2009-01-06 11:49:19 +01:00
|
|
|
class LoginController < ApplicationController
|
|
|
|
skip_before_filter :authenticate # no authentication since this is the login page
|
|
|
|
filter_parameter_logging "password" # do not log "password" parameter
|
|
|
|
|
|
|
|
verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }
|
|
|
|
|
|
|
|
# Redirects to the login action.
|
|
|
|
def index
|
|
|
|
render :action => 'login'
|
|
|
|
end
|
|
|
|
|
|
|
|
# Logout the current user and deletes the session
|
|
|
|
def logout
|
|
|
|
self.return_to = nil
|
|
|
|
current_user = nil
|
|
|
|
reset_session
|
2009-02-06 21:18:20 +01:00
|
|
|
flash[:notice] = "Abgemeldet"
|
2009-01-06 11:49:19 +01:00
|
|
|
render :action => 'login'
|
|
|
|
end
|
|
|
|
|
|
|
|
# Displays a "denied due to insufficient privileges" message and provides the login form.
|
|
|
|
def denied
|
2009-02-06 21:18:20 +01:00
|
|
|
flash[:error] = "Du bist nicht berechtigt diese Seite zu besuchen. Bitte als berechtige Benutzerin anmelden oder zurück gehen."
|
2009-01-06 11:49:19 +01:00
|
|
|
render :action => 'login'
|
|
|
|
end
|
|
|
|
|
|
|
|
# Login to the foodsoft.
|
|
|
|
def login
|
|
|
|
user = User.find_by_nick(params[:login][:user])
|
|
|
|
if user && user.has_password(params[:login][:password])
|
|
|
|
# Set last_login to Now()
|
|
|
|
user.update_attribute(:last_login, Time.now)
|
|
|
|
self.current_user = user
|
|
|
|
if (redirect = return_to)
|
|
|
|
self.return_to = nil
|
|
|
|
redirect_to redirect
|
|
|
|
else
|
2009-02-01 23:09:03 +01:00
|
|
|
redirect_to root_path
|
2009-01-06 11:49:19 +01:00
|
|
|
end
|
|
|
|
else
|
|
|
|
current_user = nil
|
2009-02-06 21:18:20 +01:00
|
|
|
flash[:error] = "Tschuldige, die Anmeldung war nicht erfolgreich. Bitte erneut versuchen."
|
2009-01-06 11:49:19 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# Display the form to enter an email address requesting a token to set a new password.
|
|
|
|
def forgot_password
|
|
|
|
end
|
|
|
|
|
|
|
|
# Sends an email to a user with the token that allows setting a new password through action "password".
|
|
|
|
def reset_password
|
|
|
|
if (user = User.find_by_email(params[:login][:email]))
|
|
|
|
user.reset_password_token = user.new_random_password(16)
|
|
|
|
user.reset_password_expires = Time.now.advance(:days => 2)
|
|
|
|
if user.save
|
2009-02-18 01:06:35 +01:00
|
|
|
email = Mailer.deliver_reset_password(user)
|
2009-01-06 11:49:19 +01:00
|
|
|
logger.debug("Sent password reset email to #{user.email}.")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
flash[:notice] = _("If your email address is listed in our system, you will now receive an email with the instructions how to change your password.")
|
|
|
|
render :action => 'login'
|
|
|
|
end
|
|
|
|
|
|
|
|
# Set a new password with a token from the password reminder email.
|
|
|
|
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
|
|
|
|
def password
|
|
|
|
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
|
|
|
|
if (@user.nil? || @user.reset_password_expires < Time.now)
|
|
|
|
flash[:error] = _("Invalid or expired token, password cannot be changed.")
|
|
|
|
render :action => 'forgot_password'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# Sets a new password.
|
|
|
|
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
|
|
|
|
def new
|
|
|
|
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
|
|
|
|
if (@user.nil? || @user.reset_password_expires < Time.now)
|
|
|
|
flash[:error] = _("Invalid or expired token, password cannot be changed.")
|
|
|
|
redirect_to :action => 'forgot_password'
|
|
|
|
else
|
|
|
|
@user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
|
|
|
|
if @user.errors.empty?
|
|
|
|
@user.reset_password_token = nil
|
|
|
|
@user.reset_password_expires = nil
|
|
|
|
if @user.save
|
|
|
|
flash[:notice] = _("New password has been saved, please log in.")
|
|
|
|
render :action => 'login'
|
|
|
|
else
|
|
|
|
@user = User.find(@user.id) # reload to refetch token
|
|
|
|
flash[:error] = _("When trying to save your new password an error has occured. Please try again.")
|
|
|
|
render :action => 'password'
|
|
|
|
end
|
|
|
|
else
|
|
|
|
flash[:error] = _("Error: #{@user.errors.on_base}.")
|
|
|
|
render :action => 'password'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# Invited users.
|
|
|
|
def invite
|
|
|
|
@invite = Invite.find_by_token(params[:id])
|
|
|
|
if (@invite.nil? || @invite.expires_at < Time.now)
|
2009-02-02 00:09:50 +01:00
|
|
|
flash[:error] = "Deine Einladung ist nicht (mehr) gültig."
|
2009-01-06 11:49:19 +01:00
|
|
|
render :action => 'login'
|
|
|
|
elsif @invite.group.nil?
|
2009-02-02 00:09:50 +01:00
|
|
|
flash[:error] = "Die Gruppe, in die Du eingeladen wurdest, existiert leider nicht mehr."
|
2009-01-06 11:49:19 +01:00
|
|
|
render :action => 'login'
|
|
|
|
elsif (request.post?)
|
|
|
|
User.transaction do
|
|
|
|
@user = User.new(params[:user])
|
|
|
|
@user.email = @invite.email
|
2009-02-02 00:09:50 +01:00
|
|
|
if @user.save
|
2009-01-06 11:49:19 +01:00
|
|
|
Membership.new(:user => @user, :group => @invite.group).save!
|
|
|
|
@invite.destroy
|
2009-02-02 00:09:50 +01:00
|
|
|
flash[:notice] = "Herzlichen Glückwunsch, Dein Account wurde erstellt. Du kannst Dich nun einloggen."
|
|
|
|
render :action => 'login'
|
2009-01-06 11:49:19 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
else
|
|
|
|
@user = User.new(:email => @invite.email)
|
|
|
|
end
|
|
|
|
rescue
|
2009-02-02 00:09:50 +01:00
|
|
|
flash[:error] = "Ein Fehler ist aufgetreten. Bitte erneut versuchen."
|
2009-01-06 11:49:19 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|