Show More
Commit Description:
force log out when password change
Commit Description:
force log out when password change
References:
File last commit:
Show/Diff file:
Action:
app/controllers/users_controller.rb
| 237 lines
| 7.4 KiB
| text/x-ruby
| RubyLexer
|
jittat
|
r158 | require 'net/smtp' | ||
|
jittat
|
r157 | |||
pramook
|
r0 | class UsersController < ApplicationController | ||
|
jittat
|
r13 | |||
Jittat Fakcharoenphol
|
r336 | include MailHelperMethods | ||
| r756 | before_action :check_valid_login, :except => [:new, | |||
|
jittat
|
r189 | :register, | ||
| :confirm, | ||||
| :forget, | ||||
| :retrieve_password] | ||||
|
jittat
|
r13 | |||
| r745 | before_action :verify_online_registration, :only => [:new, | |||
|
jittat
|
r189 | :register, | ||
| :forget, | ||||
| :retrieve_password] | ||||
|
jittat
|
r162 | |||
| r745 | before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable] | |||
| r711 | ||||
|
jittat
|
r162 | #in_place_edit_for :user, :alias_for_editing | ||
| #in_place_edit_for :user, :email_for_editing | ||||
|
jittat
|
r13 | |||
| def index | ||||
|
Jittat Fakcharoenphol
|
r320 | if !GraderConfiguration['system.user_setting_enabled'] | ||
|
jittat
|
r156 | redirect_to :controller => 'main', :action => 'list' | ||
| else | ||||
| @user = User.find(session[:user_id]) | ||||
| end | ||||
|
jittat
|
r13 | end | ||
| r759 | # edit logged in user profile | |||
| def profile | ||||
| if !GraderConfiguration['system.user_setting_enabled'] | ||||
| redirect_to :controller => 'main', :action => 'list' | ||||
| else | ||||
| @user = current_user; | ||||
| end | ||||
| end | ||||
|
jittat
|
r13 | def chg_passwd | ||
| user = User.find(session[:user_id]) | ||||
| r759 | user.password = params[:password] | |||
| user.password_confirmation = params[:password_confirmation] | ||||
|
jittat
|
r13 | if user.save | ||
| flash[:notice] = 'password changed' | ||||
| else | ||||
| flash[:notice] = 'Error: password changing failed' | ||||
| end | ||||
| r759 | redirect_to :action => 'profile' | |||
|
jittat
|
r13 | end | ||
paphonb
|
r805 | def chg_default_language | ||
| user = User.find(session[:user_id]) | ||||
| user.default_language = params[:default_language] | ||||
| if user.save | ||||
| flash[:notice] = 'default language changed' | ||||
| else | ||||
| flash[:notice] = 'Error: default language changing failed' | ||||
| end | ||||
| redirect_to :action => 'profile' | ||||
| end | ||||
|
jittat
|
r157 | def new | ||
| @user = User.new | ||||
| render :action => 'new', :layout => 'empty' | ||||
| end | ||||
| def register | ||||
|
jittat
|
r162 | if(params[:cancel]) | ||
| redirect_to :controller => 'main', :action => 'login' | ||||
| return | ||||
| end | ||||
| r637 | @user = User.new(user_params) | |||
|
jittat
|
r157 | @user.password_confirmation = @user.password = User.random_password | ||
| @user.activated = false | ||||
| if (@user.valid?) and (@user.save) | ||||
|
jittat
|
r158 | if send_confirmation_email(@user) | ||
| render :action => 'new_splash', :layout => 'empty' | ||||
| else | ||||
|
Jittat Fakcharoenphol
|
r320 | @admin_email = GraderConfiguration['system.admin_email'] | ||
|
jittat
|
r158 | render :action => 'email_error', :layout => 'empty' | ||
| end | ||||
|
jittat
|
r157 | else | ||
| r347 | @user.errors.add(:base,"Email cannot be blank") if @user.email=='' | |||
|
jittat
|
r157 | render :action => 'new', :layout => 'empty' | ||
| end | ||||
| end | ||||
|
jittat
|
r158 | def confirm | ||
| login = params[:login] | ||||
| key = params[:activation] | ||||
|
jittat
|
r160 | @user = User.find_by_login(login) | ||
| if (@user) and (@user.verify_activation_key(key)) | ||||
| if @user.valid? # check uniquenss of email | ||||
| @user.activated = true | ||||
| @user.save | ||||
|
jittat
|
r158 | @result = :successful | ||
| else | ||||
| @result = :email_used | ||||
| end | ||||
| else | ||||
| @result = :failed | ||||
| end | ||||
| render :action => 'confirm', :layout => 'empty' | ||||
| end | ||||
|
jittat
|
r189 | def forget | ||
| render :action => 'forget', :layout => 'empty' | ||||
| end | ||||
| def retrieve_password | ||||
| email = params[:email] | ||||
| user = User.find_by_email(email) | ||||
| if user | ||||
| last_updated_time = user.updated_at || user.created_at || (Time.now.gmtime - 1.hour) | ||||
| if last_updated_time > Time.now.gmtime - 5.minutes | ||||
| flash[:notice] = 'The account has recently created or new password has recently been requested. Please wait for 5 minutes' | ||||
| else | ||||
| user.password = user.password_confirmation = User.random_password | ||||
|
jittat
|
r191 | user.save | ||
|
jittat
|
r189 | send_new_password_email(user) | ||
