gitlab-org--gitlab-foss/app/controllers/registrations_controller.rb

class RegistrationsController < Devise::RegistrationsController
  include Recaptcha::Verify

  before_action :whitelist_query_limiting, only: [:destroy]

  def new
    redirect_to(new_user_session_path)
  end

  def create
    # To avoid duplicate form fields on the login page, the registration form
    # names fields using `new_user`, but Devise still wants the params in
    # `user`.
    if params["new_#{resource_name}"].present? && params[resource_name].blank?
      params[resource_name] = params.delete(:"new_#{resource_name}")
    end

    if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
      super
    else
      flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
      flash.delete :recaptcha_error
      render action: 'new'
    end
  rescue Gitlab::Access::AccessDeniedError
    redirect_to(new_user_session_path)
  end

  def destroy
    if destroy_confirmation_valid?
      current_user.delete_async(deleted_by: current_user)
      session.try(:destroy)
      redirect_to new_user_session_path, status: 303, notice: s_('Profiles|Account scheduled for removal.')
    else
      redirect_to profile_account_path, status: 303, alert: destroy_confirmation_failure_message
    end
  end

  protected

  def destroy_confirmation_valid?
    if current_user.confirm_deletion_with_password?
      current_user.valid_password?(params[:password])
    else
      current_user.username == params[:username]
    end
  end

  def destroy_confirmation_failure_message
    if current_user.confirm_deletion_with_password?
      s_('Profiles|Invalid password')
    else
      s_('Profiles|Invalid username')
    end
  end

  def build_resource(hash = nil)
    super
  end

  def after_sign_up_path_for(user)
    Gitlab::AppLogger.info("User Created: username=#{user.username} email=#{user.email} ip=#{request.remote_ip} confirmed:#{user.confirmed?}")
    user.confirmed? ? dashboard_projects_path : users_almost_there_path
  end

  def after_inactive_sign_up_path_for(resource)
    Gitlab::AppLogger.info("User Created: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip} confirmed:false")
    users_almost_there_path
  end

  private

  def sign_up_params
    params.require(:user).permit(:username, :email, :email_confirmation, :name, :password)
  end

  def resource_name
    :user
  end

  def resource
    @resource ||= Users::BuildService.new(current_user, sign_up_params).execute
  end

  def devise_mapping
    @devise_mapping ||= Devise.mappings[:user]
  end

  def whitelist_query_limiting
    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42380')
  end
end
Add optional signup. 2012-11-06 13:30:48 +00:00			`class RegistrationsController < Devise::RegistrationsController`
Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 17:03:06 +00:00			`include Recaptcha::Verify`
Add optional signup. 2012-11-06 13:30:48 +00:00
Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 15:21:04 +00:00			`before_action :whitelist_query_limiting, only: [:destroy]`

Redirect signup page to signin page. Resolves #1916. 2015-02-05 14:56:28 +00:00			`def new`
			`redirect_to(new_user_session_path)`
			`end`

Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 17:03:06 +00:00			`def create`
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 07:08:21 +00:00			`# To avoid duplicate form fields on the login page, the registration form`
			# names fields using `new_user`, but Devise still wants the params in
			# `user`.
			`if params["new_#{resource_name}"].present? && params[resource_name].blank?`
			`params[resource_name] = params.delete(:"new_#{resource_name}")`
			`end`
Improve uniqueness of field names on the signup form Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15075 2016-04-19 20:00:45 +00:00
Properly handle failed reCAPTCHA on user registration If a user presses the 'Register' button too quickly after attempting to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the user would experience a 500 error. Now, the case is properly handled and the user will be sent back to the registration page with a clear error message and can try again. 2017-01-03 07:08:21 +00:00			`if !Gitlab::Recaptcha.load_configurations! \|\| verify_recaptcha`
Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 17:03:06 +00:00			`super`
			`else`
Use reCaptcha when an issue identified as spam 2017-01-27 16:25:39 +00:00			`flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'`
Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 17:03:06 +00:00			`flash.delete :recaptcha_error`
			`render action: 'new'`
			`end`
Implement new service for creating user 2017-03-27 09:37:24 +00:00			`rescue Gitlab::Access::AccessDeniedError`
			`redirect_to(new_user_session_path)`
Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 17:03:06 +00:00			`end`

Add user delete option. 2013-02-06 11:44:09 +00:00			`def destroy`
Show confirmation modal before deleting account 2017-10-06 20:40:41 +00:00			`if destroy_confirmation_valid?`
			`current_user.delete_async(deleted_by: current_user)`
			`session.try(:destroy)`
			`redirect_to new_user_session_path, status: 303, notice: s_('Profiles\|Account scheduled for removal.')`
			`else`
			`redirect_to profile_account_path, status: 303, alert: destroy_confirmation_failure_message`
Add user delete option. 2013-02-06 11:44:09 +00:00			`end`
			`end`

