diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4449c0b..2a3f07b 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,7 @@ class UsersController < ApplicationController require 'open-uri' + include MailerHelper def index if params[:role] @@ -42,8 +43,8 @@ class UsersController < ApplicationController if !confirmed? @user.confirmed = true if @user.save - flash[:notice] = "Registration mail confirmed." - redirect_to edit_user_path(@user) + flash[:notice] = "Your email has been confirmed." + redirect_to @user return else flash[:alert] = "Something went wrong, please contact us ingame." @@ -103,7 +104,7 @@ class UsersController < ApplicationController RedstonerMailer.register_info_mail(@user, is_idiot).deliver rescue => e Rails.logger.error "---" - Rails.logger.error "WARNING: registration mail failed for user #{@user.name}, #{@user.email}" + Rails.logger.error "WARNING: registration mail failed for user #{@user.try(:name)}, #{@user.try(:email)}" Rails.logger.error e.message Rails.logger.error "---" flash[:alert] = "Registration mail failed. Please contact us in-game." @@ -201,6 +202,59 @@ class UsersController < ApplicationController end end + def edit_login + @user = User.find(params[:id]) + unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + flash[:alert] = "You are not allowed to edit this user's login details!" + redirect_to @user + end + end + + def update_login + @user = User.find(params[:id]) + if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? + authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password]) + if params[:user][:password].present? + @user.password = params[:user][:password] + @user.password_confirmation = params[:user][:password_confirmation] + end + @user.email = params[:user][:email] if params[:user][:email].present? + mail_changed = @user.email_changed? + @user.email_token = SecureRandom.hex(16) if mail_changed + @user.confirmed = !mail_changed + + # checking here for password so we can send back changes to the view + if authenticated + if @user.save + flash[:notice] = "Login details updated!" + if mail_changed + begin + background_mailer([RedstonerMailer.email_change_confirm_mail(@user)]) + flash[:notice] += " Please check your inbox." + rescue + Rails.logger.error "---" + Rails.logger.error "WARNING: email change confirmation mail (view) failed for user #{@user.try(:name)}, #{@user.try(:email)}" + Rails.logger.error e.message + Rails.logger.error "---" + flash[:alert] = "We're having problems with your confirmation mail, please contact us!" + end + end + redirect_to @user + else + flash[:alert] = "Error while updating your login details!" + render action: "edit_login" + end + else + flash[:alert] = "Wrong password!" + render action: "edit_login" + end + + else + flash[:alert] = "You are not allowed to edit this user's login details!" + redirect_to @user + end + end + private diff --git a/app/helpers/mailer_helper.rb b/app/helpers/mailer_helper.rb index 9452f94..b6b134e 100644 --- a/app/helpers/mailer_helper.rb +++ b/app/helpers/mailer_helper.rb @@ -7,11 +7,16 @@ module MailerHelper mail.deliver rescue => e Rails.logger.error "---" - Rails.logger.error "WARNING: '#{mail.try(:subject)}' failed for user #{@user.name}, #{@user.email}" + Rails.logger.error "WARNING: '#{mail.try(:subject)}' failed for user #{@user.try(:name)}, #{@user.try(:email)}" Rails.logger.error e.message Rails.logger.error "---" end end + rescue => e + Rails.logger.error "---" + Rails.logger.error "WARNING: Problem while processing mails:" + Rails.logger.error e.message + Rails.logger.error "---" ensure # threads open their own DB connection ActiveRecord::Base.connection.close diff --git a/app/mailers/redstoner_mailer.rb b/app/mailers/redstoner_mailer.rb index e945a4d..1e2d50f 100644 --- a/app/mailers/redstoner_mailer.rb +++ b/app/mailers/redstoner_mailer.rb @@ -7,18 +7,23 @@ class RedstonerMailer < ActionMailer::Base def register_mail(user, uses_mc_pass) @user = user @mcpw = uses_mc_pass - mail(to: @user.email, subject: "Registration on Redstoner.com", from: "info@redstoner.com", reply_to: "redstonerserver+website@gmail.com") + mail(to: @user.email, subject: "Registration on Redstoner.com") end def register_info_mail(user, uses_mc_pass) @user = user @mcpw = uses_mc_pass - mail(to: "redstonerserver@gmail.com", subject: "#{@user.name} registered on Redstoner.com", from: "info@redstoner.com", reply_to: "redstonerserver+website@gmail.com") + mail(to: "redstonerserver@gmail.com", subject: "#{@user.name} registered on Redstoner") end def thread_reply_mail(user, reply) @user = user @reply = reply - mail(to: @user.email, subject: "#{reply.author.name} replied to '#{reply.thread.title}' on Redstoner", from: "info@redstoner", reply_to: "redstonerserver+website@gmail") + mail(to: @user.email, subject: "#{reply.author.name} replied to '#{reply.thread.title}' on Redstoner") + end + + def email_change_confirm_mail(user) + @user = user + mail(to: @user.email, subject: "Email change on Redstoner.com") end end \ No newline at end of file diff --git a/app/models/user.rb b/app/models/user.rb index cde92ae..c5dc60b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -10,10 +10,10 @@ class User < ActiveRecord::Base before_validation :strip_whitespaces, :set_uuid, :set_name, :set_email_token, :set_role - validates_presence_of :password, :password_confirmation, :email_token, :on => :create + validates_presence_of :password, :password_confirmation, :email_token, on: :create validates_presence_of :name, :email, :ign - validates_length_of :password, in: 8..256, :on => :create + validates_length_of :password, in: 8..256, on: [:create, :update], allow_nil: true validates_length_of :name, in: 2..30 validates_length_of :about, maximum: 5000 validates_length_of :ign, minimum: 1, maximum: 16 diff --git a/app/views/redstoner_mailer/email_change_confirm_mail.html.erb b/app/views/redstoner_mailer/email_change_confirm_mail.html.erb new file mode 100644 index 0000000..d4f2b06 --- /dev/null +++ b/app/views/redstoner_mailer/email_change_confirm_mail.html.erb @@ -0,0 +1,31 @@ +
+
+ Hi <%= @user.name %>! + +

