# app/controllers/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController
def edit
@user = current_user
@prefs = @user.get_preferences(:email)
@languages = Language.sorted_by_abbreviation
@orgs = Org.where(parent_id: nil).order("name")
@other_organisations = Org.where(parent_id: nil, is_other: true).pluck(:id)
@identifier_schemes = IdentifierScheme.where(active: true).order(:name)
@default_org = current_user.org
end
# GET /resource
def new
oauth = {provider: nil, uid: nil}
IdentifierScheme.all.each do |scheme|
oauth = session["devise.#{scheme.name.downcase}_data"] unless session["devise.#{scheme.name.downcase}_data"].nil?
end
@user = User.new
unless oauth.nil?
# The OAuth provider could not be determined or there was no unique UID!
if oauth[:provider].nil? || oauth[:uid].nil?
flash[:alert] = _('We were unable to verify your account. Please use the following form to create a new account. You will be able to link your new account afterward.')
else
# Connect the new user with the identifier sent back by the OAuth provider
flash[:notice] = _('It does not look like you have setup an account with us yet. Please fill in the following information to complete your registration.')
UserIdentifier.create(identifier_scheme: oauth[:provider].upcase,
identifier: oauth[:uid],
user: @user)
end
end
end
# POST /resource
def create
#logger.debug "#{sign_up_params}"
if sign_up_params[:accept_terms] != "on" then
redirect_to after_sign_up_error_path_for(resource), alert: _('You must accept the terms and conditions to register.')
else
sign_up_params[:accept_terms] = "1" # Convert the html 'on' to '1'
existing_user = User.find_by_email(sign_up_params[:email])
if !existing_user.nil? # If email exists
if (existing_user.password == "" || existing_user.password.nil?) && existing_user.confirmed_at.nil? # If user has not accepted invitation yet
existing_user.destroy # Only solution for now
super
else
redirect_to after_sign_up_error_path_for(resource), alert: _('That email address is already registered.')
end
else
build_resource(sign_up_params)
if resource.save
if resource.active_for_authentication?
set_flash_message :notice, :signed_up if is_navigational_format?
sign_up(resource_name, resource)
UserMailer.welcome_notification(current_user).deliver
respond_with resource, location: after_sign_up_path_for(resource)
else
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
#expire_session_data_after_sign_in! <-- DEPRECATED BY DEVISE
respond_with resource, location: after_inactive_sign_up_path_for(resource)
end
else
clean_up_passwords resource
redirect_to after_sign_up_error_path_for(resource), alert: _('Error processing registration. Please check that you have entered a valid email address and that your chosen password is at least 8 characters long.')
end
end
end
end
def update
if user_signed_in? then
@orgs = Org.where(parent_id: nil).order("name")
@default_org = current_user.org
@other_organisations = Org.where(parent_id: nil, is_other: true).pluck(:id)
@identifier_schemes = IdentifierScheme.where(active: true).order(:name)
@languages = Language.sorted_by_abbreviation
@tab = params[:tab]
if params[:skip_personal_details] == "true"
do_update_password(current_user, params)
else
do_update(require_password=needs_password?(current_user, params))
end
else
render(:file => File.join(Rails.root, 'public/403.html'), :status => 403, :layout => false)
end
end
private
# check if we need password to update user data
# ie if password or email was changed
# extend this as needed
def needs_password?(user, params)
user.email != params[:user][:email] || params[:user][:password].present?
end
def do_update(require_password = true, confirm = false)
mandatory_params = true
message = _('Save Unsuccessful.') + ' ' # added to by below, overwritten otherwise
# ensure that the required fields are present
if params[:user][:email].blank?
message +=_('Please enter an email address.') + ' '
mandatory_params &&= false
end
if params[:user][:firstname].blank?
message +=_('Please enter a First name.') + ' '
mandatory_params &&= false
end
if params[:user][:surname].blank?
message +=_('Please enter a Last name.') + ' '
mandatory_params &&= false
end
if params[:user][:org_id].blank?
message += _('Please select an organisation, or select Other.')
mandatory_params &&= false
end
if mandatory_params # has the user entered all the details
if require_password # user is changing email or password
if current_user.email != params[:user][:email] # if user is changing email
if params[:user][:password].blank? # password needs to be present
message = _('Please enter your password to change email address.')
successfully_updated = false
else
successfully_updated = current_user.update_with_password(password_update)
end
else # potentially unreachable... but I dont like to leave off the else
successfully_updated = current_user.update_with_password(password_update)
end
else # password not required
successfully_updated = current_user.update_without_password(update_params)
end
else
successfully_updated = false
end
#unlink shibboleth from user's details
if params[:unlink_flag] == 'true' then
current_user.update_attributes(shibboleth_id: "")
end
#render the correct page
if successfully_updated
if confirm
current_user.skip_confirmation! # will error out if confirmable is turned off in user model
current_user.save!
end
session[:locale] = current_user.get_locale unless current_user.get_locale.nil?
set_gettext_locale #Method defined at controllers/application_controller.rb
set_flash_message :notice, success_message(_('profile'), _('saved'))
sign_in current_user, bypass: true # Sign in the user bypassing validation in case his password changed
redirect_to edit_user_registration_path(tab: @tab), notice: success_message(_('profile'), _('saved'))
else
flash[:alert] = message.blank? ? failed_update_error(current_user, _('profile')) : message
render "edit"
end
end
def do_update_password(current_user, params)
if params[:user][:current_password].blank?
message = _('Please enter your current password')
elsif params[:user][:password_confirmation].blank?
message = _('Please enter a password confirmation')
elsif params[:user][:password] != params[:user][:password_confirmation]
message = _('Password and comfirmation must match')
else
successfully_updated = current_user.update_with_password(password_update)
end
#render the correct page
if successfully_updated
session[:locale] = current_user.get_locale unless current_user.get_locale.nil?
set_gettext_locale #Method defined at controllers/application_controller.rb
set_flash_message :notice, success_message(_('password'), _('saved'))
sign_in current_user, bypass: true # Sign in the user bypassing validation in case his password changed
redirect_to edit_user_registration_path(tab: @tab), notice: success_message(_('password'), _('saved'))
else
flash[:alert] = message.blank? ? failed_update_error(current_user, _('profile')) : message
render "edit"
end
end
def sign_up_params
params.require(:user).permit(:email, :password, :password_confirmation,
:firstname, :surname, :recovery_email,
:accept_terms, :other_organisation)
end
def update_params
params.require(:user).permit(:firstname, :org_id, :other_organisation,
:language_id, :surname)
end
def password_update
params.require(:user).permit(:email, :firstname, :current_password,
:org_id, :language_id, :password,
:password_confirmation, :surname,
:other_organisation)
end
end
xsrust