Sprankelprachtig aan/afmeldsysteem

authentication_controller.rb 4.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171
  1. class AuthenticationController < ApplicationController
  2. before_action :require_login!, only: [:logout_confirm, :logout]
  3. def login_form
  4. render layout: 'void'
  5. end
  6. def login
  7. if params[:session][:email].blank? || params[:session][:password].blank?
  8. flash_message(:warning, I18n.t(:value_required))
  9. redirect_to action: 'login_form'
  10. else
  11. u = User.find_by(email: params[:session][:email])
  12. if u&.confirmed && u&.authenticate(params[:session][:password])
  13. log_in(u, params[:session][:remember_me].to_i)
  14. flash_message(:success, I18n.t(:greeting, name: u.person.first_name))
  15. redirect_to root_path
  16. elsif u && !u.confirmed
  17. flash_message(:warning, I18n.t('authentication.activation_required'))
  18. redirect_to action: 'login_form'
  19. else
  20. flash_message(:danger, I18n.t('authentication.invalid_user_or_pass'))
  21. redirect_to action: 'login_form'
  22. end
  23. end
  24. end
  25. def logout_confirm
  26. render layout: 'void'
  27. end
  28. def logout
  29. log_out
  30. redirect_to login_path
  31. end
  32. def create_password_form
  33. render layout: 'void'
  34. end
  35. def login_status
  36. render text: logged_in?
  37. end
  38. def create_password
  39. person = Person.find_by(email: params[:user][:email])
  40. unless person
  41. flash_message(:warning, I18n.t('authentication.unknown_email'))
  42. redirect_to action: 'create_password_form'
  43. return
  44. end
  45. user = User.find_by(person: person)
  46. if user&.confirmed
  47. flash_message(:warning, I18n.t('authentication.already_activated'))
  48. redirect_to action: 'login'
  49. return
  50. end
  51. unless user
  52. user = User.new
  53. user.person = person
  54. user.email = person.email
  55. user.password = user.password_confirmation = SecureRandom.urlsafe_base64 32
  56. user.confirmed = false
  57. user.save!
  58. end
  59. AuthenticationMailer.password_confirm_email(user).deliver_now
  60. flash_message(:success, I18n.t('authentication.emails.sent'))
  61. redirect_to action: 'login'
  62. end
  63. def forgotten_password_form
  64. render layout: 'void'
  65. end
  66. def forgotten_password
  67. user = User.find_by(email: params[:password_reset][:email])
  68. unless user
  69. flash_message(:danger, I18n.t('authentication.unknown_email'))
  70. redirect_to action: 'forgotten_password_form'
  71. return
  72. end
  73. AuthenticationMailer.password_reset_email(user).deliver_later
  74. flash_message(:success, I18n.t('authentication.emails.sent'))
  75. redirect_to action: 'login'
  76. end
  77. def reset_password_form
  78. token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
  79. return unless token_valid? token
  80. render layout: 'void'
  81. end
  82. def reset_password
  83. token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
  84. return unless token_valid? token
  85. if params[:password_reset][:password].blank?
  86. flash_message :warning, I18n.t('authentication.password_blank')
  87. render 'authentication/reset_password_form', layout: 'void'
  88. return
  89. end
  90. unless params[:password_reset][:password] == params[:password_reset][:password_confirmation]
  91. flash_message(:warning, I18n.t('authentication.password_repeat_mismatch'))
  92. redirect_to action: 'reset_password_form', token: params[:token]
  93. return
  94. end
  95. user = token.user
  96. user.password = params[:password_reset][:password]
  97. user.password_confirmation = params[:password_reset][:password_confirmation]
  98. user.save!
  99. token.destroy!
  100. flash_message(:success, I18n.t('authentication.password_reset_complete'))
  101. redirect_to action: 'login'
  102. end
  103. def confirm_account_form
  104. token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:account_confirmation])
  105. return unless token_valid? token
  106. @user = token.user
  107. render layout: 'void'
  108. end
  109. def confirm_account
  110. token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:account_confirmation])
  111. return unless token_valid? token
  112. user = token.user
  113. user.password = params[:account_confirmation][:password]
  114. user.password_confirmation = params[:account_confirmation][:password_confirmation]
  115. user.confirmed = true
  116. user.save!
  117. token.destroy!
  118. flash_message(:success, I18n.t('authentication.activation_complete'))
  119. redirect_to action: 'login'
  120. end
  121. private
  122. def session_params
  123. params.require(:session).permit(:email, :password, :remember_me)
  124. end
  125. def token_valid?(token)
  126. if token.nil?
  127. flash_message(:warning, I18n.t('authentication.invalid_token'))
  128. redirect_to action: 'login'
  129. return false
  130. end
  131. if token.expires&.past?
  132. flash_message(:warning, I18n.t('authentication.token_expired'))
  133. redirect_to action: 'login'
  134. return false
  135. end
  136. true
  137. end
  138. end