Class: CamaleonCms::Admin::SessionsController

Inherits:
CamaleonController show all
Defined in:
app/controllers/camaleon_cms/admin/sessions_controller.rb

Constant Summary

Constants included from UploaderHelper

UploaderHelper::SUSPICIOUS_PATTERNS

Instance Method Summary collapse

Methods inherited from CamaleonController

#captcha, #render_error

Methods included from EmailHelper

#cama_send_email, #cama_send_mail_to_admin, #send_email, #send_password_reset_email, #send_user_confirm_email

Methods included from HooksHelper

#hook_run, #hook_skip, #hooks_run

Methods included from PluginsHelper

#current_plugin, #plugin_asset_path, #plugin_asset_url, #plugin_destroy, #plugin_install, #plugin_layout, #plugin_load_helpers, #plugin_uninstall, #plugin_upgrade, #plugin_view, #plugins_initialize, #self_plugin_key

Methods included from SiteHelper

#cama_current_site_host_port, #cama_get_list_layouts_files, #cama_get_list_template_files, #cama_is_test_request?, #current_locale, #current_site, #current_theme, #site_after_install, #site_install_theme, #site_uninstall_theme

Methods included from UploaderHelper

#cama_crop_image, #cama_file_path_to_url, #cama_resize_and_crop, #cama_resize_upload, #cama_tmp_upload, #cama_uploader, #cama_uploader_generate_thumbnail, #cama_url_to_file_path, #slugify, #slugify_folder, #upload_file, #uploader_verify_name

Methods included from CamaleonHelper

#cama_cache_fetch, #cama_draw_timer, #cama_edit_link, #cama_is_admin_request?, #cama_pluralize_text, #cama_requestAction, #cama_sitemap_cats_generator, #cama_t, #ct

Methods included from CaptchaHelper

#cama_captcha_build, #cama_captcha_increment_attack, #cama_captcha_reset_attack, #cama_captcha_tag, #cama_captcha_tags_if_under_attack, #cama_captcha_total_attacks, #cama_captcha_under_attack?, #cama_captcha_verified?, #captcha_verify_if_under_attack

Methods included from ContentHelper

#cama_content_after_draw, #cama_content_append, #cama_content_before_draw, #cama_content_init, #cama_content_prepend

Methods included from ThemeHelper

#self_theme_key, #theme_asset_file_path, #theme_asset_path, #theme_asset_url, #theme_home_page, #theme_init, #theme_layout, #theme_view

Methods included from ShortCodeHelper

#cama_strip_shortcodes, #do_shortcode, #render_shortcode, #shortcode_add, #shortcode_change_template, #shortcode_delete, #shortcodes_init

Methods included from UserRolesHelper

#cama_get_roles_values

Methods included from HtmlHelper

#append_asset_content, #append_asset_libraries, #append_pre_asset_content, #cama_assets_library_register, #cama_draw_custom_assets, #cama_draw_pre_asset_contents, #cama_get_options_html_from_items, #cama_html_helpers_init, #cama_html_tooltip, #cama_load_libraries

Methods included from SessionHelper

#cama_authenticate, #cama_current_role, #cama_current_user, #cama_get_session_id, #cama_logout_user, #cama_on_heroku?, #cama_register_user, #cama_sign_in?, #cookie_auth_token_complete?, #cookie_split_auth_token, #login_user, #login_user_with_password, #session_back_to_parent, #session_switch_user, #user_auth_token_from_cookie

Instance Method Details

#confirm_emailObject 



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 134

def confirm_email
  @user = current_site.users.new
  if params[:h]
    @user = current_site.users.where(confirm_email_token: params[:h]).first
    if @user.nil?
      flash[:error] = t('camaleon_cms.admin.login.message.confirm_email_token_incorrect')
    elsif @user.confirm_email_sent_at.nil? || @user.confirm_email_sent_at < 2.hours.ago
      flash[:error] = t('camaleon_cms.admin.login.message.confirm_email_token_expired')
    else
      flash[:notice] = t('camaleon_cms.admin.login.message.confirm_email_success')
      @user.is_valid_email = true
      @user.save!
    end
  end
  redirect_to 
end

