blob: f92ae1ca9a6ae28d465e2fbcbb63c55d13e7d3a5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
class SessionsController < ApplicationController
before_filter :redirect_to_https
skip_before_filter :home_breadcrumb
def new
end
def create
user = User.find_by_email(params[:sessions][:login_data].downcase.strip)
if user.nil?
user = User.find_by_user_name(params[:sessions][:login_data].downcase.strip)
end
if user && user.authenticate(params[:sessions][:password])
session[:user_id] = user.id
redirect_to tenant_user_path(user.current_tenant, user), :notice => t('sessions.controller.successfully_created', :resource => user)
elsif user && !user.email.blank? && params[:sessions][:reset_password] =~ (/(1|t|y|yes|true)$/i)
password = SecureRandom.base64(8)[0..7]
if user.update_attributes(:password => password)
Notifications.new_password(user, password).deliver
flash.now.notice = t('sessions.flash_messages.password_recovery_successful', :resource => user)
else
flash.now.alert = t('sessions.flash_messages.password_recovery_failed', :resource => user)
end
render "new"
else
flash.now.alert = t('sessions.flash_messages.invalid_email_or_password', :resource => user)
render "new"
end
end
def destroy
session[:user_id] = nil
redirect_to root_url, :notice => t('sessions.controller.successfully_destroyed')
end
private
def redirect_to_https
if GUI_REDIRECT_HTTPS and ! request.ssl?
redirect_to :protocol => "https://"
end
end
end
|
