3 class LoginController < ApplicationController
4 before_filter :authorize, :except => [:login,
6 :create_student_account,
7 :new_account_confirmation,
15 # For these functions should not be accessiblase
17 before_filter :disable, :only => [:add_user, :delete_user]
19 layout 'application', :except => 'login'
21 def create_student_account
23 def is_allowed?(user_email)
25 user_email =~ /^.+@(.+)$/
28 File.open(ALLOWED_EMAILS_FILE).each do |raw_line|
30 return true if user_email == line
32 # Support for * matching
34 return true if user_host == $1
42 raise "Invalid Request. Expecting a specific POST" unless
43 params.include?(:user) and request.post?
45 return show_error("Please Enter an Email") if params[:user][:email] == ''
47 # SECURITY: Input Check
48 unless params[:user][:email] =~ SAFE_EMAIL
49 return show_error("Please Enter a Valid Email")
51 # De-coupled from the details of the SAFE_EMAIL regular expression
52 if params[:user][:email] =~ /^([^@]+)@(.+)$/
57 raise "Could not split the email into the 2 parts."
62 return show_error("Your Email is Not Authorized") unless is_allowed?(email)
64 new_password = PasswordGen.generate_pronounceable
67 new_user = User.new(:name => email,
68 :password => new_password,
69 :password_confirmation => new_password)
72 flash[:notices] ||= []
73 new_user.errors.full_messages.each do |msg|
74 flash[:notices] << msg
81 NewStudent.deliver_login_info(email, username, new_password)
83 redirect_to :action => 'new_account_confirmation'
88 @user = User.new(params[:user])
89 if request.post? and @user.save
90 flash[:notices] ||= []
91 flash[:notices] << "User #{@user.name} created"
98 if id && user = User.find(id)
99 flash[:notices] ||= []
102 flash[:notices] << "User #{user.name} deleted"
103 rescue Exception => e
104 flash[:notices] << e.message
107 redirect_to(:action => :list_users)
111 @all_users = User.find(:all)
115 session[:user_id] = nil
117 raise "Expecting a POST request"
122 user = User.authenticate(params[:name], params[:password])
126 session[:user_id] = user.id
128 if session[:mwamko_mode] == ['normal', 'gadget'][1]
129 redirect_to(:controller => 'gadget')
130 elsif User.find_by_id(session[:user_id]).is_admin
131 redirect_to(:controller => 'admin')
133 redirect_to(:controller => "cytoskeleton")
138 redirect_to(:controller => 'homepage')
139 flash[:notices] ||= []
140 flash[:notices] << "Invalid email/password combination."
148 unless session[:workers].nil? or session[:workers].empty?
149 add_error("Please wait. Some things are still in progress...")
150 if session[:mwamko_mode] == ['normal', 'gadget'][1]:
151 redirect_to :controller => 'gadget', :action => 'areas'
153 redirect_to :controller => 'cytoskeleton', :action => 'areas'
158 unless session[:user_id].nil?
159 #remember the session mode before resetting, then set it back after.
160 temp_sessionmode = session[:mwamko_mode]
162 session[:mwamko_mode] = temp_sessionmode
167 add_error "Logged out"
168 if session[:mwamko_mode] == ['normal', 'gadget'][1]:
169 redirect_to :controller => 'gadget'
176 user = params['user']
177 email = user['email']
178 #get user name from the email address
181 error = "@ was not in the email address"
184 ar = email.split("@")
186 @found = User.exists?(:name => "#{user_name}")
188 # generate a random string containing letters and number
189 email_token = PasswordGen.generate_pronounceable(16)
190 # insert token into database
191 record = User.find_by_name("#{user_name}")
193 record.email_token = email_token
197 NewStudent.deliver_reset_password(email, user_name, email_token)
199 redirect_to(:controller => 'login',
200 :action => 'unknown_user',
204 redirect_to(:controller => 'login',
205 :action => 'invalid_email',
212 #make sure token is valid
213 record = User.find_by_email_token(token)
215 #appropiate error message and redirection
216 redirect_to(:action => 'invalid_token')
218 #generate new password and email it
219 email = record.name + "@cs.ucr.edu"
220 new_password = PasswordGen.generate_pronounceable
221 record.password_confirmation = new_password
222 record.password = new_password
223 record.email_token = nil
225 NewStudent.deliver_new_password(email, record.name,new_password)
230 password_1 = params[:password_1]
231 password_2 = params[:password_2]
234 # simple checks to see if the passwords the user provided match and
235 # that they are not blank
236 if(password_1.empty? and password_2.empty?)
237 redirect_to({:action => 'blank_fields'})
238 elsif(password_1 == password_2)
240 def password_1.is_safe?
241 # Alphanumeric or !@#$%^&*()_+-= or comma or dot or space
242 self =~ SAFE_PASSWORD
245 if !password_1.is_safe?
246 redirect_to :action => 'unsafe_password'
249 def password_1.is_strong?
250 PASSWORD_IS_STRONG(self)
253 if !password_1.is_strong?
254 redirect_to :action => 'weak_password'
256 record = User.find(session[:user_id])
257 record.password_confirmation = password_1
258 record.password = password_1
260 redirect_to({:action => 'success'})
265 elsif(password_1 != password_2)
266 redirect_to({:action => 'no_match'})
273 def redirect_home(keywords={})
275 redirect_to({:controller => 'homepage',
276 :action => 'about'}.merge(keywords))
280 def redirect_back(keywords={})
281 redirect_to(:back, keywords) rescue redirect_home
286 flash[:notices] ||= []
287 flash[:notices] << msg
292 return redirect_home()