journalduhacker/app/controllers/login_controller.rb

class LoginController < ApplicationController
  before_filter :authenticate_user

  def logout
    if @user
      reset_session
    end

    redirect_to "/"
  end

  def index
    @title = "Login"
    @referer ||= request.referer
    render :action => "index"
  end

  def login
    if params[:email].to_s.match(/@/)
      user = User.where(:email => params[:email]).first
    else
      user = User.where(:username => params[:email]).first
    end

    if user && user.is_active? &&
    user.try(:authenticate, params[:password].to_s)
      session[:u] = user.session_token

      if (rd = session[:redirect_to]).present?
        session.delete(:redirect_to)
        return redirect_to rd
      elsif params[:referer].present?
        begin
          ru = URI.parse(params[:referer])
          if ru.host == Rails.application.domain
            return redirect_to ru.to_s
          end
        rescue => e
          Rails.logger.error "error parsing referer: #{e}"
        end
      end

      return redirect_to "/"
    end

    flash.now[:error] = "Invalid e-mail address and/or password."
    @referer = params[:referer]
    index
  end

  def forgot_password
    @title = "Reset Password"
    render :action => "forgot_password"
  end

  def reset_password
    @found_user = User.where("email = ? OR username = ?", params[:email].to_s,
      params[:email].to_s).first

    if !@found_user
      flash.now[:error] = "Invalid e-mail address or username."
      return forgot_password
    end

    @found_user.initiate_password_reset_for_ip(request.remote_ip)

    flash.now[:success] = "Password reset instructions have been e-mailed " <<
      "to you."
    return index
  end

  def set_new_password
    @title = "Reset Password"

    if (m = params[:token].to_s.match(/^(\d+)-/)) &&
    (Time.now - Time.at(m[1].to_i)) < 24.hours
      @reset_user = User.where(:password_reset_token => params[:token].to_s).first
    end

    if @reset_user && !@reset_user.is_banned?
      if params[:password].present?
        @reset_user.password = params[:password]
        @reset_user.password_confirmation = params[:password_confirmation]
        @reset_user.password_reset_token = nil

        # this will get reset upon save
        @reset_user.session_token = nil

        if !@reset_user.is_active? && !@reset_user.is_banned?
          @reset_user.deleted_at = nil
        end

        if @reset_user.save && @reset_user.is_active?
          session[:u] = @reset_user.session_token
          return redirect_to "/"
        else
          flash[:error] = "Could not reset password."
        end
      end
    else
      flash[:error] = "Invalid reset token.  It may have already been " <<
        "used or you may have copied it incorrectly."
      return redirect_to forgot_password_path
    end
  end
end
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`class LoginController < ApplicationController`
how did all of these tabs get here 2012-07-01 00:43:45 +02:00			`before_filter :authenticate_user`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00
how did all of these tabs get here 2012-07-01 00:43:45 +02:00			`def logout`
			`if @user`
			`reset_session`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`end`

how did all of these tabs get here 2012-07-01 00:43:45 +02:00			`redirect_to "/"`
			`end`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00
how did all of these tabs get here 2012-07-01 00:43:45 +02:00			`def index`
properly set @title/@heading everywhere 2012-09-07 16:18:15 +02:00			`@title = "Login"`
for normal requests to /login, save the referrer and redir back there properly closes #164 2014-08-08 17:31:06 +02:00			`@referer \|\|= request.referer`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`render :action => "index"`
			`end`

			`def login`
add stuff to deal with banning users 2014-01-12 22:09:32 +01:00			`if params[:email].to_s.match(/@/)`
			`user = User.where(:email => params[:email]).first`
			`else`
			`user = User.where(:username => params[:email]).first`
			`end`

allow users to delete their own accounts not much can actually be deleted, but it can be put into a deleted state 2014-01-13 17:12:17 +01:00			`if user && user.is_active? &&`
sprinkle some to_s paranoia on params where it matters 2013-02-08 17:39:51 +01:00			`user.try(:authenticate, params[:password].to_s)`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`session[:u] = user.session_token`
when redirecting to /login, save the url and params to redirect back to closes #164 2014-08-08 17:16:06 +02:00
			`if (rd = session[:redirect_to]).present?`
			`session.delete(:redirect_to)`
			`return redirect_to rd`
for normal requests to /login, save the referrer and redir back there properly closes #164 2014-08-08 17:31:06 +02:00			`elsif params[:referer].present?`
			`begin`
			`ru = URI.parse(params[:referer])`
			`if ru.host == Rails.application.domain`
			`return redirect_to ru.to_s`
			`end`
			`rescue => e`
			`Rails.logger.error "error parsing referer: #{e}"`
			`end`
when redirecting to /login, save the url and params to redirect back to closes #164 2014-08-08 17:16:06 +02:00			`end`
for normal requests to /login, save the referrer and redir back there properly closes #164 2014-08-08 17:31:06 +02:00
			`return redirect_to "/"`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`end`

