app/controllers/confirmations_controller.rb

   1 # frozen_string_literal: true
   2
   3 class ConfirmationsController < ApplicationController
   4   include SessionMethods
   5   include UserMethods
   6
   7   layout :site_layout
   8
   9   before_action :authorize_web
  10   before_action :set_locale
  11   before_action :check_database_readable
  12
  13   authorize_resource :class => false
  14
  15   before_action :check_database_writable, :only => [:confirm, :confirm_email]
  16   before_action :require_cookies, :only => [:confirm]
  17
  18   def confirm
  19     if request.post?
  20       user = User.find_by_token_for(:new_user, params[:confirm_string])
  21
  22       if !user
  23         flash[:error] = t(".unknown token")
  24         redirect_to :action => "confirm"
  25       elsif user.active?
  26         flash[:error] = t(".already active")
  27         redirect_to login_path
  28       elsif !user.visible?
  29         render_unknown_user user.display_name
  30       else
  31         user.activate
  32         user.email_valid = true
  33         flash[:notice] = gravatar_status_message(user) if user.gravatar_enable!
  34         user.save!
  35         cookies.delete :_osm_anonymous_notes_count
  36         referer = safe_referer(params[:referer]) if params[:referer]
  37
  38         pending_user = session.delete(:pending_user)
  39
  40         if user.id == pending_user
  41           session[:user] = user.id
  42           session[:fingerprint] = user.fingerprint
  43
  44           redirect_to referer || welcome_path
  45         else
  46           flash[:notice] = t(".success")
  47           redirect_to login_path(:referer => referer)
  48         end
  49       end
  50     else
  51       user = User.visible.find_by(:display_name => params[:display_name])
  52
  53       redirect_to root_path if user.nil? || user.active?
  54     end
  55   end
  56
  57   def confirm_resend
  58     user = User.visible.find_by(:display_name => params[:display_name])
  59
  60     if user.nil? || user.id != session[:pending_user]
  61       flash[:error] = t ".failure", :name => params[:display_name]
  62     else
  63       UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later
  64       flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
  65     end
  66
  67     redirect_to login_path
  68   end
  69
  70   def confirm_email
  71     if request.post?
  72       self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])
  73
  74       if current_user&.new_email?
  75         current_user.email = current_user.new_email
  76         current_user.new_email = nil
  77         current_user.email_valid = true
  78         gravatar_enabled = current_user.gravatar_enable!
  79         if current_user.save
  80           flash[:notice] = if gravatar_enabled
  81                              "#{t('.success')} #{gravatar_status_message(current_user)}"
  82                            else
  83                              t(".success")
  84                            end
  85         else
  86           flash[:errors] = current_user.errors
  87         end
  88         session[:user] = current_user.id
  89         session[:fingerprint] = current_user.fingerprint
  90       elsif current_user
  91         flash[:error] = t ".failure"
  92       else
  93         flash[:error] = t ".unknown_token"
  94       end
  95
  96       redirect_to account_path
  97     end
  98   end
  99
 100   private
 101
 102   ##
 103   # display a message about the current status of the Gravatar setting
 104   def gravatar_status_message(user)
 105     if user.image_use_gravatar
 106       t ".gravatar.enabled"
 107     else
 108       t ".gravatar.disabled"
 109     end
 110   end
 111 end