Changesets can be listed by changeset number.
The Git repository is here.
Changeset 260
Make e-mail address comparison case-insensitive everywhere - see e.g.
Ticket #165. Run *all* flash updates through hubssolib_set_flash as
this seems to guarantee correct persistence, fixing things like the bug
reported in Ticket #199. Note that this may worsen problems with flash
persistence in the cache (see e.g. Ticket #159). I can't really test
for it except by running it on the live system with all caches flushed,
due to limitations with the way the development web server runs in
relation to database access and redirections from strange port numbers.
Unrelated fix - the check for zero users when signing up the very first
Hub user was terrible (find all users, count the array size - rather
than doing User.count.zero?). Fixed.
- Comitted by: rool
- Date: Wednesday February 25 19:21:38 2009 (over 15 years ago)
Affected files:
- rool/rails/hub/trunk/app/controllers/account_controller.rb (diff)
- rool/rails/hub/trunk/app/models/user.rb (diff)
rool/rails/hub/trunk/app/controllers/account_controller.rb:
prev. | current | |
hubssolib_set_last_used(Time.now.utc) | ||
privileges = hubssolib_get_user_roles.to_human_s.downcase | ||
55 | | |
55 | hubssolib_set_flash( | |
56 | :notice, | |
57 | "Logged in successfully. Welcome, #{hubssolib_get_user_name}. " << | |
58 | "You have #{privileges} privileges." | |
59 | ) | |
60 | ||
hubssolib_redirect_back_or_default(:controller => 'tasks', :action => nil) | ||
else | ||
58 | | |
63 | hubssolib_set_flash(:alert, 'Incorrect e-mail address or password.') | |
end | ||
end | ||
... | ... | |
def logout | ||
@title = 'Log out' | ||
hubssolib_log_out() | ||
67 | | |
72 | hubssolib_set_flash(:attention, 'You are now logged out.') | |
redirect_to :controller => 'tasks', :action => nil | ||
end | ||
... | ... | |
# privileges affect other applications depends on the level of external | ||
# SSO integration. | ||
86 | | |
91 | if (User.count.zero?) | |
88 | | |
@user.roles = HubSsoLib::Roles.new(true).to_s | ||
@user.save! | ||
@user.activate | ||
self.hubssolib_current_user = from_real_user(@user) | ||
94 | | |
95 | | |
98 | hubssolib_set_flash( | |
99 | :notice, | |
100 | 'Thanks for signing up. You are now the system administrator ' << | |
101 | 'and your account has been automatically activated.' | |
102 | ) | |
103 | ||
else | ||
@user.roles = HubSsoLib::Roles.new(false).to_s | ||
@user.save! | ||
101 | | |
102 | | |
103 | | |
109 | hubssolib_set_flash( | |
110 | :notice, | |
111 | 'Thanks for signing up. Your site account must be activated ' << | |
112 | 'before you can use it - please check your e-mail account ' << | |
113 | 'for a message which tells you what you should do next.' | |
114 | ) | |
115 | ||
end | ||
redirect_to :controller => 'tasks', :action => nil | ||
... | ... | |
if @user and @user.activate | ||
self.hubssolib_current_user = from_real_user(@user) | ||
121 | | |
133 | hubssolib_set_flash( | |
134 | :notice, | |
135 | 'Your RISC OS Open web site account is now active.' | |
136 | ) | |
137 | ||
hubssolib_redirect_back_or_default(:controller => 'tasks', :action => nil) | ||
else | ||
124 | | |
125 | | |
126 | | |
127 | | |
140 | hubssolib_set_flash( | |
141 | :alert, | |
142 | 'Unable to activate your RISC OS Open web site account. ' << | |
143 | 'Is the activation code correct, or has it already been used? ' << | |
144 | 'If in doubt please try to sign up again. Contact ROOL if you ' << | |
145 | 'keep having trouble.' | |
146 | ) | |
redirect_to :controller => 'account', :action => 'signup' | ||
end | ||
... | ... | |
@old_password = params[:old_password] | ||
end | ||
else | ||
155 | | |
174 | hubssolib_set_flash(:alert, 'Incorrect current password.') | |
end | ||
end | ||
... | ... | |
@user.save! | ||
self.hubssolib_current_user = from_real_user(@user) | ||
171 | | |
190 | hubssolib_set_flash(:notice, 'Account details updated successfully.') | |
redirect_to :controller => 'tasks', :action => nil | ||
end | ||
end | ||
... | ... | |
@title = 'Forgotten password' | ||
return unless request.post? | ||
180 | | |
199 | @user = User.find(:first, :conditions => ["LOWER(email) = ?", params[:email].downcase]) | |
