2018-09-14 01:42:05 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2012-11-06 08:30:48 -05:00
|
|
|
class RegistrationsController < Devise::RegistrationsController
|
2015-12-27 12:03:06 -05:00
|
|
|
include Recaptcha::Verify
|
2018-05-17 05:19:47 -04:00
|
|
|
include AcceptsPendingInvitations
|
2012-11-06 08:30:48 -05:00
|
|
|
|
2018-01-15 10:21:04 -05:00
|
|
|
before_action :whitelist_query_limiting, only: [:destroy]
|
2018-06-08 07:20:44 -04:00
|
|
|
before_action :ensure_terms_accepted,
|
|
|
|
if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms? },
|
|
|
|
only: [:create]
|
2018-01-15 10:21:04 -05:00
|
|
|
|
2015-02-05 09:56:28 -05:00
|
|
|
def new
|
|
|
|
redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
|
2015-12-27 12:03:06 -05:00
|
|
|
def create
|
2017-01-03 02:08:21 -05:00
|
|
|
# To avoid duplicate form fields on the login page, the registration form
|
|
|
|
# names fields using `new_user`, but Devise still wants the params in
|
|
|
|
# `user`.
|
|
|
|
if params["new_#{resource_name}"].present? && params[resource_name].blank?
|
|
|
|
params[resource_name] = params.delete(:"new_#{resource_name}")
|
|
|
|
end
|
2016-04-19 16:00:45 -04:00
|
|
|
|
2017-01-03 02:08:21 -05:00
|
|
|
if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
|
2018-05-17 05:19:47 -04:00
|
|
|
accept_pending_invitations
|
2018-06-08 07:20:44 -04:00
|
|
|
super do |new_user|
|
|
|
|
persist_accepted_terms_if_required(new_user)
|
|
|
|
end
|
2015-12-27 12:03:06 -05:00
|
|
|
else
|
2017-01-27 11:25:39 -05:00
|
|
|
flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
|
2015-12-27 12:03:06 -05:00
|
|
|
flash.delete :recaptcha_error
|
|
|
|
render action: 'new'
|
|
|
|
end
|
2017-03-27 05:37:24 -04:00
|
|
|
rescue Gitlab::Access::AccessDeniedError
|
|
|
|
redirect_to(new_user_session_path)
|
2015-12-27 12:03:06 -05:00
|
|
|
end
|
|
|
|
|
2013-02-06 06:44:09 -05:00
|
|
|
def destroy
|
2017-10-06 16:40:41 -04:00
|
|
|
if destroy_confirmation_valid?
|
|
|
|
current_user.delete_async(deleted_by: current_user)
|
|
|
|
session.try(:destroy)
|
|
|
|
redirect_to new_user_session_path, status: 303, notice: s_('Profiles|Account scheduled for removal.')
|
|
|
|
else
|
|
|
|
redirect_to profile_account_path, status: 303, alert: destroy_confirmation_failure_message
|
2013-02-06 06:44:09 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-03-18 07:22:41 -04:00
|
|
|
protected
|
|
|
|
|
2018-06-08 07:20:44 -04:00
|
|
|
def persist_accepted_terms_if_required(new_user)
|
|
|
|
return unless new_user.persisted?
|
|
|
|
return unless Gitlab::CurrentSettings.current_application_settings.enforce_terms?
|
|
|
|
|
|
|
|
if terms_accepted?
|
|
|
|
terms = ApplicationSetting::Term.latest
|
|
|
|
Users::RespondToTermsService.new(new_user, terms).execute(accepted: true)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-10-06 16:40:41 -04:00
|
|
|
def destroy_confirmation_valid?
|
|
|
|
if current_user.confirm_deletion_with_password?
|
|
|
|
current_user.valid_password?(params[:password])
|
|
|
|
else
|
|
|
|
current_user.username == params[:username]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy_confirmation_failure_message
|
|
|
|
if current_user.confirm_deletion_with_password?
|
|
|
|
s_('Profiles|Invalid password')
|
|
|
|
else
|
|
|
|
s_('Profiles|Invalid username')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-08-05 22:03:01 -04:00
|
|
|
def build_resource(hash = nil)
|
2013-03-18 07:22:41 -04:00
|
|
|
super
|
|
|
|
end
|
|
|
|
|
2016-05-06 16:59:45 -04:00
|
|
|
def after_sign_up_path_for(user)
|
2017-08-23 00:40:16 -04:00
|
|
|
Gitlab::AppLogger.info("User Created: username=#{user.username} email=#{user.email} ip=#{request.remote_ip} confirmed:#{user.confirmed?}")
|
2018-05-17 05:19:47 -04:00
|
|
|
user.confirmed? ? stored_location_for(user) || dashboard_projects_path : users_almost_there_path
|
2014-07-04 08:19:59 -04:00
|
|
|
end
|
|
|
|
|
2017-08-23 00:40:16 -04:00
|
|
|
def after_inactive_sign_up_path_for(resource)
|
|
|
|
Gitlab::AppLogger.info("User Created: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip} confirmed:false")
|
2016-03-11 11:14:29 -05:00
|
|
|
users_almost_there_path
|
2014-07-04 08:19:59 -04:00
|
|
|
end
|
|
|
|
|
2012-11-06 08:30:48 -05:00
|
|
|
private
|
|
|
|
|
2014-07-10 13:31:05 -04:00
|
|
|
def sign_up_params
|
2016-11-11 19:47:32 -05:00
|
|
|
params.require(:user).permit(:username, :email, :email_confirmation, :name, :password)
|
2014-07-10 13:31:05 -04:00
|
|
|
end
|
2015-12-27 12:03:06 -05:00
|
|
|
|
|
|
|
def resource_name
|
|
|
|
:user
|
|
|
|
end
|
|
|
|
|
|
|
|
def resource
|
2017-04-13 04:47:52 -04:00
|
|
|
@resource ||= Users::BuildService.new(current_user, sign_up_params).execute
|
2015-12-27 12:03:06 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def devise_mapping
|
|
|
|
@devise_mapping ||= Devise.mappings[:user]
|
|
|
|
end
|
2018-01-15 10:21:04 -05:00
|
|
|
|
|
|
|
def whitelist_query_limiting
|
|
|
|
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42380')
|
|
|
|
end
|
2018-06-08 07:20:44 -04:00
|
|
|
|
|
|
|
def ensure_terms_accepted
|
|
|
|
return if terms_accepted?
|
|
|
|
|
|
|
|
redirect_to new_user_session_path, alert: _('You must accept our Terms of Service and privacy policy in order to register an account')
|
|
|
|
end
|
|
|
|
|
|
|
|
def terms_accepted?
|
|
|
|
Gitlab::Utils.to_boolean(params[:terms_opt_in])
|
|
|
|
end
|
2013-03-18 07:22:41 -04:00
|
|
|
end
|