closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8447 Commits
4 Branches
567 MiB
Tree: daf71573d0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'daf71573d0'
${ noResults }
mastodon/app/controllers/auth/registrations_controller.rb

124 lines
3.1 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Customizing devise views and controllers
8 years ago
Fix #611 - Layout setting in registrations controller
7 years ago
Customizing devise views and controllers
8 years ago
Add autofollow option to invites (#7805) * Add autofollow option to invites * Trigger CodeClimate rebuild
6 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
Improve code style
7 years ago
Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test
7 years ago
Set InstancePresenter to `Auth::RegistrationsController#create` (#5366)
6 years ago
Fix styling in /auth/edit (#9117)
5 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Fix settings pages being cacheable by the browser (#12714) Fix #12255
4 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Customizing devise views and controllers
8 years ago
Add "why do you want to join" field to invite requests (#10524) * Add "why do you want to join" field to invite requests Fix #10512 * Remove unused translations * Fix broken registrations when no invite request text is submitted
5 years ago
Fix Devise destroy method being available to delete user record (#3266) (You may think that we need account deletions, but this way would've just orphaned the db records)
7 years ago
Fix password change/reset not immediately invalidating other sessions (#12928) While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
4 years ago
Customizing devise views and controllers
8 years ago
pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
6 years ago
Fix password change/reset not immediately invalidating other sessions (#12928) While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
4 years ago
pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
6 years ago
Customizing devise views and controllers
8 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Add "why do you want to join" field to invite requests (#10524) * Add "why do you want to join" field to invite requests Fix #10512 * Remove unused translations * Fix broken registrations when no invite request text is submitted
5 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Improve code style
7 years ago
Customizing devise views and controllers
8 years ago
Upgrade to Rails 5.0.0.1
7 years ago
Add "why do you want to join" field to invite requests (#10524) * Add "why do you want to join" field to invite requests Fix #10512 * Remove unused translations * Fix broken registrations when no invite request text is submitted
5 years ago
Customizing devise views and controllers
8 years ago
Moving Salmon notifications to background processing, fixing mini-profiler behaviour with Turbolinks enabled, optimizing Rabl for production
8 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Customizing devise views and controllers
8 years ago
Add single user mode
7 years ago
If signed in, redirect autofollow invite to profile page (#7956) Fix #7944
5 years ago
Fix #390 - fix redirect after sign-up (to login page instead of homepage)
7 years ago
Add confirmation step for email changes (#6071) * Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes
6 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Admission-based registrations mode (#10250) Fix #6856 Fix #6951
5 years ago
Add consumable invites (#5814) * Add consumable invites * Add UI for generating invite codes * Add tests * Display max uses and expiration in invites table, delete invite * Remove unused column and redundant validator - Default follows not used, probably bad idea - InviteCodeValidator is redundant because RegistrationsController checks invite code validity * Add admin setting to disable invites * Add admin UI for invites, configurable role for invite creation - Admin UI that lists everyone's invites, always available - Admin setting min_invite_role to control who can invite people - Non-admin invite UI only visible if users are allowed to * Do not remove invites from database, expire them instantly
6 years ago
Add single user mode
7 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
Fix #611 - Layout setting in registrations controller
7 years ago
New admin setting: open/close registrations, with custom message, from the admin UI
7 years ago
sign_in and sign_up views present og meta infos (#5308)
6 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
5 years ago
Fix styling in /auth/edit (#9117)
5 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
5 years ago
Add autofollow option to invites (#7805) * Add autofollow option to invites * Trigger CodeClimate rebuild
6 years ago
Check that an invite link is valid before bypassing approval mode (#10657) * Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
5 years ago
Add autofollow option to invites (#7805) * Add autofollow option to invites * Trigger CodeClimate rebuild
6 years ago
Fix #611 - Layout setting in registrations controller
7 years ago
Add overview of active sessions (#3929) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test
7 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Fix settings pages being cacheable by the browser (#12714) Fix #12255
4 years ago
Customizing devise views and controllers
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Auth::RegistrationsController < Devise::RegistrationsController
  4.   layout :determine_layout
  5. 