200 | ||
201 | unless @user.nil? | |
@user.forgot_password | ||
@user.save! | ||
184 | | |
185 | | |
205 | hubssolib_set_flash( | |
206 | :notice, | |
207 | 'An e-mail message which tells you how to reset your ' << | |
208 | 'account password has been set to your e-mail address.' | |
209 | ) | |
redirect_to :controller => 'tasks', :action => nil | ||
else | ||
189 | | |
213 | hubssolib_set_flash( | |
214 | :alert, | |
215 | 'No account was found for the given e-mail address.' | |
216 | ) | |
end | ||
end | ||
... | ... | |
@user = User.find_by_password_reset_code(params[:id]) | ||
if (@user.nil?) | ||
204 | | |
205 | | |
206 | | |
231 | hubssolib_set_flash( | |
232 | :alert, | |
233 | 'Invalid reset code. Did your e-mail client break up the reset ' << | |
234 | 'link so it spanned more than one line? If so, please try again, ' << | |
235 | 'copying all of the link in the message however many lines it spans.' | |
236 | ) | |
hubssolib_redirect_back_or_default(:controller => 'tasks', :action => nil) | ||
return | ||
... | ... | |
t = Time.now.utc | ||
if (t >= (@user.password_reset_code_expires_at || t)) # Allows for 'nil' in expiry field | ||
214 | | |
244 | hubssolib_set_flash( | |
245 | :alert, | |
246 | 'The reset code has expired. Please try your reset request again.' | |
247 | ) | |
redirect_to :controller => 'account', :action => 'forgot_password' | ||
return | ||
end | ||
unless params[:password] | ||
220 | | |
253 | hubssolib_set_flash(:alert, 'Reset your password using the form below.') | |
return | ||
end | ||
... | ... | |
end | ||
def delete | ||
239 | | |
272 | hubssolib_set_flash(:alert, 'Are you sure?') | |
title = 'Delete account: Are you sure?' | ||
end | ||
... | ... | |
hubssolib_log_out() | ||
me.destroy | ||
248 | | |
249 | | |
281 | hubssolib_clear_flash() | |
282 | hubssolib_set_flash(:attention, 'Your account has been deleted.') | |
redirect_to :controller => 'tasks', :action => nil | ||
end | ||
... | ... | |
roles = (params[:user] ? params[:user][:roles] : '').to_authenticated_roles | ||
unless (roles.validate) | ||
343 | | |
376 | hubssolib_set_flash( | |
377 | :alert, | |
378 | 'Invalid roles chosen. ' << | |
379 | 'At least one item in the list must be selected.' | |
380 | ) | |
else | ||
@user.roles = roles.to_s | ||
@user.save! | ||
... | ... | |
self.hubssolib_current_user = from_real_user(@user) | ||
end | ||
354 | | |
391 | hubssolib_set_flash(:notice, 'Account roles updated successfully.') | |
redirect_to :action => 'show', :id => @user.id | ||
end | ||
end | ||
... | ... | |
user = User.find(params[:id]) | ||
if (hubssolib_get_user_id == user.id) | ||
363 | | |
400 | hubssolib_set_flash( | |
401 | :alert, | |
402 | 'Please use the normal control panel to delete your own account.' | |
403 | ) | |
elsif (user.roles.to_authenticated_roles.include?(:admin)) | ||
365 | | |
366 | | |
367 | | |
405 | hubssolib_set_flash( | |
406 | :alert, | |
407 | 'You cannot destroy an administrator account from here! ' << | |
408 | 'You can only do that at the control panel when ' << | |
409 | 'logged into the account, or at the database level.' | |
410 | ) | |
else | ||
user.destroy | ||
370 | | |
413 | hubssolib_set_flash(:alert, 'The account has been deleted.') | |
end | ||
redirect_to :action => 'list' | ||
... | ... | |
end | ||
def save_password_and_set_flash(user) | ||
470 | | |
471 | | |
472 | | |
513 | if ( user.save ) | |
514 | hubssolib_set_flash(:notice, 'Your password has been changed.') | |
515 | else | |
516 | hubssolib_set_flash(:alert, 'Sorry, your password could not be changed.') | |
517 | end | |
end | ||
def set_password_mismatch_flash | ||
476 | | |
521 | hubssolib_set_flash( | |
522 | :alert, | |
523 | 'The new password differed from the password confirmation you entered.' | |
524 | ) | |
end | ||
end |
rool/rails/hub/trunk/app/models/user.rb:
prev. | current | |
# Authenticates a user by e-mail address and unencrypted password. Returns the user or nil. | ||
def self.authenticate(email, password) | ||
# hide records with a nil activated_at | ||
31 | | |
31 | u = find :first, :conditions => ['LOWER(email) = ? and activated_at IS NOT NULL', email.downcase] | |
u && u.authenticated?(password) ? u : nil | ||
end | ||