gitlab-org--gitlab-foss/app/controllers/profiles_controller.rb

class ProfilesController < ApplicationController
  include ActionView::Helpers::SanitizeHelper

  before_filter :user
  before_filter :authorize_change_password!, only: :update_password
  before_filter :authorize_change_username!, only: :update_username

  layout 'profile'

  def show
  end

  def design
  end

  def account
  end

  def update
    if @user.update_attributes(params[:user])
      flash[:notice] = "Profile was successfully updated"
    else
      flash[:alert] = "Failed to update profile"
    end

    respond_to do |format|
      format.html { redirect_to :back }
      format.js
    end
  end

  def token
  end

  def update_password
    password_attributes = params[:user].select do |key, value|
      %w(password password_confirmation).include?(key.to_s)
    end

    unless @user.valid_password?(params[:user][:current_password])
      redirect_to account_profile_path, alert: 'You must provide a valid current password'
      return
    end

    if @user.update_attributes(password_attributes)
      flash[:notice] = "Password was successfully updated. Please login with it"
      redirect_to new_user_session_path
    else
      render 'account'
    end
  end

  def reset_private_token
    if current_user.reset_authentication_token!
      flash[:notice] = "Token was successfully updated"
    end

    redirect_to account_profile_path
  end

  def history
    @events = current_user.recent_events.page(params[:page]).per(20)
  end

  def update_username
    @user.update_attributes(username: params[:user][:username])

    respond_to do |format|
      format.js
    end
  end

  private

  def user
    @user = current_user
  end

  def authorize_change_password!
    return render_404 if @user.ldap_user?
  end

  def authorize_change_username!
    return render_404 unless @user.can_change_username?
  end
end
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`class ProfilesController < ApplicationController`
Sanitize user profile input 2013-02-25 20:51:15 +00:00			`include ActionView::Helpers::SanitizeHelper`

Backend Refactoring 2012-07-31 05:32:49 +00:00			`before_filter :user`
Dont allow LDAP users to change password inside GitLab 2013-05-24 14:12:27 +00:00			`before_filter :authorize_change_password!, only: :update_password`
			`before_filter :authorize_change_username!, only: :update_username`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`layout 'profile'`
Backend Refactoring 2012-07-31 05:32:49 +00:00
init commit 2011-10-08 21:36:38 +00:00			`def show`
			`end`

Design tab for profile. Colorscheme as db value 2011-12-20 20:47:09 +00:00			`def design`
			`end`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`def account`
			`end`

Design tab for profile. Colorscheme as db value 2011-12-20 20:47:09 +00:00			`def update`
Sanitize user attrs on model level 2013-07-10 10:48:03 +00:00			`if @user.update_attributes(params[:user])`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`flash[:notice] = "Profile was successfully updated"`
			`else`
			`flash[:alert] = "Failed to update profile"`
			`end`
Improve user feedback on the Profile > Design page - Header changes immediately without a page reload - Lets the user know that we actually saved their setting when changed 2012-11-21 20:01:40 +00:00
			`respond_to do \|format\|`
			`format.html { redirect_to :back }`
			`format.js`
			`end`
extended user profile with social fields 2011-10-19 22:34:05 +00:00			`end`

Password & token split up, icon to button for top panel 2012-05-19 09:00:46 +00:00			`def token`
			`end`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`def update_password`
Fix password update 2013-09-24 19:12:48 +00:00			`password_attributes = params[:user].select do \|key, value\|`
			`%w(password password_confirmation).include?(key.to_s)`
Force user to provide old password in order to change it 2013-09-24 07:48:36 +00:00			`end`

			`unless @user.valid_password?(params[:user][:current_password])`
			`redirect_to account_profile_path, alert: 'You must provide a valid current password'`
			`return`
			`end`
init commit 2011-10-08 21:36:38 +00:00
Fix password update 2013-09-24 19:12:48 +00:00			`if @user.update_attributes(password_attributes)`
init commit 2011-10-08 21:36:38 +00:00			`flash[:notice] = "Password was successfully updated. Please login with it"`
			`redirect_to new_user_session_path`
			`else`
Fix rendered action for password change failure Closes #1912 2012-11-04 21:47:37 +00:00			`render 'account'`
init commit 2011-10-08 21:36:38 +00:00			`end`
			`end`
allow user to reset his private token 2011-11-15 13:08:20 +00:00
			`def reset_private_token`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`if current_user.reset_authentication_token!`
			`flash[:notice] = "Token was successfully updated"`
			`end`

			`redirect_to account_profile_path`
allow user to reset his private token 2011-11-15 13:08:20 +00:00			`end`
Backend Refactoring 2012-07-31 05:32:49 +00:00
Refactored profile area 2012-09-14 16:13:25 +00:00			`def history`
			`@events = current_user.recent_events.page(params[:page]).per(20)`
			`end`

Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00			`def update_username`
Dont allow LDAP users to change password inside GitLab 2013-05-24 14:12:27 +00:00			`@user.update_attributes(username: params[:user][:username])`
Refactored profile to resource. Added missing flash notice on successfull updated. Update username via ajax 2012-12-02 11:29:24 +00:00
			`respond_to do \|format\|`
			`format.js`
			`end`
			`end`

Refactored profile area 2012-09-14 16:13:25 +00:00			`private`
Backend Refactoring 2012-07-31 05:32:49 +00:00
			`def user`
			`@user = current_user`
			`end`
Sanitize user profile input 2013-02-25 20:51:15 +00:00
Dont allow LDAP users to change password inside GitLab 2013-05-24 14:12:27 +00:00			`def authorize_change_password!`
			`return render_404 if @user.ldap_user?`
			`end`

			`def authorize_change_username!`
			`return render_404 unless @user.can_change_username?`
			`end`
init commit 2011-10-08 21:36:38 +00:00			`end`