Description:
MERGED bug fix on user password recovery from ytopc branch (change set 402:403)
git-svn-id: http://theory.cpe.ku.ac.th/grader/web/trunk@404 6386c4cd-e34a-4fa8-8920-d93eb39b512e
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
jittat
-
r191:976e2beba418 - - 1 file changed: 2 inserted, 1 deleted
| @@ -1,184 +1,185 | |||
|
|
1 | 1 | require 'tmail' |
|
|
2 | 2 | require 'net/smtp' |
|
|
3 | 3 | |
|
|
4 | 4 | class UsersController < ApplicationController |
|
|
5 | 5 | |
|
|
6 | 6 | before_filter :authenticate, :except => [:new, |
|
|
7 | 7 | :register, |
|
|
8 | 8 | :confirm, |
|
|
9 | 9 | :forget, |
|
|
10 | 10 | :retrieve_password] |
|
|
11 | 11 | |
|
|
12 | 12 | before_filter :verify_online_registration, :only => [:new, |
|
|
13 | 13 | :register, |
|
|
14 | 14 | :forget, |
|
|
15 | 15 | :retrieve_password] |
|
|
16 | 16 | |
|
|
17 | 17 | verify :method => :post, :only => [:chg_passwd], |
|
|
18 | 18 | :redirect_to => { :action => :index } |
|
|
19 | 19 | |
|
|
20 | 20 | #in_place_edit_for :user, :alias_for_editing |
|
|
21 | 21 | #in_place_edit_for :user, :email_for_editing |
|
|
22 | 22 | |
|
|
23 | 23 | def index |
|
|
24 | 24 | if !Configuration['system.user_setting_enabled'] |
|
|
25 | 25 | redirect_to :controller => 'main', :action => 'list' |
|
|
26 | 26 | else |
|
|
27 | 27 | @user = User.find(session[:user_id]) |
|
|
28 | 28 | end |
|
|
29 | 29 | end |
|
|
30 | 30 | |
|
|
31 | 31 | def chg_passwd |
|
|
32 | 32 | user = User.find(session[:user_id]) |
|
|
33 | 33 | user.password = params[:passwd] |
|
|
34 | 34 | user.password_confirmation = params[:passwd_verify] |
|
|
35 | 35 | if user.save |
|
|
36 | 36 | flash[:notice] = 'password changed' |
|
|
37 | 37 | else |
|
|
38 | 38 | flash[:notice] = 'Error: password changing failed' |
|
|
39 | 39 | end |
|
|
40 | 40 | redirect_to :action => 'index' |
|
|
41 | 41 | end |
|
|
42 | 42 | |
|
|
43 | 43 | def new |
|
|
44 | 44 | @user = User.new |
|
|
45 | 45 | render :action => 'new', :layout => 'empty' |
|
|
46 | 46 | end |
|
|
47 | 47 | |
|
|
48 | 48 | def register |
|
|
49 | 49 | if(params[:cancel]) |
|
|
50 | 50 | redirect_to :controller => 'main', :action => 'login' |
|
|
51 | 51 | return |
|
|
52 | 52 | end |
|
|
53 | 53 | @user = User.new(params[:user]) |
|
|
54 | 54 | @user.password_confirmation = @user.password = User.random_password |
|
|
55 | 55 | @user.activated = false |
|
|
56 | 56 | if (@user.valid?) and (@user.save) |
|
|
57 | 57 | if send_confirmation_email(@user) |
|
|
58 | 58 | render :action => 'new_splash', :layout => 'empty' |
|
|
59 | 59 | else |
|
|
60 | 60 | @admin_email = Configuration['system.admin_email'] |
|
|
61 | 61 | render :action => 'email_error', :layout => 'empty' |
|
|
62 | 62 | end |
|
|
63 | 63 | else |
|
|
64 | 64 | @user.errors.add_to_base("Email cannot be blank") if @user.email=='' |
|
|
65 | 65 | render :action => 'new', :layout => 'empty' |
|
|
66 | 66 | end |
|
|
67 | 67 | end |
|
|
68 | 68 | |
|
|
69 | 69 | def confirm |
|
|
70 | 70 | login = params[:login] |
|
|
71 | 71 | key = params[:activation] |
|
|
72 | 72 | @user = User.find_by_login(login) |
|
|
73 | 73 | if (@user) and (@user.verify_activation_key(key)) |
|
|
74 | 74 | if @user.valid? # check uniquenss of email |
|
|
75 | 75 | @user.activated = true |
|
|
76 | 76 | @user.save |
|
|
77 | 77 | @result = :successful |
|
|
78 | 78 | else |
|
|
79 | 79 | @result = :email_used |
|
|
80 | 80 | end |
|
|
81 | 81 | else |
|
|
82 | 82 | @result = :failed |
|
|
83 | 83 | end |
|
|
84 | 84 | render :action => 'confirm', :layout => 'empty' |
|
|
85 | 85 | end |
|
|
86 | 86 | |
|
|
87 | 87 | def forget |
|
|
88 | 88 | render :action => 'forget', :layout => 'empty' |
|
|
89 | 89 | end |
|
|
90 | 90 | |
|
|
91 | 91 | def retrieve_password |
|
|
92 | 92 | email = params[:email] |
|
|
93 | 93 | user = User.find_by_email(email) |
|
|
94 | 94 | if user |
|
|
95 | 95 | last_updated_time = user.updated_at || user.created_at || (Time.now.gmtime - 1.hour) |
