1 # Redmine - project management software
2 # Copyright (C) 2006-2009 Jean-Philippe Lang
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 class AccountController < ApplicationController
20 include CustomFieldsHelper
22 # prevents login action to be filtered by check_if_login_required application scope filter
23 skip_before_filter :check_if_login_required
25 # Login request and validation
34 # Log out current user and redirect to welcome page
40 # Enable user to choose a new password
42 redirect_to(home_url) && return unless Setting.lost_password?
44 @token = Token.find_by_action_and_value("recovery", params[:token])
45 redirect_to(home_url) && return unless @token and !@token.expired?
48 @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
51 flash[:notice] = l(:notice_account_password_updated)
52 redirect_to :action => 'login'
56 render :template => "account/password_recovery"
60 user = User.find_by_mail(params[:mail])
61 # user not found in db
62 (flash.now[:error] = l(:notice_account_unknown_email); return) unless user
63 # user uses an external authentification
64 (flash.now[:error] = l(:notice_can_t_change_password); return) if user.auth_source_id
65 # create a new token for password recovery
66 token = Token.new(:user => user, :action => "recovery")
68 Mailer.deliver_lost_password(token)
69 flash[:notice] = l(:notice_account_lost_email_sent)
70 redirect_to :action => 'login'
77 # User self-registration
79 redirect_to(home_url) && return unless Setting.self_registration? || session[:auth_source_registration]
81 session[:auth_source_registration] = nil
82 @user = User.new(:language => Setting.default_language)
84 @user = User.new(params[:user])
87 if session[:auth_source_registration]
89 @user.login = session[:auth_source_registration][:login]
90 @user.auth_source_id = session[:auth_source_registration][:auth_source_id]
92 session[:auth_source_registration] = nil
93 self.logged_user = @user
94 flash[:notice] = l(:notice_account_activated)
95 redirect_to :controller => 'my', :action => 'account'
98 @user.login = params[:user][:login]
99 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
101 case Setting.self_registration
103 register_by_email_activation(@user)
105 register_automatically(@user)
107 register_manually_by_administrator(@user)
113 # Token based account activation
115 redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
116 token = Token.find_by_action_and_value('register', params[:token])
117 redirect_to(home_url) && return unless token and !token.expired?
119 redirect_to(home_url) && return unless user.registered?
123 flash[:notice] = l(:notice_account_activated)
125 redirect_to :action => 'login'
131 if User.current.logged?
132 cookies.delete :autologin
133 Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
134 self.logged_user = nil
138 def authenticate_user
139 if Setting.openid? && using_open_id?
140 open_id_authenticate(params[:openid_url])
142 password_authentication
146 def password_authentication
147 user = User.try_to_login(params[:username], params[:password])
151 elsif user.new_record?
152 onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
155 successful_authentication(user)
160 def open_id_authenticate(openid_url)
161 authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration|
162 if result.successful?
163 user = User.find_or_initialize_by_identity_url(identity_url)
165 # Self-registration off
166 redirect_to(home_url) && return unless Setting.self_registration?
169 user.login = registration['nickname'] unless registration['nickname'].nil?
170 user.mail = registration['email'] unless registration['email'].nil?
171 user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
175 case Setting.self_registration
177 register_by_email_activation(user) do
178 onthefly_creation_failed(user)
181 register_automatically(user) do
182 onthefly_creation_failed(user)
185 register_manually_by_administrator(user) do
186 onthefly_creation_failed(user)
192 successful_authentication(user)
201 def successful_authentication(user)
203 self.logged_user = user
204 # generate a key and set cookie if autologin
205 if params[:autologin] && Setting.autologin?
206 token = Token.create(:user => user, :action => 'autologin')
207 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
209 call_hook(:controller_account_success_authentication_after, {:user => user })
210 redirect_back_or_default :controller => 'my', :action => 'page'
213 # Onthefly creation failed, display the registration form to fill/fix attributes
214 def onthefly_creation_failed(user, auth_source_options = { })
216 session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
217 render :action => 'register'
220 def invalid_credentials
221 logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
222 flash.now[:error] = l(:notice_account_invalid_creditentials)
225 # Register a user for email activation.
227 # Pass a block for behavior when a user fails to save
228 def register_by_email_activation(user, &block)
229 token = Token.new(:user => user, :action => "register")
230 if user.save and token.save
231 Mailer.deliver_register(token)
232 flash[:notice] = l(:notice_account_register_done)
233 redirect_to :action => 'login'
235 yield if block_given?
239 # Automatically register a user
241 # Pass a block for behavior when a user fails to save
242 def register_automatically(user, &block)
243 # Automatic activation
245 user.last_login_on = Time.now
247 self.logged_user = user
248 flash[:notice] = l(:notice_account_activated)
249 redirect_to :controller => 'my', :action => 'account'
251 yield if block_given?
255 # Manual activation by the administrator
257 # Pass a block for behavior when a user fails to save
258 def register_manually_by_administrator(user, &block)
260 # Sends an email to the administrators
261 Mailer.deliver_account_activation_request(user)
264 yield if block_given?
269 flash[:notice] = l(:notice_account_pending)
270 redirect_to :action => 'login'