foodsoft/app/controllers/login_controller.rb

class LoginController < ApplicationController
  skip_before_filter :authenticate        # no authentication since this is the login page
  filter_parameter_logging "password"     # do not log "password" parameter
  
  verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }
  
  # Redirects to the login action.
  def index
    render :action => 'login'
  end
  
  # Logout the current user and deletes the session
  def logout
    self.return_to = nil 
    current_user = nil
    reset_session
    flash[:notice] = _("Logged out.")
    render :action => 'login'
  end
  
  # Displays a "denied due to insufficient privileges" message and provides the login form.
  def denied
    flash[:error] = _("You are not authorized to do this. Please log in as another user or go back.")
    render :action => 'login'
  end
  
  # Login to the foodsoft.
  def login
    user = User.find_by_nick(params[:login][:user])
    if user && user.has_password(params[:login][:password])
      # Set last_login to Now()
      user.update_attribute(:last_login, Time.now)
      self.current_user = user
      if (redirect = return_to) 
        self.return_to = nil 
        redirect_to redirect
      else
        redirect_to root_path
      end
    else
      current_user = nil
      flash[:error] = _("Sorry, login is not possible.")
    end
  end
  
  # Display the form to enter an email address requesting a token to set a new password.
  def forgot_password
  end
  
  # Sends an email to a user with the token that allows setting a new password through action "password".
  def reset_password
    if (user = User.find_by_email(params[:login][:email]))
      user.reset_password_token = user.new_random_password(16)
      user.reset_password_expires = Time.now.advance(:days => 2)
      if user.save
        email = Mailer.deliver_password(user)
        logger.debug("Sent password reset email to #{user.email}.")
      end
    end
    flash[:notice] = _("If your email address is listed in our system, you will now receive an email with the instructions how to change your password.")
    render :action => 'login'
  end
  
  # Set a new password with a token from the password reminder email.
  # Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
  def password
    @user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
    if (@user.nil? || @user.reset_password_expires < Time.now)        
      flash[:error] = _("Invalid or expired token, password cannot be changed.")
      render :action => 'forgot_password'
    end
  end
  
  # Sets a new password.
  # Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
  def new
    @user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
    if (@user.nil? || @user.reset_password_expires < Time.now)
      flash[:error] = _("Invalid or expired token, password cannot be changed.")
      redirect_to :action => 'forgot_password'
    else      
      @user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
      if @user.errors.empty?
        @user.reset_password_token = nil
        @user.reset_password_expires = nil
        if @user.save
          flash[:notice] = _("New password has been saved, please log in.")
          render :action => 'login'         
        else
          @user = User.find(@user.id)   # reload to refetch token
          flash[:error] = _("When trying to save your new password an error has occured. Please try again.")
          render :action => 'password'
        end
      else
        flash[:error] = _("Error: #{@user.errors.on_base}.")
        render :action => 'password'
      end
    end    
  end

  # Invited users.
  def invite
    @invite = Invite.find_by_token(params[:id])
    if (@invite.nil? || @invite.expires_at < Time.now)
      flash[:error] = _("Your invitation is invalid or has expired, sorry!")
      render :action => 'login'
    elsif @invite.group.nil?
      flash[:error] = _("The group you are invited to join doesn't exist any more!")
      render :action => 'login'
    elsif (request.post?)
      User.transaction do
        @user = User.new(params[:user])
        @user.email = @invite.email
        @user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
        if (@user.errors.empty? && @user.save)
          Membership.new(:user => @user, :group => @invite.group).save!
          for setting in User::setting_keys.keys
            @user.settings[setting] = (params[:user][:settings] && params[:user][:settings][setting] == '1' ? '1' : nil)
          end
          @invite.destroy
          flash[:notice] = _("Congratulations, your account has been created successfully. You can log in now.")
          render(:action => 'login')
        end
      end
    else
      @user = User.new(:email => @invite.email)
    end
  rescue
    flash[:error] = _("An error has occured. Please try again.")
  end
  
end
Initial commit of foodsoft 2 2009-01-06 11:49:19 +01:00			`class LoginController < ApplicationController`
			`skip_before_filter :authenticate # no authentication since this is the login page`
			`filter_parameter_logging "password" # do not log "password" parameter`

			`verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }`

			`# Redirects to the login action.`
			`def index`
			`render :action => 'login'`
			`end`

