Initial commit of foodsoft 2

2009-01-06 11:49:19 +01:00 · 2009-01-06 11:49:19 +01:00 · 5b9a7e05df
commit 5b9a7e05df
657 changed files with 70444 additions and 0 deletions
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -0,0 +1,132 @@
+class LoginController < ApplicationController
+  skip_before_filter :authenticate        # no authentication since this is the login page
+  filter_parameter_logging "password"     # do not log "password" parameter
+  
+  verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }
+  
+  # Redirects to the login action.
+  def index
+    render :action => 'login'
+  end
+  
+  # Logout the current user and deletes the session
+  def logout
+    self.return_to = nil 
+    current_user = nil
+    reset_session
+    flash[:notice] = _("Logged out.")
+    render :action => 'login'
+  end
+  
+  # Displays a "denied due to insufficient privileges" message and provides the login form.
+  def denied
+    flash[:error] = _("You are not authorized to do this. Please log in as another user or go back.")
+    render :action => 'login'
+  end
+  
+  # Login to the foodsoft.
+  def login
+    user = User.find_by_nick(params[:login][:user])
+    if user && user.has_password(params[:login][:password])
+      # Set last_login to Now()
+      user.update_attribute(:last_login, Time.now)
+      self.current_user = user
+      if (redirect = return_to) 
+        self.return_to = nil 
+        redirect_to redirect
+      else
+        redirect_to :controller => 'index'
+      end
+    else
+      current_user = nil
+      flash[:error] = _("Sorry, login is not possible.")
+    end
+  end
+  
+  # Display the form to enter an email address requesting a token to set a new password.
+  def forgot_password
+  end
+  
+  # Sends an email to a user with the token that allows setting a new password through action "password".
+  def reset_password
+    if (user = User.find_by_email(params[:login][:email]))
+      user.reset_password_token = user.new_random_password(16)
+      user.reset_password_expires = Time.now.advance(:days => 2)
+      if user.save
+        email = Mailer.deliver_password(user)
+        logger.debug("Sent password reset email to #{user.email}.")
+      end
+    end
+    flash[:notice] = _("If your email address is listed in our system, you will now receive an email with the instructions how to change your password.")
+    render :action => 'login'
+  end
+  
+  # Set a new password with a token from the password reminder email.
+  # Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
+  def password
+    @user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
+    if (@user.nil? || @user.reset_password_expires < Time.now)        
+      flash[:error] = _("Invalid or expired token, password cannot be changed.")
+      render :action => 'forgot_password'
+    end
+  end
+  
+  # Sets a new password.
+  # Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
+  def new
+    @user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
+    if (@user.nil? || @user.reset_password_expires < Time.now)
+      flash[:error] = _("Invalid or expired token, password cannot be changed.")
+      redirect_to :action => 'forgot_password'
+    else      
+      @user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
+      if @user.errors.empty?
+        @user.reset_password_token = nil
+        @user.reset_password_expires = nil
+        if @user.save
+          flash[:notice] = _("New password has been saved, please log in.")
+          render :action => 'login'         
+        else
+          @user = User.find(@user.id)   # reload to refetch token
+          flash[:error] = _("When trying to save your new password an error has occured. Please try again.")
+          render :action => 'password'
+        end
+      else
+        flash[:error] = _("Error: #{@user.errors.on_base}.")
+        render :action => 'password'
+      end
+    end    
+  end
+
+  # Invited users.
+  def invite
+    @invite = Invite.find_by_token(params[:id])
+    if (@invite.nil? || @invite.expires_at < Time.now)
+      flash[:error] = _("Your invitation is invalid or has expired, sorry!")
+      render :action => 'login'
+    elsif @invite.group.nil?
+      flash[:error] = _("The group you are invited to join doesn't exist any more!")
+      render :action => 'login'
+    elsif (request.post?)
+      User.transaction do
+        @user = User.new(params[:user])
+        @user.email = @invite.email
+        @user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
+        if (@user.errors.empty? && @user.save)
+          Membership.new(:user => @user, :group => @invite.group).save!
+          for setting in User::setting_keys.keys
+            @user.settings[setting] = (params[:user][:settings] && params[:user][:settings][setting] == '1' ? '1' : nil)
+          end
+          @invite.destroy
+          flash[:notice] = _("Congratulations, your account has been created successfully. You can log in now.")
+          render(:action => 'login')
+        end
+      end
+    else
+      @user = User.new(:email => @invite.email)
+    end
+  rescue
+    flash[:error] = _("An error has occured. Please try again.")
+  end
+  
+end