foodsoft/app/controllers/login_controller.rb

133 lines
5 KiB
Ruby
Raw Normal View History

2009-01-06 11:49:19 +01:00
class LoginController < ApplicationController
skip_before_filter :authenticate # no authentication since this is the login page
filter_parameter_logging "password" # do not log "password" parameter
verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }
# Redirects to the login action.
def index
render :action => 'login'
end
# Logout the current user and deletes the session
def logout
self.return_to = nil
current_user = nil
reset_session
flash[:notice] = _("Logged out.")
render :action => 'login'
end
# Displays a "denied due to insufficient privileges" message and provides the login form.
def denied
flash[:error] = _("You are not authorized to do this. Please log in as another user or go back.")
render :action => 'login'
end
# Login to the foodsoft.
def login
user = User.find_by_nick(params[:login][:user])
if user && user.has_password(params[:login][:password])
# Set last_login to Now()
user.update_attribute(:last_login, Time.now)
self.current_user = user
if (redirect = return_to)
self.return_to = nil
redirect_to redirect
else
redirect_to :controller => 'index'
end
else
current_user = nil
flash[:error] = _("Sorry, login is not possible.")
end
end
# Display the form to enter an email address requesting a token to set a new password.
def forgot_password
end
# Sends an email to a user with the token that allows setting a new password through action "password".
def reset_password
if (user = User.find_by_email(params[:login][:email]))
user.reset_password_token = user.new_random_password(16)
user.reset_password_expires = Time.now.advance(:days => 2)
if user.save
email = Mailer.deliver_password(user)
logger.debug("Sent password reset email to #{user.email}.")
end
end
flash[:notice] = _("If your email address is listed in our system, you will now receive an email with the instructions how to change your password.")
render :action => 'login'
end
# Set a new password with a token from the password reminder email.
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
def password
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
if (@user.nil? || @user.reset_password_expires < Time.now)
flash[:error] = _("Invalid or expired token, password cannot be changed.")
render :action => 'forgot_password'
end
end
# Sets a new password.
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
def new
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
if (@user.nil? || @user.reset_password_expires < Time.now)
flash[:error] = _("Invalid or expired token, password cannot be changed.")
redirect_to :action => 'forgot_password'
else
@user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
if @user.errors.empty?
@user.reset_password_token = nil
@user.reset_password_expires = nil
if @user.save
flash[:notice] = _("New password has been saved, please log in.")
render :action => 'login'
else
@user = User.find(@user.id) # reload to refetch token
flash[:error] = _("When trying to save your new password an error has occured. Please try again.")
render :action => 'password'
end
else
flash[:error] = _("Error: #{@user.errors.on_base}.")
render :action => 'password'
end
end
end
# Invited users.
def invite
@invite = Invite.find_by_token(params[:id])
if (@invite.nil? || @invite.expires_at < Time.now)
flash[:error] = _("Your invitation is invalid or has expired, sorry!")
render :action => 'login'
elsif @invite.group.nil?
flash[:error] = _("The group you are invited to join doesn't exist any more!")
render :action => 'login'
elsif (request.post?)
User.transaction do
@user = User.new(params[:user])
@user.email = @invite.email
@user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
if (@user.errors.empty? && @user.save)
Membership.new(:user => @user, :group => @invite.group).save!
for setting in User::setting_keys.keys
@user.settings[setting] = (params[:user][:settings] && params[:user][:settings][setting] == '1' ? '1' : nil)
end
@invite.destroy
flash[:notice] = _("Congratulations, your account has been created successfully. You can log in now.")
render(:action => 'login')
end
end
else
@user = User.new(:email => @invite.email)
end
rescue
flash[:error] = _("An error has occured. Please try again.")
end
end