X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/4a6e7b78152446a933dc9bb1364ab00bcf254872..7e5cbe87ed37f9cba8224fa4049047d7f981f66a:/app/controllers/accounts_controller.rb

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
new file mode 100644
index 000000000..63da1293f
--- /dev/null
+++ b/app/controllers/accounts_controller.rb
@@ -0,0 +1,64 @@
+class AccountsController < ApplicationController
+  include SessionMethods
+  include UserMethods
+
+  layout "site"
+
+  before_action :authorize_web
+  before_action :set_locale
+
+  authorize_resource :class => false
+
+  before_action :check_database_readable
+  before_action :check_database_writable, :only => [:update]
+  before_action :allow_thirdparty_images, :only => [:edit, :update]
+
+  def edit
+    @tokens = current_user.oauth_tokens.authorized
+
+    append_content_security_policy_directives(
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+    )
+
+    if errors = session.delete(:user_errors)
+      errors.each do |attribute, error|
+        current_user.errors.add(attribute, error)
+      end
+    end
+    @title = t ".title"
+  end
+
+  def update
+    @tokens = current_user.oauth_tokens.authorized
+
+    append_content_security_policy_directives(
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+    )
+
+    user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
+
+    if params[:user][:auth_provider].blank? ||
+       (params[:user][:auth_provider] == current_user.auth_provider &&
+        params[:user][:auth_uid] == current_user.auth_uid)
+      update_user(current_user, user_params)
+      if current_user.errors.count.zero?
+        redirect_to edit_account_path
+      else
+        render :edit
+      end
+    else
+      session[:new_user_settings] = user_params.to_h
+      redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid]), :status => :temporary_redirect
+    end
+  end
+
+  def destroy
+    current_user.soft_destroy!
+
+    session.delete(:user)
+    session_expires_automatically
+
+    flash[:notice] = t ".success"
+    redirect_to root_path
+  end
+end