invitation system, user settings 2012-07-01 20:31:31 +02:00			`flash.now[:error] = "Invalid e-mail address and/or password."`
for normal requests to /login, save the referrer and redir back there properly closes #164 2014-08-08 17:31:06 +02:00			`@referer = params[:referer]`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`index`
			`end`

			`def forgot_password`
properly set @title/@heading everywhere 2012-09-07 16:18:15 +02:00			`@title = "Reset Password"`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`render :action => "forgot_password"`
			`end`

			`def reset_password`
sprinkle some to_s paranoia on params where it matters 2013-02-08 17:39:51 +01:00			`@found_user = User.where("email = ? OR username = ?", params[:email].to_s,`
			`params[:email].to_s).first`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00
			`if !@found_user`
invitation system, user settings 2012-07-01 20:31:31 +02:00			`flash.now[:error] = "Invalid e-mail address or username."`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`return forgot_password`
			`end`

email and pushover reply notifications 2012-07-03 18:59:50 +02:00			`@found_user.initiate_password_reset_for_ip(request.remote_ip)`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00
invitation system, user settings 2012-07-01 20:31:31 +02:00			`flash.now[:success] = "Password reset instructions have been e-mailed " <<`
			`"to you."`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`return index`
			`end`

			`def set_new_password`
properly set @title/@heading everywhere 2012-09-07 16:18:15 +02:00			`@title = "Reset Password"`

embed timestamp in password reset token, only work for 24 hours 2014-04-15 07:46:14 +02:00			`if (m = params[:token].to_s.match(/^(\d+)-/)) &&`
			`(Time.now - Time.at(m[1].to_i)) < 24.hours`
			`@reset_user = User.where(:password_reset_token => params[:token].to_s).first`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`end`

when resetting a password, if user is deleted but not banned, undelete Also mention on the login screen that a deleted account can be recovered this way. Closes #221 2015-09-06 21:51:16 +02:00			`if @reset_user && !@reset_user.is_banned?`
embed timestamp in password reset token, only work for 24 hours 2014-04-15 07:46:14 +02:00			`if params[:password].present?`
			`@reset_user.password = params[:password]`
			`@reset_user.password_confirmation = params[:password_confirmation]`
			`@reset_user.password_reset_token = nil`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00
embed timestamp in password reset token, only work for 24 hours 2014-04-15 07:46:14 +02:00			`# this will get reset upon save`
			`@reset_user.session_token = nil`
invitation system, user settings 2012-07-01 20:31:31 +02:00
when resetting a password, if user is deleted but not banned, undelete Also mention on the login screen that a deleted account can be recovered this way. Closes #221 2015-09-06 21:51:16 +02:00			`if !@reset_user.is_active? && !@reset_user.is_banned?`
			`@reset_user.deleted_at = nil`
			`end`

embed timestamp in password reset token, only work for 24 hours 2014-04-15 07:46:14 +02:00			`if @reset_user.save && @reset_user.is_active?`
			`session[:u] = @reset_user.session_token`
			`return redirect_to "/"`
when resetting a password, if user is deleted but not banned, undelete Also mention on the login screen that a deleted account can be recovered this way. Closes #221 2015-09-06 21:51:16 +02:00			`else`
			`flash[:error] = "Could not reset password."`
embed timestamp in password reset token, only work for 24 hours 2014-04-15 07:46:14 +02:00			`end`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`end`
embed timestamp in password reset token, only work for 24 hours 2014-04-15 07:46:14 +02:00			`else`
			`flash[:error] = "Invalid reset token. It may have already been " <<`
			`"used or you may have copied it incorrectly."`
use _path instead of _url in a few redirect_to's 2015-01-03 01:33:13 +01:00			`return redirect_to forgot_password_path`
initial work on conversion from php tree 2012-06-17 03:15:46 +02:00			`end`
			`end`
			`end`