app/controllers/confirmations_controller.rb

   1 class ConfirmationsController < ApplicationController
   2   include SessionMethods
   3   include UserMethods
   4
   5   layout "site"
   6
   7   before_action :authorize_web
   8   before_action :set_locale
   9   before_action :check_database_readable
  10
  11   authorize_resource :class => false
  12
  13   before_action :check_database_writable, :only => [:confirm, :confirm_email]
  14   before_action :require_cookies, :only => [:confirm]
  15
  16   def confirm
  17     if request.post?
  18       user = User.find_by_token_for(:new_user, params[:confirm_string])
  19
  20       if !user
  21         flash[:error] = t(".unknown token")
  22         redirect_to :action => "confirm"
  23       elsif user.active?
  24         flash[:error] = t(".already active")
  25         redirect_to login_path
  26       elsif !user.visible?
  27         render_unknown_user user.display_name
  28       else
  29         user.activate
  30         user.email_valid = true
  31         flash[:notice] = gravatar_status_message(user) if user.gravatar_enable!
  32         user.save!
  33         cookies.delete :_osm_anonymous_notes_count
  34         referer = safe_referer(params[:referer]) if params[:referer]
  35
  36         pending_user = session.delete(:pending_user)
  37
  38         if user.id == pending_user
  39           session[:user] = user.id
  40           session[:fingerprint] = user.fingerprint
  41
  42           redirect_to referer || welcome_path
  43         else
  44           flash[:notice] = t(".success")
  45           redirect_to login_path(:referer => referer)
  46         end
  47       end
  48     else
  49       user = User.visible.find_by(:display_name => params[:display_name])
  50
  51       redirect_to root_path if user.nil? || user.active?
  52     end
  53   end
  54
  55   def confirm_resend
  56     user = User.visible.find_by(:display_name => params[:display_name])
  57
  58     if user.nil? || user.id != session[:pending_user]
  59       flash[:error] = t ".failure", :name => params[:display_name]
  60     else
  61       UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later
  62       flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
  63     end
  64
  65     redirect_to login_path
  66   end
  67
  68   def confirm_email
  69     if request.post?
  70       self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])
  71
  72       if current_user&.new_email?
  73         current_user.email = current_user.new_email
  74         current_user.new_email = nil
  75         current_user.email_valid = true
  76         gravatar_enabled = current_user.gravatar_enable!
  77         if current_user.save
  78           flash[:notice] = if gravatar_enabled
  79                              "#{t('.success')} #{gravatar_status_message(current_user)}"
  80                            else
  81                              t(".success")
  82                            end
  83         else
  84           flash[:errors] = current_user.errors
  85         end
  86         session[:user] = current_user.id
  87         session[:fingerprint] = current_user.fingerprint
  88       elsif current_user
  89         flash[:error] = t ".failure"
  90       else
  91         flash[:error] = t ".unknown_token"
  92       end
  93
  94       redirect_to account_path
  95     end
  96   end
  97
  98   private
  99
 100   ##
 101   # display a message about the current status of the Gravatar setting
 102   def gravatar_status_message(user)
 103     if user.image_use_gravatar
 104       t ".gravatar.enabled"
 105     else
 106       t ".gravatar.disabled"
 107     end
 108   end
 109 end