| flash[:notice] = 'New password has been mailed to you.' | ||||
| end | ||||
| else | ||||
| flash[:notice] = I18n.t 'registration.password_retrieval.no_email' | ||||
| end | ||||
| redirect_to :action => 'forget' | ||||
| end | ||||
| r606 | def stat | |||
| r431 | @user = User.find(params[:id]) | |||
| r664 | @submission = Submission.joins(:problem).where(user_id: params[:id]) | |||
| @submission = @submission.where('problems.available = true') unless current_user.admin? | ||||
| r458 | ||||
| range = 120 | ||||
| @histogram = { data: Array.new(range,0), summary: {} } | ||||
| @summary = {count: 0, solve: 0, attempt: 0} | ||||
| problem = Hash.new(0) | ||||
| @submission.find_each do |sub| | ||||
| #histogram | ||||
| d = (DateTime.now.in_time_zone - sub.submitted_at) / 24 / 60 / 60 | ||||
| @histogram[:data][d.to_i] += 1 if d < range | ||||
| @summary[:count] += 1 | ||||
| r462 | next unless sub.problem | |||
| r531 | problem[sub.problem] = [problem[sub.problem], ( (sub.try(:points) || 0) >= sub.problem.full_score) ? 1 : 0].max | |||
| r458 | end | |||
| @histogram[:summary][:max] = [@histogram[:data].max,1].max | ||||
| @summary[:attempt] = problem.count | ||||
| problem.each_value { |v| @summary[:solve] += 1 if v == 1 } | ||||
| r431 | end | |||
| r562 | def toggle_activate | |||
| @user = User.find(params[:id]) | ||||
| @user.update_attributes( activated: !@user.activated? ) | ||||
| respond_to do |format| | ||||
| format.js { render partial: 'toggle_button', | ||||
| locals: {button_id: "#toggle_activate_user_#{@user.id}",button_on: @user.activated? } } | ||||
| end | ||||
| end | ||||
| def toggle_enable | ||||
| @user = User.find(params[:id]) | ||||
| @user.update_attributes( enabled: !@user.enabled? ) | ||||
| respond_to do |format| | ||||
| format.js { render partial: 'toggle_button', | ||||
| locals: {button_id: "#toggle_enable_user_#{@user.id}",button_on: @user.enabled? } } | ||||
| end | ||||
| end | ||||
|
jittat
|
r157 | protected | ||
|
jittat
|
r162 | def verify_online_registration | ||
|
Jittat Fakcharoenphol
|
r320 | if !GraderConfiguration['system.online_registration'] | ||
|
jittat
|
r162 | redirect_to :controller => 'main', :action => 'login' | ||
| end | ||||
| end | ||||
|
jittat
|
r157 | def send_confirmation_email(user) | ||
|
Jittat Fakcharoenphol
|
r320 | contest_name = GraderConfiguration['contest.name'] | ||
|
jittat
|
r158 | activation_url = url_for(:action => 'confirm', | ||
| :login => user.login, | ||||
| :activation => user.activation_key) | ||||
| home_url = url_for(:controller => 'main', :action => 'index') | ||||
|
Jittat Fakcharoenphol
|
r331 | mail_subject = "[#{contest_name}] Confirmation" | ||
| mail_body = t('registration.email_body', { | ||||
| :full_name => user.full_name, | ||||
| :contest_name => contest_name, | ||||
| :login => user.login, | ||||
| :password => user.password, | ||||
| :activation_url => activation_url, | ||||
| r348 | :admin_email => GraderConfiguration['system.admin_email'] | |||
|
Jittat Fakcharoenphol
|
r331 | }) | ||
|
jittat
|
r158 | |||
|
Jittat Fakcharoenphol
|
r331 | logger.info mail_body | ||
|
jittat
|
r158 | |||
|
Jittat Fakcharoenphol
|
r336 | send_mail(user.email, mail_subject, mail_body) | ||
|
jittat
|
r157 | end | ||
|
jittat
|
r189 | def send_new_password_email(user) | ||
|
Jittat Fakcharoenphol
|
r320 | contest_name = GraderConfiguration['contest.name'] | ||
|
Jittat Fakcharoenphol
|
r331 | mail_subject = "[#{contest_name}] Password recovery" | ||
| mail_body = t('registration.password_retrieval.email_body', { | ||||
| :full_name => user.full_name, | ||||
| :contest_name => contest_name, | ||||
| :login => user.login, | ||||
| :password => user.password, | ||||
| r348 | :admin_email => GraderConfiguration['system.admin_email'] | |||
|
Jittat Fakcharoenphol
|
r331 | }) | ||
|
jittat
|
r189 | |||
|
Jittat Fakcharoenphol
|
r331 | logger.info mail_body | ||
|
Jittat Fakcharoenphol
|
r336 | send_mail(user.email, mail_subject, mail_body) | ||
|
jittat
|
r189 | end | ||
| r431 | ||||
| # allow viewing of regular user profile only when options allow so | ||||
| # only admins can view admins profile | ||||
| def profile_authorization | ||||
| #if view admins' profile, allow only admin | ||||
| return false unless(params[:id]) | ||||
| user = User.find(params[:id]) | ||||
| return false unless user | ||||
| return admin_authorization if user.admin? | ||||
| return true if GraderConfiguration["right.user_view_submission"] | ||||
| #finally, we allow only admin | ||||
| admin_authorization | ||||
| end | ||||
| r637 | ||||
| private | ||||
| def user_params | ||||
| params.require(:user).permit(:login, :full_name, :email) | ||||
| end | ||||
|
pramook
|
r0 | end | ||