From 0874c807e3eb02a2880b2a175f066261ee374623 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 4 Oct 2010 17:47:56 +0100
Subject: [PATCH] Use javascript to automatically submit confirmation forms

In order to avoid forcing the user to press a confirm button, whilst
still not running into the problems we used to have with virus scanners
activating accounts we use javascript to hide and then automatically
submit the confirmation form.
---
 app/controllers/user_controller.rb    | 10 ++++++----
 app/views/user/confirm.html.erb       | 14 ++++++++++----
 app/views/user/confirm_email.html.erb | 14 +++++++++++---
 3 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 21561736c..86b79e8f4 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -247,7 +247,7 @@ class UserController < ApplicationController
   end
 
   def confirm
-    if params[:confirm_action]
+    if request.post?
       token = UserToken.find_by_token(params[:confirm_string])
       if token and !token.user.active?
         @user = token.user
@@ -264,13 +264,14 @@ class UserController < ApplicationController
           redirect_to :action => 'account', :display_name => @user.display_name
         end
       else
-        flash.now[:error] = t 'user.confirm.failure'
+        flash[:error] = t 'user.confirm.failure'
+        redirect_to :action => 'login', :display_name => @user.display_name
       end
     end
   end
 
   def confirm_email
-    if params[:confirm_action]
+    if request.post?
       token = UserToken.find_by_token(params[:confirm_string])
       if token and token.user.new_email?
         @user = token.user
@@ -286,7 +287,8 @@ class UserController < ApplicationController
         session[:user] = @user.id
         redirect_to :action => 'account', :display_name => @user.display_name
       else
-        flash.now[:error] = t 'user.confirm_email.failure'
+        flash[:error] = t 'user.confirm_email.failure'
+        redirect_to :action => 'account', :display_name => @user.display_name
       end
     end
   end
diff --git a/app/views/user/confirm.html.erb b/app/views/user/confirm.html.erb
index 5a4106ee3..c7894380c 100644
--- a/app/views/user/confirm.html.erb
+++ b/app/views/user/confirm.html.erb
@@ -1,10 +1,16 @@
+<script>
+$("content").style.display = "none";
+</script>
+
 <h1><%= t 'user.confirm.heading' %></h1>
 
 <p><%= t 'user.confirm.press confirm button' %></p>
 
-<form method="post">
-<input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
-<input type="submit" name="confirm_action" value="<%= t 'user.confirm.button' %>">
+<form id="confirm" method="post">
+  <input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
+  <input type="submit" name="confirm_action" value="<%= t 'user.confirm.button' %>">
 </form>
 
-
+<script>
+$("confirm").submit();
+</script>
diff --git a/app/views/user/confirm_email.html.erb b/app/views/user/confirm_email.html.erb
index 16e718a4a..fd17ef08a 100644
--- a/app/views/user/confirm_email.html.erb
+++ b/app/views/user/confirm_email.html.erb
@@ -1,8 +1,16 @@
+<script>
+$("content").style.display = "none";
+</script>
+
 <h1><%= t 'user.confirm_email.heading' %></h1>
 
 <p><%= t 'user.confirm_email.press confirm button' %></p>
 
-<form method="post">
-<input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
-<input type="submit" name="confirm_action" value="<%= t 'user.confirm_email.button' %>">
+<form id="confirm" method="post">
+  <input type="hidden" name="confirm_string" value="<%= params[:confirm_string] %>">
+  <input type="submit" name="confirm_action" value="<%= t 'user.confirm_email.button' %>">
 </form>
+
+<script>
+$("confirm").submit();
+</script>
-- 
2.43.2