cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use rails tokens for signup confirmations

Browse source
This commit is contained in:
Tom Hughes 2023-12-07 18:49:49 +00:00
parent ad2739347b
commit 4dff06a629
11 changed files with 87 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/concerns/session_methods.rb
View file

@ -62,9 +62,10 @@ module SessionMethods
##
#
def unconfirmed_login(user)
session[:token] = user.tokens.create.token
session[:pending_user] = user.id
redirect_to :controller => "confirmations", :action => "confirm", :display_name => user.display_name
redirect_to :controller => "confirmations", :action => "confirm",
:display_name => user.display_name, :referer => session[:referer]
session.delete(:remember_me)
session.delete(:referer)

45
app/controllers/confirmations_controller.rb
View file

@ -15,41 +15,37 @@ class ConfirmationsController < ApplicationController
def confirm
if request.post?
token = UserToken.find_by(:token => params[:confirm_string])
if token&.user&.active?
flash[:error] = t(".already active")
redirect_to login_path
elsif !token || token.expired?
token = params[:confirm_string]
user = User.find_by_token_for(:new_user, token) ||
UserToken.unexpired.find_by(:token => token)&.user
if !user
flash[:error] = t(".unknown token")
redirect_to :action => "confirm"
elsif !token.user.visible?
render_unknown_user token.user.display_name
elsif user.active?
flash[:error] = t(".already active")
redirect_to login_path
elsif !user.visible?
render_unknown_user user.display_name
else
user = token.user
user.activate
user.email_valid = true
flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
user.save!
referer = safe_referer(token.referer) if token.referer
token.destroy
referer = safe_referer(params[:referer]) if params[:referer]
UserToken.delete_by(:token => token)
if session[:token]
token = UserToken.find_by(:token => session[:token])
session.delete(:token)
else
token = nil
end
if token.nil? || token.user != user
flash[:notice] = t(".success")
redirect_to login_path(:referer => referer)
else
token.destroy
pending_user = session.delete(:pending_user)
if user.id == pending_user
session[:user] = user.id
session[:fingerprint] = user.fingerprint
redirect_to referer || welcome_path
else
flash[:notice] = t(".success")
redirect_to login_path(:referer => referer)
end
end
else
@ -61,12 +57,11 @@ class ConfirmationsController < ApplicationController
def confirm_resend
user = User.visible.find_by(:display_name => params[:display_name])
token = UserToken.find_by(:token => session[:token])
if user.nil? || token.nil? || token.user != user
if user.nil? || user.id != session[:pending_user]
flash[:error] = t ".failure", :name => params[:display_name]
else
UserMailer.signup_confirm(user, user.tokens.create).deliver_later
UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later
flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
end

7
app/controllers/sessions_controller.rb
View file

@ -27,12 +27,7 @@ class SessionsController < ApplicationController
@title = t ".title"
if request.post?
if session[:token]
token = UserToken.find_by(:token => session[:token])
token&.destroy
session.delete(:token)
end
session.delete(:pending_user)
session.delete(:user)
session_expires_automatically

4
app/controllers/users_controller.rb
View file

@ -203,8 +203,8 @@ class UsersController < ApplicationController
session[:referer] = referer
successful_login(current_user)
else
session[:token] = current_user.tokens.create.token
UserMailer.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_later
session[:pending_user] = current_user.id
UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later
redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name
end
else