-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathusers_controller.rb
205 lines (183 loc) · 6.4 KB
/
users_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
class UsersController < ApplicationController
before_filter :admin_login_required, :only => [ :index, :show, :destroy ]
skip_before_filter :login_required, :only => [ :new, :create ]
skip_before_filter :check_for_deprecated_password_hash,
:only => [ :change_password, :update_password ]
prepend_before_filter :login_optional, :only => [ :new, :create ]
# GET /users GET /users.xml
def index
respond_to do |format|
format.html do
@page_title = "TRACKS::Manage Users"
@users = User.order('login ASC').paginate :page => params[:page]
@total_users = User.count
# When we call users/signup from the admin page we store the URL so that
# we get returned here when signup is successful
store_location
end
format.xml do
@users = User.order('login')
render :xml => @users.to_xml(:except => [ :password ])
end
end
end
# GET /users/id GET /users/id.xml
def show
@user = User.find(params[:id])
render :xml => @user.to_xml(:except => [ :password ])
end
# GET /users/new
def new
@auth_types = []
unless session[:cas_user]
Tracks::Config.auth_schemes.each {|auth| @auth_types << [auth,auth]}
else
@auth_types << ['cas','cas']
end
if User.no_users_yet?
@page_title = t('users.first_user_title')
@heading = t('users.first_user_heading')
@user = get_new_user
elsif (@user && @user.is_admin?) || SITE_CONFIG['open_signups']
@page_title = t('users.new_user_title')
@heading = t('users.new_user_heading')
@user = get_new_user
else # all other situations (i.e. a non-admin is logged in, or no one is logged in, but we have some users)
@page_title = t('users.no_signups_title')
@admin_email = SITE_CONFIG['admin_email']
render :action => "nosignup", :layout => "login"
return
end
render :layout => "login"
end
# Example usage: curl -H 'Accept: application/xml' -H 'Content-Type:
# application/xml'
# -u admin:up2n0g00d
# -d '<request><login>username</login><password>abc123</password></request>'
# http://our.tracks.host/users
#
# POST /users POST /users.xml
def create
if params['exception']
render_failure "Expected post format is valid xml like so: <user><login>username</login><password>abc123</password></user>."
return
end
respond_to do |format|
format.html do
unless User.no_users_yet? || (@user && @user.is_admin?) || SITE_CONFIG['open_signups']
@page_title = t('users.no_signups_title')
@admin_email = SITE_CONFIG['admin_email']
render :action => "nosignup", :layout => "login"
return
end
user = User.new(user_params)
unless user.valid?
session['new_user'] = user
redirect_to signup_path
return
end
signup_by_admin = true if (@user && @user.is_admin?)
first_user_signing_up = User.no_users_yet?
user.is_admin = true if first_user_signing_up
if user.save
@user = User.authenticate(user.login, params['user']['password'])
@user.create_preference({:locale => I18n.locale})
@user.save
session['user_id'] = @user.id unless signup_by_admin
notify :notice, t('users.signup_successful', :username => @user.login)
redirect_back_or_home
end
return
end
format.xml do
unless current_user && current_user.is_admin
render :text => "401 Unauthorized: Only admin users are allowed access to this function.", :status => 401
return
end
unless check_create_user_params
render_failure "Expected post format is valid xml like so: <user><login>username</login><password>abc123</password></user>.", 400
return
end
user = User.new(user_params)
user.password_confirmation = user_params[:password]
saved = user.save
unless user.new_record?
render :text => t('users.user_created'), :status => 200
else
render_failure user.errors.to_xml, 409
end
return
end
end
end
# DELETE /users/id DELETE /users/id.xml
def destroy
@deleted_user = User.find(params[:id])
@saved = @deleted_user.destroy
@total_users = User.count
respond_to do |format|
format.html do
if @saved
notify :notice, t('users.successfully_deleted_user', :username => @deleted_user.login)
else
notify :error, t('users.failed_to_delete_user', :username => @deleted_user.login)
end
redirect_to users_url
end
format.js
format.xml { head :ok }
end
end
def change_password
@page_title = t('users.change_password_title')
end
def update_password
# is used for focing password change after sha->bcrypt upgrade
current_user.change_password(user_params[:password], user_params[:password_confirmation])
notify :notice, t('users.password_updated')
redirect_to preferences_path
rescue Exception => error
notify :error, error.message
redirect_to change_password_user_path(current_user)
end
def change_auth_type
@page_title = t('users.change_auth_type_title')
end
def update_auth_type
current_user.auth_type = user_params[:auth_type]
if current_user.save
notify :notice, t('users.auth_type_updated')
redirect_to preferences_path
else
notify :warning, t('users.auth_type_update_error', :error_messages => current_user.errors.full_messages.join(', '))
redirect_to change_auth_type_user_path(current_user)
end
end
def refresh_token
current_user.generate_token
current_user.save!
notify :notice, t('users.new_token_generated')
redirect_to preferences_path
end
private
def user_params
params.require(:user).permit(:login, :first_name, :last_name, :password_confirmation, :password, :auth_type, :open_id_url)
end
def get_new_user
if session['new_user']
user = session['new_user']
session['new_user'] = nil
else
user = User.new
end
user
end
def check_create_user_params
return false unless params.has_key?(:user)
return false unless params[:user].has_key?(:login)
return false if params[:user][:login].empty?
return false unless params[:user].has_key?(:password)
return false if params[:user][:password].empty?
return true
end
end