ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Allow users to edit their own settings

Browse Source 
Also, don't use the flash anymore for going back to the referer.
This commit is contained in:
Eelco Dolstra
2013-03-04 15:25:23 +01:00
parent f831287d4b
commit a77161e40a
12 changed files with 207 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
src/lib/Hydra/Controller/User.pm
View File

@ -1,8 +1,10 @@
package Hydra::Controller::User;
use utf8;
use strict;
use warnings;
use base 'Catalyst::Controller';
use Crypt::RandPasswd;
use Digest::SHA1 qw(sha1_hex);
use Hydra::Helper::Nix;
use Hydra::Helper::CatalystUtils;
@ -17,23 +19,17 @@ sub login :Local {
my $username = $c->request->params->{username} || "";
my $password = $c->request->params->{password} || "";
if ($username eq "" && $password eq "" && !defined $c->flash->{referer}) {
if ($username eq "" && $password eq "" && !defined $c->session->{referer}) {
my $baseurl = $c->uri_for('/');
my $refurl = $c->request->referer;
$c->flash->{referer} = $refurl if $refurl =~ m/^($baseurl)/;
my $referer = $c->request->referer;
$c->session->{referer} = $referer if defined $referer && $referer =~ m/^($baseurl)/;
}
if ($username && $password) {
if ($c->authenticate({username => $username, password => $password})) {
$c->response->redirect($c->flash->{referer} || $c->uri_for('/'));
$c->flash->{referer} = undef;
return;
}
backToReferer($c) if $c->authenticate({username => $username, password => $password});
$c->stash->{errorMsg} = "Bad username or password.";
}
$c->keep_flash("referer");
$c->stash->{template} = 'login.tt';
}
@ -51,6 +47,18 @@ sub captcha :Local Args(0) {
}
sub isValidPassword {
my ($password) = @_;
return length($password) >= 6;
}
sub setPassword {
my ($user, $password) = @_;
$user->update({ password => sha1_hex($password) });
}
sub register :Local Args(0) {
my ($self, $c) = @_;
@ -81,7 +89,7 @@ sub register :Local Args(0) {
return fail($c, "Your must specify your full name.") if $fullName eq "";
return fail($c, "You must specify a password of at least 6 characters.")
if length($password) < 6;
unless isValidPassword($password);
return fail($c, "The passwords you specified did not match.")
if $password ne trim $c->req->params->{password2};
@ -90,22 +98,111 @@ sub register :Local Args(0) {
my $user = $c->model('DB::Users')->create(
{ username => $userName
, fullname => $fullName
, password => sha1_hex($password)
, password => "!"
, emailaddress => "",
});
setPassword($user, $password);
});
$c->authenticate({username => $userName, password => $password})
or error($c, "Unable to authenticate the new user!");
unless ($c->user_exists) {
$c->authenticate({username => $userName, password => $password})
or error($c, "Unable to authenticate the new user!");
}
$c->flash->{successMsg} = "User <tt>$userName</tt> has been created.";
$c->response->redirect($c->flash->{referer} || $c->uri_for('/'));
backToReferer($c);
}
sub preferences :Local Args(0) {
sub user :Chained('/') PathPart('user') CaptureArgs(1) {
my ($self, $c, $userName) = @_;
requireLogin($c) if !$c->user_exists;
error($c, "You do not have permission to edit other users.")
if $userName ne $c->user->username && !isAdmin($c);
$c->stash->{user} = $c->model('DB::Users')->find($userName)
or notFound($c, "User $userName doesn't exist.");
}
sub deleteUser {
my ($self, $c, $user) = @_;
my ($project) = $c->model('DB::Projects')->search({ owner => $user->username });
error($c, "User " . $user->username . " is still owner of project " . $project->name . ".")
if defined $project;
$c->logout() if $user->username eq $c->user->username;
$user->delete;
}
sub edit :Chained('user') Args(0) {
my ($self, $c) = @_;
error($c, "Not implemented.");
my $user = $c->stash->{user};
$c->stash->{template} = 'user.tt';
$c->session->{referer} = $c->request->referer if !defined $c->session->{referer};
if ($c->request->method ne "POST") {
$c->stash->{fullname} = $user->fullname;
$c->stash->{emailonerror} = $user->emailonerror;
return;
}
if (($c->request->params->{submit} // "") eq "delete") {
deleteUser($self, $c, $user);
backToReferer($c);
}
if (($c->request->params->{submit} // "") eq "reset-password") {
$c->stash->{json} = {};
error($c, "No email address is set for this user.")
unless $user->emailaddress;
my $password = Crypt::RandPasswd->word(8,10);
setPassword($user, $password);
sendEmail($c,
$user->emailaddress,
"Hydra password reset",
"Hi,\n\n".
"Your password has been reset. Your new password is '$password'.\n\n".
"You can change your password at " . $c->uri_for($self->action_for('edit'), [$user->username]) . ".\n\n".
"With regards,\n\nHydra.\n"
);
return;
}
my $fullName = trim $c->req->params->{fullname};
txn_do($c->model('DB')->schema, sub {
error($c, "Your must specify your full name.") if $fullName eq "";
$user->update(
{ fullname => $fullName
, emailonerror => $c->request->params->{"emailonerror"} ? 1 : 0
});
my $password = $c->req->params->{password} // "";
if ($password ne "") {
error($c, "You must specify a password of at least 6 characters.")
unless isValidPassword($password);
error($c, "The passwords you specified did not match.")
if $password ne trim $c->req->params->{password2};
setPassword($user, $password);
}
if (isAdmin($c)) {
$user->userroles->delete_all;
$user->userroles->create({ role => $_})
foreach paramToList($c, "roles");
}
});
backToReferer($c);
}