.save!
  35         cookies.delete :_osm_anonymous_notes_count
  36         referer = safe_referer(params[:referer]) if params[:referer]
  37
  38         pending_user = session.delete(:pending_user)
  39
  40         if user.id == pending_user
  41           session[:user] = user.id
  42           session[:fingerprint] = user.fingerprint
  43
  44           redirect_to referer || welcome_path
  45         else
  46           flash[:notice] = t(".success")
  47           redirect_to login_path(:referer => referer)
  48         end
  49       end
  50     else
  51       user = User.visible.find_by(:display_name => params[:display_name])
  52
  53       redirect_to root_path if user.nil? || user.active?
  54     end
  55   end
  56
  57   def confirm_resend
  58     user = User.visible.find_by(:display_name => params[:display_name])
  59
  60     if user.nil? || user.id != session[:pending_user]
  61       flash[:error] = t ".failure", :name => params[:display_name]
  62     else
  63       UserMailer.with(
  64         :user => user,
  65         :token => user.generate_token_for(:new_user)
  66       ).signup_confirm.deliver_later
  67       flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
  68     end
  69
  70     redirect_to login_path
  71   end
  72
  73   def confirm_email
  74     if request.post?
  75       self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])
  76
  77       if current_user&.new_email?
  78         current_user.email = current_user.new_email
  79         current_user.new_email = nil
  80         current_user.email_valid = true
  81         gravatar_enabled = current_user.gravatar_enable!
  82         if current_user.save
  83           flash[:notice] = if gravatar_enabled
  84                              "#{t('.success')} #{gravatar_status_message(current_user)}"
  85                            else
  86                              t(".success")
  87                            end
  88         else
  89           flash[:errors] = current_user.errors
  90         end
  91         session[:user] = current_user.id
  92         session[:fingerprint] = current_user.fingerprint
  93       elsif current_user
  94         flash[:error] = t ".failure"
  95       else
  96         flash[:error] = t ".unknown_token"
  97       end
  98
  99       redirect_to account_path
 100     end
 101   end
 102
 103   private
 104
 105   ##
 106   # display a message about the current status of the Gravatar setting
 107   def gravatar_status_message(user)
 108     if user.image_use_gravatar
 109       t ".gravatar.enabled"
 110     else
 111       t ".gravatar.disabled"
 112     end
 113   end
 114 end