Fix project_limit being ignored on signup 2013-03-18 11:22:41 +00:00			`protected`

Show confirmation modal before deleting account 2017-10-06 20:40:41 +00:00			`def destroy_confirmation_valid?`
			`if current_user.confirm_deletion_with_password?`
			`current_user.valid_password?(params[:password])`
			`else`
			`current_user.username == params[:username]`
			`end`
			`end`

			`def destroy_confirmation_failure_message`
			`if current_user.confirm_deletion_with_password?`
			`s_('Profiles\|Invalid password')`
			`else`
			`s_('Profiles\|Invalid username')`
			`end`
			`end`

Enable Style/SpaceAroundEqualsInParameterDefault cop 2016-08-06 02:03:01 +00:00			`def build_resource(hash = nil)`
Fix project_limit being ignored on signup 2013-03-18 11:22:41 +00:00			`super`
			`end`

Change landing page when skipping confirmation email and add documentation 2016-05-06 20:59:45 +00:00			`def after_sign_up_path_for(user)`
# This is a combination of 1 commit. # This is the 1st commit message: Add logging for all web authentication events # This is the commit message #2: Re-add underscore to after_inactive_sign_up_path_for # This is the commit message #3: Standardize on username= # This is the commit message #4: after_filter -> after_action, _resource -> resource # This is the commit message #5: Add two-factor login failures and account lockouts # This is the commit message #6: Move logging from two-factor concern to user model # This is the commit message #7: Add spaces around default parameter assignments # This is the commit message #8: Move logs out of user model # This is the commit message #9: Replace filtered_params with user_params # This is the commit message #10: Standardize case # This is the commit message #1: Fixes for username and AppLogger.info 2017-08-23 04:40:16 +00:00			`Gitlab::AppLogger.info("User Created: username=#{user.username} email=#{user.email} ip=#{request.remote_ip} confirmed:#{user.confirmed?}")`
current_user.confirmed_at.present? => current_user.confirmed? 2016-05-20 17:52:42 +00:00			`user.confirmed? ? dashboard_projects_path : users_almost_there_path`
Redirect to sign in page after signup, this will show the correct flash message. 2014-07-04 12:19:59 +00:00			`end`

# This is a combination of 1 commit. # This is the 1st commit message: Add logging for all web authentication events # This is the commit message #2: Re-add underscore to after_inactive_sign_up_path_for # This is the commit message #3: Standardize on username= # This is the commit message #4: after_filter -> after_action, _resource -> resource # This is the commit message #5: Add two-factor login failures and account lockouts # This is the commit message #6: Move logging from two-factor concern to user model # This is the commit message #7: Add spaces around default parameter assignments # This is the commit message #8: Move logs out of user model # This is the commit message #9: Replace filtered_params with user_params # This is the commit message #10: Standardize case # This is the commit message #1: Fixes for username and AppLogger.info 2017-08-23 04:40:16 +00:00			`def after_inactive_sign_up_path_for(resource)`
			`Gitlab::AppLogger.info("User Created: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip} confirmed:false")`
Improved confirmation UX Closes #4228 2016-03-11 16:14:29 +00:00			`users_almost_there_path`
Redirect to sign in page after signup, this will show the correct flash message. 2014-07-04 12:19:59 +00:00			`end`

Add optional signup. 2012-11-06 13:30:48 +00:00			`private`

Override strong params for sign up. 2014-07-10 17:31:05 +00:00			`def sign_up_params`
Add email and password confirmation fields to registration form It's too easy to mistype an email or password when signing up. The support team is receiving an increasing number of requests because users mistype their email. We can eliminate this problem by requiring users to confirm the email before registering. The same issue can occur for the password field so we should add this, too. We should note that password confirmation is part of the default Devise forms. I don't know why/when GitLab removed it. 2016-11-12 00:47:32 +00:00			`params.require(:user).permit(:username, :email, :email_confirmation, :name, :password)`
Override strong params for sign up. 2014-07-10 17:31:05 +00:00			`end`
Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 17:03:06 +00:00
			`def resource_name`
			`:user`
			`end`

			`def resource`
Implement Users::BuildService 2017-04-13 08:47:52 +00:00			`@resource \|\|= Users::BuildService.new(current_user, sign_up_params).execute`
Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 17:03:06 +00:00			`end`

			`def devise_mapping`
			`@devise_mapping \|\|= Devise.mappings[:user]`
			`end`
Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 15:21:04 +00:00
			`def whitelist_query_limiting`
			`Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42380')`
			`end`
Fix project_limit being ignored on signup 2013-03-18 11:22:41 +00:00			`end`