Redstoner/redstoner.com
Archived
0
Fork 0
Code Issues Pull Requests 2 Wiki Activity
This repository has been archived on 2024-08-27. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
c35a36a5c5fe1a4640414976764717dd1aca9578
redstoner.com/app/controllers/users_controller.rb
Jonas Folvik c35a36a5c5 some New and some old 
Added some new stuff (mainly the fix for the "new" ranks suffixes) and
removed some uneeded bits.
Also changed the gemfile so it will work on Windows too.
2016-01-11 18:21:21 +01:00

346 lines
11 KiB
Ruby
Raw Blame History

class UsersController < ApplicationController
require 'open-uri'
include MailerHelper
include ERB::Util
before_filter :set_user, except: [:index, :new, :create, :lost_password, :reset_password, :suggestions]
def index
if params[:role]
if params[:role].downcase == "staff"
@users = User.joins(:role).where("roles.value >= ?", Role.get(:mod).to_i)
elsif params[:role].downcase == "donor"
@users = User.joins(:role).where(donor: true)
elsif params[:role].downcase == "retired"
@users = User.joins(:role).where(retired: true)
elsif params[:role].downcase == "mit"
@users = User.joins(:role).where(mit: true)
elsif params[:role].downcase == "dev"
@users = User.joins(:role).where(dev: true)
elsif params[:role].downcase == "lead"
@users = User.joins(:role).where(lead: true)
else
if role = Role.get(params[:role])
@users = User.joins(:role).where(role: role)
else
flash[:alert] = "role '#{params[:role]}' does not exist!"
redirect_to users_path
return
end
end
else
@users = User.joins(:role).where.not(id: User.first.id) #Remove first user
end
@users = @users.order("roles.value desc", "confirmed desc", :name)
@count = @users.size
@users = @users.page(params[:page]).per(100)
end
def show
end
# SIGNUP
def new
if current_user
flash[:notice] = "You are already signed up!"
redirect_to current_user
else
@user = User.new
end
end
def confirm
if current_user
code = params[:code]
if @user && @user.is?(current_user) && code && @user.email_token == code
if !confirmed?
@user.confirmed = true
if @user.save
flash[:notice] = "Your email has been confirmed."
redirect_to @user
return
else
flash[:alert] = "Something went wrong, please contact us ingame."
redirect_to @user
return
end
elsif @user.role < Role.get(:normal)
flash[:alert] = "Your account has been banned or removed"
else
flash[:alert] = "Your account has already been confirmed!"
end
redirect_to @user
elsif !@user.is?(current_user)
flash[:alert] = "Wrong user, please log in as '#{@user.name}' first!"
redirect_to root_path
else
flash[:alert] = "Something is wrong with your confirmation code"
redirect_to root_path
end
else
flash[:alert] = "Please login first"
cookies[:return_path] = request.fullpath
redirect_to login_path
end
end
def edit
unless (mod? && current_user.role >= @user.role) || current_user == @user
flash[:alert] = "You are not allowed to edit this user"
redirect_to user_path(@user)
end
end
def create
if current_user
flash[:notice] = "You are already signed up!"
redirect_to current_user
else
@user = User.new(user_params)
user_profile = @user.get_profile
if user_profile
@user.uuid = user_profile["id"]
@user.ign = user_profile["name"] # correct case
if validate_token(@user.uuid, @user.email, params[:registration_token])
destroy_token(@user.email) # tokens can be used to reset password
@user.last_ip = request.remote_ip # showing in mail
if @user.save
session[:user_id] = @user.id
if @user.uses_mc_password?(params[:user][:password])
is_idiot = true
flash[:alert] = "Really? That's your Minecraft password!"
else
is_idiot = false
end
begin
# these shouldn't be send in the background
RedstonerMailer.register_mail(@user, is_idiot).deliver
RedstonerMailer.register_info_mail(@user, is_idiot).deliver
rescue => e
Rails.logger.error "---"
Rails.logger.error "WARNING: registration mail failed for user #{@user.try(:name)}, #{@user.try(:email)}"
Rails.logger.error e.message
Rails.logger.error "---"
flash[:alert] = "Registration mail failed. Please contact us in-game."
end
flash[:notice] = "Successfully signed up! Check your email!"
redirect_to edit_user_path(@user)
else
flash[:alert] = "Something went wrong"
render action: "new"
end
@user.email_token = SecureRandom.hex(16)
else
flash[:alert] = "Token invalid for this username/email. Please generate a new token!"
destroy_token(@user.email) # no chance to brute force
render action: "new"
end
else
flash[:alert] = "Error. Your username is not correct or Mojang's servers are down."
render action: "new"
return
end
end
end
def update
if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?)
if mod?
userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :role, :confirmed, :donor, :retired, :dev, :mit, :lead])
else
userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about])
end
if userdata[:role]
role = Role.get(userdata[:role])
if role <= current_user.role
userdata[:role] = role
else
# don't change role
userdata.delete[:role]
end
end
if @user.youtube != userdata[:youtube]
youtube = get_youtube(userdata[:youtube])
userdata[:youtube] = youtube[:channel]
userdata[:youtube_channelname] = youtube[:channel_name]
flash[:alert] = "Couldn't find a YouTube channel with that name, are you sure it's correct?" unless youtube[:is_correct?]
end
if @user.update_attributes(userdata)
flash[:notice] = 'Profile updated.'
else
flash[:alert] = "There was a problem while updating the profile"
render action: "edit"
return
end
else
flash[:alert] = "You are not allowed to edit this user"
end
redirect_to @user
end
def ban
if mod? && current_user.role >= @user.role
@user.role = Role.get :banned
flash[:notice] = "'#{@user.name}' has been banned!"
else
flash[:alert] = "You are not allowed to ban this user!"
end
redirect_to @user
end
def unban
if mod? && current_user.role >= @user.role
@user.role = Role.get :normal
flash[:notice] = "\"#{@user.name}\" has been unbanned!"
else
flash[:alert] = "You are not allowed to unban this user!"
end
redirect_to @user
end
def destroy
if superadmin?
if @user.destroy
flash[:notice] = "User deleted forever."
redirect_to users_url
else
flash[:alert] = "Problem while deleting user"
redirect_to @user
end
else
flash[:alert] = "You are not allowed to delete this user"
redirect_to @user
end
end
def edit_notifications
unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
flash[:alert] = "You are not allowed to edit this user's notification settings!"
redirect_to @user
end
end
def edit_login
unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
flash[:alert] = "You are not allowed to edit this user's login details!"
redirect_to @user
end
end
def update_login
if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password])
if params[:user][:password].present?
@user.password = params[:user][:password]
@user.password_confirmation = params[:user][:password_confirmation]
end
@user.email = params[:user][:email] if params[:user][:email].present?
mail_changed = @user.email_changed?
@user.email_token = SecureRandom.hex(16) if mail_changed
@user.confirmed = !mail_changed
# checking here for password so we can send back changes to the view
if authenticated
if @user.save
flash[:notice] = "Login details updated!"
if mail_changed
begin
background_mailer([RedstonerMailer.email_change_confirm_mail(@user)])
flash[:notice] += " Please check your inbox."
rescue
Rails.logger.error "---"
Rails.logger.error "WARNING: email change confirmation mail (view) failed for user #{@user.try(:name)}, #{@user.try(:email)}"
Rails.logger.error e.message
Rails.logger.error "---"
flash[:alert] = "We're having problems with your confirmation mail, please contact us!"
end
end
redirect_to @user
else
flash[:alert] = "Error while updating your login details!"
render action: "edit_login"
end
else
flash[:alert] = "Wrong password!"
render action: "edit_login"
end
else
flash[:alert] = "You are not allowed to edit this user's login details!"
redirect_to @user
end
end
def lost_password
if current_user
flash[:notice] = "You're already logged in!"
redirect_to current_user
end
end
def reset_password
user = User.find_by_email(params[:email])
if user && validate_token(user.uuid, user.email, params[:secret_token])
destroy_token(user.email) # tokens can be used to reset password
user.password = params[:new_password]
user.password_confirmation = params[:new_password]
if user.save
flash[:notice] = "Password reset"
redirect_to login_path
else
flash[:alert] = "Failed to update password, please generate a new Token!"
render action: "lost_password"
end
else
flash[:alert] = "Token or Email address invalid!"
render action: "lost_password"
end
end
def suggestions
query = params[:name]
# same regex as the one used for textcomplete
if current_user && query.present? && query =~ /\A([^!"§$%&\/()=?.,;+*@\s]{1,16} ?){0,1}[^!"§$%&\/()=?.,;+*@\s]{1,16}\Z/
query.gsub!(/[_%]/) {|c|"\\#{c}"} # escape LIKE wildcard characters
@users = User.where("ign LIKE ? or name LIKE ?", "%#{query}%", "%#{query}%").order(:name, :ign).limit(7)
@users = @users.to_a.map{|u| [html_escape(u.name), html_escape(u.ign)]}
render json: @users
else
puts "'#{query}' does not match regex!"
render json: []
end
end
private
def validate_token(uuid, email, token)
user_token = RegisterToken.where(uuid: uuid, email: email).first
user_token && user_token.token == token
end
def destroy_token(email)
user_token = RegisterToken.where(email: email).first
user_token && user_token.destroy
end
def set_user
id = params[:id]
if id == "me"
if current_user
id = current_user.id
else
flash[:alert] = "Please log in"
redirect_to login_path(return_path: request.env['PATH_INFO'])
return
end
end
@user = User.find(id)
end
def user_params(add = [])
a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention] + add
params.require(:user).permit(a)
end
end
Reference in New Issue View Git Blame Copy Permalink