maarten
/
aardbei


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
							class AuthenticationController < ApplicationController
  before_action :require_login!, only: [:logout_confirm, :logout]
  def login_form
    render layout: 'void'
  end

  def login
    if params[:session][:email].blank? || params[:session][:password].blank?
      flash[:warning] = "You forgot to add value"
      redirect_to action: 'login_form'
    else
      u = User.find_by(email: params[:session][:email])

      if u && u.confirmed && u.authenticate(params[:session][:password])
        log_in(u, params[:session][:remember_me].to_i)

        flash[:success] = "Hello, #{u.person.full_name}!"
        redirect_to root_path
      elsif u and not u.confirmed
        flash[:warning] = "Your account has not been activated yet, please confirm using the email you have received."
        redirect_to action: 'login_form'
      else
        flash[:danger] = "Invalid username/password combination!"
        redirect_to action: 'login_form'
      end
    end
  end

  def logout_confirm
    render layout: 'void'
  end

  def logout
    log_out
    redirect_to login_path
  end

  def create_password_form
    render layout: 'void'
  end

  def login_status
    render text: is_logged_in?
  end

  def create_password
    person = Person.find_by(email: params[:user][:email])

    if not person
      flash[:warning] = "That email address is unknown!"
      redirect_to action: 'create_password_form'
      return
    end

    user = User.find_by(person: person)
    if user and user.confirmed
      flash[:warning] = "Your account has already been activated, please use the login form if you have forgotten your password."
      redirect_to action: 'login'
      return
    end

    if not user
      user = User.new
      user.person = person
      user.email = person.email
      user.password = user.password_confirmation = SecureRandom::urlsafe_base64 32
      user.confirmed = false
      user.save!
    end

    AuthenticationMailer::password_confirm_email(user).deliver_now
    flash[:success] = "An email has been sent, check your inbox!"
    redirect_to action: 'login'
  end

  def forgotten_password_form
    render layout: 'void'
  end

  def forgotten_password
    user = User.find_by(email: params[:password_reset][:email])
    if not user
      flash[:danger] = "That email address is not associated with any user."
      redirect_to action: 'forgotten_password_form'
      return
    end
    AuthenticationMailer::password_reset_email(user).deliver_later
    flash[:success] = "An email has been sent, check your inbox!"
    redirect_to action: 'login'
  end

  def reset_password_form
    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
    if not token_valid? token
      return
    end
    render layout: 'void'
  end

  def reset_password
    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
    if not token_valid? token
      return
    end

    if not params[:password] == params[:password_confirmation]
      flash[:warning] = "Password confirmation does not match your password!"
      redirect_to action: 'reset_password_form', token: params[:token]
      return
    end

    user = token.user
    user.password = params[:password_reset][:password]
    user.password_confirmation = params[:password_reset][:password_confirmation]
    user.save!

    token.destroy!

    flash[:success] = "Your password has been reset, you may now log in."
    redirect_to action: 'login'
  end

  def confirm_account_form
    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:account_confirmation])
    return unless token_valid? token

    @user = token.user
    render layout: 'void'
  end

  def confirm_account
    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:account_confirmation])
    return unless token_valid? token

    user = token.user
    user.password = params[:account_confirmation][:password]
    user.password_confirmation = params[:account_confirmation][:password_confirmation]
    user.confirmed = true
    user.save!

    token.destroy!

    flash[:success] = "Your account has been confirmed, you may now log in."
    redirect_to action: 'login'
  end

  private
  def session_params
    params.require(:session).permit(:email, :password, :remember_me)
  end

  def token_valid?(token)
    if token.nil?
      flash[:warning] = "No valid token specified!"
      redirect_to action: 'login'
      return false
    end
    if token.expires and token.expires < DateTime.now
      flash[:warning] = "That token has expired, please request a new one."
      redirect_to action: 'login'
      return false
    end
    true
  end
end