#forgotObject 



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 64

def forgot
  @user = current_site.users.new
  # get form reset password
  if params[:h]
    @user = current_site.users.where(password_reset_token: params[:h]).first
    if @user.nil?
      flash[:error] = t('camaleon_cms.admin.login.message.forgot_url_incorrect')
      redirect_to cama_admin_forgot_path
      return
    elsif @user.password_reset_sent_at < 2.hours.ago
      flash[:error] = t('camaleon_cms.admin.login.message.forgot_expired')
      redirect_to 
    else
      # saved new password
      if params[:user].present?
        if @user.update(params[:user].permit(:password, :password_confirmation))
          flash[:notice] = t('camaleon_cms.admin.login.message.reset_password_succes')
          redirect_to 
          return
        else
          flash[:error] = t('camaleon_cms.admin.login.message.reset_password_error')
        end
      end
      @form_reset = true
      render 'forgot'
      return
    end
  end

  # TODO: Move this out of the controller
  # send email reset password
  return unless params[:user].present?

  data_user = user_permit_data
  @user = current_site.users.find_by_email(data_user[:email])
  if @user.present?
    send_password_reset_email(@user)
    flash[:notice] = t('camaleon_cms.admin.login.message.send_mail_succes')
    redirect_to 
    nil
  else
    flash[:error] = t('camaleon_cms.admin.login.message.send_mail_error')
    @user = current_site.users.new(data_user)
  end
end

#loginObject

you can pass return_to as a param (mysite.com/admin/login?return_to=my-url) and this will be used after user logged in



11
12
13
14
15
16
17
18
 
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 11

def 
  return redirect_to(params[:return_to].present? ? params[:return_to] : cama_admin_dashboard_path) if signin?

  cookies[:return_to] = params[:return_to] if params[:return_to].present?
  @user ||= current_site.users.new

  render 'login'
end

#login_postObject 



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 20

def 
  data_user = user_permit_data
  @user = current_site.users.find_by_username(data_user[:username])
  captcha_validate = captcha_verify_if_under_attack('login')
  r = { user: @user, params: params, password: data_user[:password], captcha_validate: captcha_validate,
        stop_process: false }
  hooks_run('user_before_login', r)
  return if r[:stop_process] # permit to redirect for data completion

  if captcha_validate && @user && @user.authenticate(data_user[:password])
    # Email validation if is necessary
    if @user.is_valid_email? || !current_site.need_validate_email?
      cama_captcha_reset_attack('login')
      r = { user: @user, redirect_to: params[:format] == 'json' ? false : nil }
      hooks_run('after_login', r)
      (@user, params[:remember_me].present?, r[:redirect_to])
      render(json: flash.discard.to_hash) if params[:format] == 'json'
      return
    else
      flash[:error] = t('camaleon_cms.admin.login.message.email_not_validated')
      @user = current_site.users.new(data_user)
       if params[:format] != 'json'
    end
  else
    cama_captcha_increment_attack('login')
    flash[:error] = if captcha_validate
                      t('camaleon_cms.admin.login.message.fail')
                    else
                      t('camaleon_cms.admin.login.message.invalid_caption')
                    end
    @user = current_site.users.new(data_user)
     if params[:format] != 'json'
  end
  render(json: flash.discard.to_hash) if params[:format] == 'json'
end

#logoutObject 



56
57
58
59
60
61
62
 
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 56

def logout
  if session[:parent_auth_token].present? && cama_sign_in?
    session_back_to_parent(cama_admin_dashboard_path)
  else
    cama_logout_user
  end
end

#registerObject 



110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'app/controllers/camaleon_cms/admin/sessions_controller.rb', line 110

def register
  @user ||= current_site.users.new
  if params[:user].present?
    params[:user][:role] = PluginRoutes.system_info['default_user_role']
    params[:user][:is_valid_email] = false if current_site.need_validate_email?
    user_data = user_permit_data
    result = cama_register_user(user_data, params[:meta])
    if result[:result] == false && result[:type] == :captcha_error
      @user.errors.add(:captcha, t('camaleon_cms.admin.users.message.error_captcha'))
      render 'register'
    elsif result[:result]
      flash[:notice] = result[:message]
      send_user_confirm_email(@user) if current_site.need_validate_email?
      r = { user: @user, redirect_url: result[:redirect_url] }
      hooks_run('user_registered', r)
      redirect_to r[:redirect_url]
    else
      render 'register'
    end
  else
    render 'register'
  end
end