X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/7a66c6d4eb65a5ad6438970375cf3ea6ac4e3cfc..094d6c8bb9949825e1e66b07ba39190a8b57aa0b:/app/controllers/confirmations_controller.rb

diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb
new file mode 100644
index 000000000..b77ed09b3
--- /dev/null
+++ b/app/controllers/confirmations_controller.rb
@@ -0,0 +1,137 @@
+class ConfirmationsController < ApplicationController
+  include SessionMethods
+
+  layout "site"
+
+  before_action :authorize_web
+  before_action :set_locale
+  before_action :check_database_readable
+
+  authorize_resource :class => false
+
+  before_action :check_database_writable, :only => [:confirm, :confirm_email]
+  before_action :require_cookies, :only => [:confirm]
+
+  def confirm
+    if request.post?
+      token = UserToken.find_by(:token => params[:confirm_string])
+      if token&.user&.active?
+        flash[:error] = t("confirmations.confirm.already active")
+        redirect_to login_path
+      elsif !token || token.expired?
+        flash[:error] = t("confirmations.confirm.unknown token")
+        redirect_to :action => "confirm"
+      elsif !token.user.visible?
+        render_unknown_user token.user.display_name
+      else
+        user = token.user
+        user.status = "active"
+        user.email_valid = true
+        flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
+        user.save!
+        referer = safe_referer(token.referer) if token.referer
+        token.destroy
+
+        if session[:token]
+          token = UserToken.find_by(:token => session[:token])
+          session.delete(:token)
+        else
+          token = nil
+        end
+
+        if token.nil? || token.user != user
+          flash[:notice] = t("confirmations.confirm.success")
+          redirect_to login_path(:referer => referer)
+        else
+          token.destroy
+
+          session[:user] = user.id
+          session[:fingerprint] = user.fingerprint
+
+          redirect_to referer || welcome_path
+        end
+      end
+    else
+      user = User.visible.find_by(:display_name => params[:display_name])
+
+      redirect_to root_path if user.nil? || user.active?
+    end
+  end
+
+  def confirm_resend
+    user = User.visible.find_by(:display_name => params[:display_name])
+    token = UserToken.find_by(:token => session[:token])
+
+    if user.nil? || token.nil? || token.user != user
+      flash[:error] = t "confirmations.confirm_resend.failure", :name => params[:display_name]
+    else
+      UserMailer.signup_confirm(user, user.tokens.create).deliver_later
+      flash[:notice] = t "confirmations.confirm_resend.success_html", :email => user.email, :sender => Settings.support_email
+    end
+
+    redirect_to login_path
+  end
+
+  def confirm_email
+    if request.post?
+      token = UserToken.find_by(:token => params[:confirm_string])
+      if token&.user&.new_email?
+        self.current_user = token.user
+        current_user.email = current_user.new_email
+        current_user.new_email = nil
+        current_user.email_valid = true
+        gravatar_enabled = gravatar_enable(current_user)
+        if current_user.save
+          flash[:notice] = if gravatar_enabled
+                             "#{t('confirmations.confirm_email.success')} #{gravatar_status_message(current_user)}"
+                           else
+                             t("confirmations.confirm_email.success")
+                           end
+        else
+          flash[:errors] = current_user.errors
+        end
+        current_user.tokens.delete_all
+        session[:user] = current_user.id
+        session[:fingerprint] = current_user.fingerprint
+        redirect_to :controller => :users, :action => :account, :display_name => current_user.display_name
+      elsif token
+        flash[:error] = t "confirmations.confirm_email.failure"
+        redirect_to :controller => :users, :action => :account, :display_name => token.user.display_name
+      else
+        flash[:error] = t "confirmations.confirm_email.unknown_token"
+      end
+    end
+  end
+
+  private
+
+  ##
+  # check if this user has a gravatar and set the user pref is true
+  def gravatar_enable(user)
+    # code from example https://en.gravatar.com/site/implement/images/ruby/
+    return false if user.avatar.attached?
+
+    begin
+      hash = Digest::MD5.hexdigest(user.email.downcase)
+      url = "https://www.gravatar.com/avatar/#{hash}?d=404" # without d=404 we will always get an image back
+      response = OSM.http_client.get(URI.parse(url))
+      available = response.success?
+    rescue StandardError
+      available = false
+    end
+
+    oldsetting = user.image_use_gravatar
+    user.image_use_gravatar = available
+    oldsetting != user.image_use_gravatar
+  end
+
+  ##
+  # display a message about th current status of the gravatar setting
+  def gravatar_status_message(user)
+    if user.image_use_gravatar
+      t "users.account.gravatar.enabled"
+    else
+      t "users.account.gravatar.disabled"
+    end
+  end
+end