Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class AccountController < ApplicationController
- before_filter :login_required, :only => [:delete, :change_account_subdomain]
- access_rule 'admin', :only => [:change_account_subdomain, :delete]
- layout 'website'
- def index
- redirect_to :action => 'login' unless logged_in?
- end
- # User login
- def login
- redirect_to :controller => 'secret', :action => 'list' and return if logged_in?
- if request.post?
- # Find account by subdomain param
- @account = Account.find_by_subdomain(params[:subdomain])
- self.current_user = User.authenticate(params[:login], params[:password], @account ? @account.id : 0)
- if current_user
- if params[:remember_me] == "1"
- self.current_user.remember_me
- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
- end
- # Redirect to settings if current user's last login is nil
- # (User redirected to settings first login)
- redirect_to_settings = self.current_user.last_login.nil?
- self.current_user.last_login = Time.now
- self.current_user.save(false)
- if redirect_to_settings
- flash[:notice] = "Welcome to SafetyPin. This is your first login, please verify your information."
- redirect_to user_settings_url and return
- end
- flash[:notice] = "Hello again!"
- redirect_to :controller => 'secret', :action => 'list'
- else
- account = Account.find_by_subdomain(params[:subdomain])
- if !account.nil? && account.disabled?
- flash[:notice] = "Account disabled"
- else
- flash[:notice] = "The user name and/or password is invalid."
- end
- end
- end
- end
- # Resets and e-mails a newly generated password given an e-mail
- def forgot_password
- @accounts = Account.find(:all)
- if request.post?
- @user = User.find_by_email(params[:email])
- if @user.nil?
- flash[:notice] = "Email address does not match our records."
- redirect_to :action => 'forgot_password' and return
- end
- @user.reset_password!
- #new_password = @user.reset_password!
- #Notifier::deliver_reset_password(@user, new_password)
- flash[:notice] = "A new temporary password has been sent to your email address."
- redirect_to :action => 'login' and return
- end
- end
- # Account signup
- def signup
- @account = Account.new(params[:account])
- @user = User.new(params[:user])
- return unless request.post?
- # Populate user parameters with selected account parameters
- [:fullname, :email].each { |a| params[:account][a] = params[:user][a] }
- @user = User.new(params[:user])
- @account = Account.new(params[:account])
- # Have to run valid? across both user and account model before we can obtain error messages.
- # The if condition below doesn't do this for us (strange..).
- [@user, @account].each { |o| o.send('valid?') }
- if @account.valid? && @user.valid?
- begin
- @account.users << @user
- @account.save!
- @user.roles << Role.find_by_title('admin')
- rescue
- flash[:error] = 'A fatal error has occurred. Please try again later.'
- redirect_to :action => 'signup', :fatal => 'true' and return
- end
- self.current_user = @user
- flash[:notice] = "Welcome to SafetyPin. Thanks for creating your new account. This is your first login, please verify your information."
- redirect_to user_settings_url and return
- else
- render :action => 'signup' and return false
- end
- end
- # Checks the account name availability
- def check_subdomain_availability
- unless params[:name].empty?
- @status = Account.find_by_name(params[:name]).nil? ? 'The subdomain is AVAILABLE.' : 'The subdomain is UNAVAILABLE. Try another name.'
- else
- @status = ""
- end
- end
- # Logout the current user
- def logout
- self.current_user.forget_me if logged_in?
- cookies.delete :auth_token
- reset_session
- flash[:notice] = "You have been logged out"
- redirect_to :action => 'login'
- end
- # Delete account (doesn't actually delete, just disables)
- def delete
- @errors = []
- if request.post?
- @errors << "Please tell us why you are leaving?" if params[:reason].to_s.empty?
- @errors << "Password is incorrect" unless User.authenticate(current_user.login, params[:password], current_user.account_id)
- # Flag the account as deleted and create account closure record
- if @errors.empty?
- current_account.disable!
- AccountClosure.create!(:account_id => current_user.account_id, :reason => params[:reason])
- logout
- end
- end
- end
- # Change account name
- def change_account_subdomain
- @account = Account.find(current_account.id)
- @account.subdomain = params[:account_subdomain]
- # Redirect back if no change was made
- if current_account.subdomain == params[:account_subdomain]
- redirect_to subscription_url and return
- end
- if @account.save
- logout
- else
- flash[:error] = "Invalid subdomain"
- redirect_to subscription_url
- end
- end
- end
Add Comment
Please, Sign In to add comment