			`# Logout the current user and deletes the session`
			`def logout`
			`self.return_to = nil`
			`current_user = nil`
			`reset_session`
			`flash[:notice] = _("Logged out.")`
			`render :action => 'login'`
			`end`

			`# Displays a "denied due to insufficient privileges" message and provides the login form.`
			`def denied`
			`flash[:error] = _("You are not authorized to do this. Please log in as another user or go back.")`
			`render :action => 'login'`
			`end`

			`# Login to the foodsoft.`
			`def login`
			`user = User.find_by_nick(params[:login][:user])`
			`if user && user.has_password(params[:login][:password])`
			`# Set last_login to Now()`
			`user.update_attribute(:last_login, Time.now)`
			`self.current_user = user`
			`if (redirect = return_to)`
			`self.return_to = nil`
			`redirect_to redirect`
			`else`
Fixed some wrong links in startpage. Added gettext-help for controllers. 2009-02-01 23:09:03 +01:00			`redirect_to root_path`
Initial commit of foodsoft 2 2009-01-06 11:49:19 +01:00			`end`
			`else`
			`current_user = nil`
			`flash[:error] = _("Sorry, login is not possible.")`
			`end`
			`end`

			`# Display the form to enter an email address requesting a token to set a new password.`
			`def forgot_password`
			`end`

			`# Sends an email to a user with the token that allows setting a new password through action "password".`
			`def reset_password`
			`if (user = User.find_by_email(params[:login][:email]))`
			`user.reset_password_token = user.new_random_password(16)`
			`user.reset_password_expires = Time.now.advance(:days => 2)`
			`if user.save`
			`email = Mailer.deliver_password(user)`
			`logger.debug("Sent password reset email to #{user.email}.")`
			`end`
			`end`
			`flash[:notice] = _("If your email address is listed in our system, you will now receive an email with the instructions how to change your password.")`
			`render :action => 'login'`
			`end`

			`# Set a new password with a token from the password reminder email.`
			`# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.`
			`def password`
			`@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])`
			`if (@user.nil? \|\| @user.reset_password_expires < Time.now)`
			`flash[:error] = _("Invalid or expired token, password cannot be changed.")`
			`render :action => 'forgot_password'`
			`end`
			`end`

			`# Sets a new password.`
			`# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.`
			`def new`
			`@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])`
			`if (@user.nil? \|\| @user.reset_password_expires < Time.now)`
			`flash[:error] = _("Invalid or expired token, password cannot be changed.")`
			`redirect_to :action => 'forgot_password'`
			`else`
			`@user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])`
			`if @user.errors.empty?`
			`@user.reset_password_token = nil`
			`@user.reset_password_expires = nil`
			`if @user.save`
			`flash[:notice] = _("New password has been saved, please log in.")`
			`render :action => 'login'`
			`else`
			`@user = User.find(@user.id) # reload to refetch token`
			`flash[:error] = _("When trying to save your new password an error has occured. Please try again.")`
			`render :action => 'password'`
			`end`
			`else`
			`flash[:error] = _("Error: #{@user.errors.on_base}.")`
			`render :action => 'password'`
			`end`
			`end`
			`end`

			`# Invited users.`
			`def invite`
			`@invite = Invite.find_by_token(params[:id])`
			`if (@invite.nil? \|\| @invite.expires_at < Time.now)`
			`flash[:error] = _("Your invitation is invalid or has expired, sorry!")`
			`render :action => 'login'`
			`elsif @invite.group.nil?`
			`flash[:error] = _("The group you are invited to join doesn't exist any more!")`
			`render :action => 'login'`
			`elsif (request.post?)`
			`User.transaction do`
			`@user = User.new(params[:user])`
			`@user.email = @invite.email`
			`@user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])`
			`if (@user.errors.empty? && @user.save)`
			`Membership.new(:user => @user, :group => @invite.group).save!`
			`for setting in User::setting_keys.keys`
			`@user.settings[setting] = (params[:user][:settings] && params[:user][:settings][setting] == '1' ? '1' : nil)`
			`end`
			`@invite.destroy`
			`flash[:notice] = _("Congratulations, your account has been created successfully. You can log in now.")`
			`render(:action => 'login')`
			`end`
			`end`
			`else`
			`@user = User.new(:email => @invite.email)`
			`end`
			`rescue`
			`flash[:error] = _("An error has occured. Please try again.")`
			`end`

			`end`