  6.   before_action :set_invite, only: [:new, :create]
  7.   before_action :check_enabled_registrations, only: [:new, :create]
  8.   before_action :configure_sign_up_params, only: [:create]
  9.   before_action :set_sessions, only: [:edit, :update]
  10.   before_action :set_instance_presenter, only: [:new, :create, :update]
  11.   before_action :set_body_classes, only: [:new, :create, :edit, :update]
  12.   before_action :require_not_suspended!, only: [:update]
  13.   before_action :set_cache_headers, only: [:edit, :update]
  14. 

  15.   skip_before_action :require_functional!, only: [:edit, :update]
  16. 

  17.   def new
  18.     super(&:build_invite_request)
  19.   end
  20. 

  21.   def destroy
  22.     not_found
  23.   end
  24. 

  25.   def update
  26.     super do |resource|
  27.       resource.clear_other_sessions(current_session.session_id) if resource.saved_change_to_encrypted_password?
  28.     end
  29.   end
  30. 

  31.   protected
  32. 

  33.   def update_resource(resource, params)
  34.     params[:password] = nil if Devise.pam_authentication && resource.encrypted_password.blank?
  35. 

  36.     super
  37.   end
  38. 

  39.   def build_resource(hash = nil)
  40.     super(hash)
  41. 

  42.     resource.locale             = I18n.locale
  43.     resource.invite_code        = params[:invite_code] if resource.invite_code.blank?
  44.     resource.agreement          = true
  45.     resource.current_sign_in_ip = request.remote_ip
  46. 

  47.     resource.build_account if resource.account.nil?
  48.   end
  49. 

  50.   def configure_sign_up_params
  51.     devise_parameter_sanitizer.permit(:sign_up) do |u|
  52.       u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code)
  53.     end
  54.   end
  55. 

  56.   def after_sign_up_path_for(_resource)
  57.     auth_setup_path
  58.   end
  59. 

  60.   def after_sign_in_path_for(_resource)
  61.     set_invite
  62. 

  63.     if @invite&.autofollow?
  64.       short_account_path(@invite.user.account)
  65.     else
  66.       super
  67.     end
  68.   end
  69. 

  70.   def after_inactive_sign_up_path_for(_resource)
  71.     new_user_session_path
  72.   end
  73. 

  74.   def after_update_path_for(_resource)
  75.     edit_user_registration_path
  76.   end
  77. 

  78.   def check_enabled_registrations
  79.     redirect_to root_path if single_user_mode? || !allowed_registrations?
  80.   end
  81. 

  82.   def allowed_registrations?
  83.     Setting.registrations_mode != 'none' || @invite&.valid_for_use?
  84.   end
  85. 

  86.   def invite_code
  87.     if params[:user]
  88.       params[:user][:invite_code]
  89.     else
  90.       params[:invite_code]
  91.     end
  92.   end
  93. 

  94.   private
  95. 

  96.   def set_instance_presenter
  97.     @instance_presenter = InstancePresenter.new
  98.   end
  99. 

  100.   def set_body_classes
  101.     @body_classes = %w(edit update).include?(action_name) ? 'admin' : 'lighter'
  102.   end
  103. 

  104.   def set_invite
  105.     invite = invite_code.present? ? Invite.find_by(code: invite_code) : nil
  106.     @invite = invite&.valid_for_use? ? invite : nil
  107.   end
  108. 

  109.   def determine_layout
  110.     %w(edit update).include?(action_name) ? 'admin' : 'auth'
  111.   end
  112. 

  113.   def set_sessions
  114.     @sessions = current_user.session_activations
  115.   end
  116. 

  117.   def require_not_suspended!
  118.     forbidden if current_account.suspended?
  119.   end
  120. 

  121.   def set_cache_headers
  122.     response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
  123.   end
  124. end