|
|
96 | 96 | if last_updated_time > Time.now.gmtime - 5.minutes |
|
|
97 | 97 | flash[:notice] = 'The account has recently created or new password has recently been requested. Please wait for 5 minutes' |
|
|
98 | 98 | else |
|
|
99 | 99 | user.password = user.password_confirmation = User.random_password |
|
|
100 | + user.save | |
|
|
100 | 101 | send_new_password_email(user) |
|
|
101 | 102 | flash[:notice] = 'New password has been mailed to you.' |
|
|
102 | 103 | end |
|
|
103 | 104 | else |
|
|
104 | 105 | flash[:notice] = I18n.t 'registration.password_retrieval.no_email' |
|
|
105 | 106 | end |
|
|
106 | 107 | redirect_to :action => 'forget' |
|
|
107 | 108 | end |
|
|
108 | 109 | |
|
|
109 | 110 | protected |
|
|
110 | 111 | |
|
|
111 | 112 | def verify_online_registration |
|
|
112 | 113 | if !Configuration['system.online_registration'] |
|
|
113 | 114 | redirect_to :controller => 'main', :action => 'login' |
|
|
114 | 115 | end |
|
|
115 | 116 | end |
|
|
116 | 117 | |
|
|
117 | 118 | def send_confirmation_email(user) |
|
|
118 | 119 | contest_name = Configuration['contest.name'] |
|
|
119 | 120 | admin_email = Configuration['system.admin_email'] |
|
|
120 | 121 | activation_url = url_for(:action => 'confirm', |
|
|
121 | 122 | :login => user.login, |
|
|
122 | 123 | :activation => user.activation_key) |
|
|
123 | 124 | home_url = url_for(:controller => 'main', :action => 'index') |
|
|
124 | 125 | mail = TMail::Mail.new |
|
|
125 | 126 | mail.to = user.email |
|
|
126 | 127 | mail.from = Configuration['system.online_registration.from'] |
|
|
127 | 128 | mail.subject = "[#{contest_name}] Confirmation" |
|
|
128 | 129 | mail.body = t('registration.email_body', { |
|
|
129 | 130 | :full_name => user.full_name, |
|
|
130 | 131 | :contest_name => contest_name, |
|
|
131 | 132 | :login => user.login, |
|
|
132 | 133 | :password => user.password, |
|
|
133 | 134 | :activation_url => activation_url, |
|
|
134 | 135 | :admin_email => admin_email |
|
|
135 | 136 | }) |
|
|
136 | 137 | |
|
|
137 | 138 | logger.info mail.body |
|
|
138 | 139 | |
|
|
139 | 140 | smtp_server = Configuration['system.online_registration.smtp'] |
|
|
140 | 141 | |
|
|
141 | 142 | begin |
|
|
142 | 143 | Net::SMTP.start(smtp_server) do |smtp| |
|
|
143 | 144 | smtp.send_message(mail.to_s, mail.from, mail.to) |
|
|
144 | 145 | end |
|
|
145 | 146 | result = true |
|
|
146 | 147 | rescue |
|
|
147 | 148 | result = false |
|
|
148 | 149 | end |
|
|
149 | 150 | |
|
|
150 | 151 | return result |
|
|
151 | 152 | end |
|
|
152 | 153 | |
|
|
153 | 154 | def send_new_password_email(user) |
|
|
154 | 155 | contest_name = Configuration['contest.name'] |
|
|
155 | 156 | admin_email = Configuration['system.admin_email'] |
|
|
156 | 157 | mail = TMail::Mail.new |
|
|
157 | 158 | mail.to = user.email |
|
|
158 | 159 | mail.from = Configuration['system.online_registration.from'] |
|
|
159 |
- mail.subject = "[#{contest_name}] |
|
|
|
160 | + mail.subject = "[#{contest_name}] Password recovery" | |
|
|
160 | 161 | mail.body = t('registration.password_retrieval.email_body', { |
|
|
161 | 162 | :full_name => user.full_name, |
|
|
162 | 163 | :contest_name => contest_name, |
|
|
163 | 164 | :login => user.login, |
|
|
164 | 165 | :password => user.password, |
|
|
165 | 166 | :admin_email => admin_email |
|
|
166 | 167 | }) |
|
|
167 | 168 | |
|
|
168 | 169 | logger.info mail.body |
|
|
169 | 170 | |
|
|
170 | 171 | smtp_server = Configuration['system.online_registration.smtp'] |
|
|
171 | 172 | |
|
|
172 | 173 | begin |
|
|
173 | 174 | Net::SMTP.start(smtp_server) do |smtp| |
|
|
174 | 175 | smtp.send_message(mail.to_s, mail.from, mail.to) |
|
|
175 | 176 | end |
|
|
176 | 177 | result = true |
|
|
177 | 178 | rescue |
|
|
178 | 179 | result = false |
|
|
179 | 180 | end |
|
|
180 | 181 | |
|
|
181 | 182 | return result |
|
|
182 | 183 | end |
|
|
183 | 184 | |
|
|
184 | 185 | end |
You need to be logged in to leave comments.
Login now