You changed your email on Redstoner.com!

+

Please <%= link_to "confirm", confirm_user_url(@user, code: @user.email_token), style: "text-decoration: none; color: #4096EE;" %> your new email address (<%= @user.email %>).

+ +
+

Please click this link to confirm your new email: +

+
+ <%= link_to "confirm email change", confirm_user_url(@user, code: @user.email_token), style: "text-decoration: none; color: #f2f2f2; padding: 0.5em 2em; background-color: #4096EE; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; display: inline-block; text-transform: uppercase;" %> +
+

+ +

If you have any questions or problems, just ask one of our <%= link_to "Staff", users_url(role: "staff"), style: "text-decoration: none; color: #4096EE;" %> in-game.

+

Your Redstoner team

+ +
+
+
+

If you did not change your mail on redstoner.com please ignore this email! +

+

You can contact us via: + <%= link_to "Website", root_url, style: "text-decoration: none; color: #4096EE;" %> | + <%= link_to "Twitter", "https://twitter.com/RedstonerServer", style: "text-decoration: none; color: #4096EE;" %> | + <%= link_to "Google+", "https://google.com/+Redstoner", style: "text-decoration: none; color: #4096EE;" %> | + <%= link_to "Email", "mailto:redstonerserver+website@gmail.com", style: "text-decoration: none; color: #4096EE;" %> +

+
+
\ No newline at end of file diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index 723aa80..0463686 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -4,7 +4,7 @@ end %> -<%= link_to (@user.is?(current_user) ? "Your profile" : @user.name), current_user %> → Edit +<%= link_to @user.name, current_user %> → Edit

Edit profile

<%= form_for @user do |f| %> @@ -60,7 +60,9 @@ -

<%= f.submit "Save profile", class: "btn blue", disabled: (!@user.confirmed? && @user.is?(current_user)) %>

+

<%= f.submit "Save profile", class: "btn blue left", disabled: (!@user.confirmed? && @user.is?(current_user)) %>

+

<%= link_to "Edit login details", edit_login_user_path(@user), class: "btn blue right" %>

+
<% if !@user.confirmed? %> <% if @user.is?(current_user) %> diff --git a/app/views/users/edit_login.html.erb b/app/views/users/edit_login.html.erb new file mode 100644 index 0000000..81bdae8 --- /dev/null +++ b/app/views/users/edit_login.html.erb @@ -0,0 +1,36 @@ +<%= link_to @user.name, @user %> → Edit Login credentials +

Edit Login credentials

+ + +<%= form_for @user, url: update_login_user_path(@user), method: :put do |f| %> + + + + + + + + + + + + + + + + + + + +
New email + <%= f.text_field :email %> +
New password + <%= f.password_field :password %> +
Repeat new password + <%= f.password_field :password_confirmation %> +
Current password + <%= password_field_tag :current_password, nil, disabled: !@user.is?(current_user) %> +
+

<%= f.submit "Save changes", class: "btn blue left" %>

+
+<% end %> \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 3a323ac..4a743c8 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -16,6 +16,8 @@ Redstoner::Application.routes.draw do resources :users do member do get 'confirm' + get 'edit_login' + put 'update_login' end end diff --git a/test/mailers/previews/registration_preview.rb b/test/mailers/previews/registration_preview.rb index 087ac20..597d6d6 100644 --- a/test/mailers/previews/registration_preview.rb +++ b/test/mailers/previews/registration_preview.rb @@ -23,4 +23,8 @@ class RegistrationPreview < ActionMailer::Preview reply = Threadreply.new(id: 312, user_author: @@user, content: "# Markdown!\n\n`incline code`\n\nhtml?\n\n[yt:abcd1234]\n\n[link](/forums)", forumthread: thread) RedstonerMailer.thread_reply_mail(@@user, reply) end + + def email_change_confirm_mail + RedstonerMailer.email_change_confirm_mail(@@user) + end end \ No newline at end of file