closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8525 Commits
4 Branches
567 MiB
Tree: c48d895ea7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c48d895ea7'
${ noResults }
mastodon/app/controllers/auth/registrations_controller.rb

123 lines
3.0 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Customizing devise views and controllers
8 years ago
Fix #611 - Layout setting in registrations controller
7 years ago
Customizing devise views and controllers
8 years ago
Add autofollow option to invites (#7805) * Add autofollow option to invites * Trigger CodeClimate rebuild
6 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
Improve code style
7 years ago
Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test
7 years ago
Set InstancePresenter to `Auth::RegistrationsController#create` (#5366)
6 years ago
Fix styling in /auth/edit (#9117)
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Fix settings pages being cacheable by the browser (#12714) Fix #12255
4 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Customizing devise views and controllers
8 years ago
Add "why do you want to join" field to invite requests (#10524) * Add "why do you want to join" field to invite requests Fix #10512 * Remove unused translations * Fix broken registrations when no invite request text is submitted
5 years ago
Fix Devise destroy method being available to delete user record (#3266) (You may think that we need account deletions, but this way would've just orphaned the db records)
7 years ago
Fix password change/reset not immediately invalidating other sessions (#12928) While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
4 years ago
Customizing devise views and controllers
8 years ago
pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
6 years ago
Fix password change/reset not immediately invalidating other sessions (#12928) While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
4 years ago
pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
6 years ago
Customizing devise views and controllers
8 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Add "why do you want to join" field to invite requests (#10524) * Add "why do you want to join" field to invite requests Fix #10512 * Remove unused translations * Fix broken registrations when no invite request text is submitted
5 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Improve code style
7 years ago
Customizing devise views and controllers
8 years ago
Upgrade to Rails 5.0.0.1
7 years ago
Fix sign-ups without checked user agreement being accepted through the web form (#13088) * Fix user agreement not being verified * Fix tests * Fix up agreement field being dismissed
4 years ago
Customizing devise views and controllers
8 years ago
Moving Salmon notifications to background processing, fixing mini-profiler behaviour with Turbolinks enabled, optimizing Rabl for production
8 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Customizing devise views and controllers
8 years ago
Add single user mode
7 years ago
If signed in, redirect autofollow invite to profile page (#7956) Fix #7944
5 years ago
Fix #390 - fix redirect after sign-up (to login page instead of homepage)
7 years ago
Add confirmation step for email changes (#6071) * Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes
6 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Add single user mode
7 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
Fix #611 - Layout setting in registrations controller
7 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
sign_in and sign_up views present og meta infos (#5308)
6 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
5 years ago
Fix styling in /auth/edit (#9117)
5 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
5 years ago
Add autofollow option to invites (#7805) * Add autofollow option to invites * Trigger CodeClimate rebuild
6 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Add autofollow option to invites (#7805) * Add autofollow option to invites * Trigger CodeClimate rebuild
6 years ago
Fix #611 - Layout setting in registrations controller
7 years ago
Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test
7 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Fix settings pages being cacheable by the browser (#12714) Fix #12255
4 years ago
Customizing devise views and controllers
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Auth::RegistrationsController < Devise::RegistrationsController
  4.   layout :determine_layout
  5. 

  6.   before_action :set_invite, only: [:new, :create]
  7.   before_action :check_enabled_registrations, only: [:new, :create]
  8.   before_action :configure_sign_up_params, only: [:create]
  9.   before_action :set_sessions, only: [:edit, :update]
  10.   before_action :set_instance_presenter, only: [:new, :create, :update]
  11.   before_action :set_body_classes, only: [:new, :create, :edit, :update]
  12.   before_action :require_not_suspended!, only: [:update]
  13.   before_action :set_cache_headers, only: [:edit, :update]
  14. 

  15.   skip_before_action :require_functional!, only: [:edit, :update]
  16. 

  17.   def new
  18.     super(&:build_invite_request)
  19.   end
  20. 

  21.   def destroy
  22.     not_found
  23.   end
  24. 

  25.   def update
  26.     super do |resource|
  27.       resource.clear_other_sessions(current_session.session_id) if resource.saved_change_to_encrypted_password?
  28.     end
  29.   end
  30. 

  31.   protected
  32. 

  33.   def update_resource(resource, params)
  34.     params[:password] = nil if Devise.pam_authentication && resource.encrypted_password.blank?
  35. 

  36.     super
  37.   end
  38. 

  39.   def build_resource(hash = nil)
  40.     super(hash)
  41. 

  42.     resource.locale             = I18n.locale
  43.     resource.invite_code        = params[:invite_code] if resource.invite_code.blank?
  44.     resource.current_sign_in_ip = request.remote_ip
  45. 

  46.     resource.build_account if resource.account.nil?
  47.   end
  48. 

  49.   def configure_sign_up_params
  50.     devise_parameter_sanitizer.permit(:sign_up) do |u|
  51.       u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code, :agreement)
  52.     end
  53.   end
  54. 

  55.   def after_sign_up_path_for(_resource)
  56.     auth_setup_path
  57.   end
  58. 

  59.   def after_sign_in_path_for(_resource)
  60.     set_invite
  61. 

  62.     if @invite&.autofollow?
  63.       short_account_path(@invite.user.account)
  64.     else
  65.       super
  66.     end
  67.   end
  68. 

  69.   def after_inactive_sign_up_path_for(_resource)
  70.     new_user_session_path
  71.   end
  72. 

  73.   def after_update_path_for(_resource)
  74.     edit_user_registration_path
  75.   end
  76. 

  77.   def check_enabled_registrations
  78.     redirect_to root_path if single_user_mode? || !allowed_registrations?
  79.   end
  80. 

  81.   def allowed_registrations?
  82.     Setting.registrations_mode != 'none' || @invite&.valid_for_use?
  83.   end
  84. 

  85.   def invite_code
  86.     if params[:user]
  87.       params[:user][:invite_code]
  88.     else
  89.       params[:invite_code]
  90.     end
  91.   end
  92. 

  93.   private
  94. 

  95.   def set_instance_presenter
  96.     @instance_presenter = InstancePresenter.new
  97.   end
  98. 

  99.   def set_body_classes
  100.     @body_classes = %w(edit update).include?(action_name) ? 'admin' : 'lighter'
  101.   end
  102. 

  103.   def set_invite
  104.     invite = invite_code.present? ? Invite.find_by(code: invite_code) : nil
  105.     @invite = invite&.valid_for_use? ? invite : nil
  106.   end
  107. 

  108.   def determine_layout
  109.     %w(edit update).include?(action_name) ? 'admin' : 'auth'
  110.   end
  111. 

  112.   def set_sessions
  113.     @sessions = current_user.session_activations
  114.   end
  115. 

  116.   def require_not_suspended!
  117.     forbidden if current_account.suspended?
  118.   end
  119. 

  120.   def set_cache_headers
  121.     response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
  122.   end
  123. end