2018-09-14 01:42:05 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2012-11-06 08:30:48 -05:00
|
|
|
class RegistrationsController < Devise::RegistrationsController
|
2015-12-27 12:03:06 -05:00
|
|
|
include Recaptcha::Verify
|
2018-05-17 05:19:47 -04:00
|
|
|
include AcceptsPendingInvitations
|
2020-11-16 07:09:05 -05:00
|
|
|
include RecaptchaHelper
|
2020-03-04 07:07:52 -05:00
|
|
|
include InvisibleCaptchaOnSignup
|
2021-10-13 14:12:40 -04:00
|
|
|
include OneTrustCSP
|
2012-11-06 08:30:48 -05:00
|
|
|
|
2020-11-05 22:09:19 -05:00
|
|
|
layout 'devise'
|
2019-10-07 11:05:59 -04:00
|
|
|
|
2019-05-13 12:04:09 -04:00
|
|
|
prepend_before_action :check_captcha, only: :create
|
2021-03-29 20:09:26 -04:00
|
|
|
before_action :ensure_destroy_prerequisites_met, only: [:destroy]
|
2020-02-06 22:08:59 -05:00
|
|
|
before_action :load_recaptcha, only: :new
|
2020-11-02 22:08:56 -05:00
|
|
|
before_action :set_invite_params, only: :new
|
2018-01-15 10:21:04 -05:00
|
|
|
|
2020-10-05 08:08:47 -04:00
|
|
|
feature_category :authentication_and_authorization
|
|
|
|
|
2015-02-05 09:56:28 -05:00
|
|
|
def new
|
2020-11-02 22:08:56 -05:00
|
|
|
@resource = build_resource
|
2015-02-05 09:56:28 -05:00
|
|
|
end
|
|
|
|
|
2015-12-27 12:03:06 -05:00
|
|
|
def create
|
2020-10-08 11:08:17 -04:00
|
|
|
set_user_state
|
2019-05-13 12:04:09 -04:00
|
|
|
|
|
|
|
super do |new_user|
|
2021-08-31 05:08:57 -04:00
|
|
|
accept_pending_invitations if new_user.persisted?
|
|
|
|
|
2019-05-13 12:04:09 -04:00
|
|
|
persist_accepted_terms_if_required(new_user)
|
2019-10-18 17:06:37 -04:00
|
|
|
set_role_required(new_user)
|
2020-11-12 19:09:49 -05:00
|
|
|
|
|
|
|
if pending_approval?
|
|
|
|
NotificationService.new.new_instance_access_request(new_user)
|
|
|
|
end
|
|
|
|
|
2021-01-28 01:08:59 -05:00
|
|
|
after_request_hook(new_user)
|
|
|
|
|
2019-09-06 12:23:14 -04:00
|
|
|
yield new_user if block_given?
|
2015-12-27 12:03:06 -05:00
|
|
|
end
|
2019-10-18 17:06:37 -04:00
|
|
|
|
2020-10-08 11:08:17 -04:00
|
|
|
# Devise sets a flash message on both successful & failed signups,
|
|
|
|
# but we only want to show a message if the resource is blocked by a pending approval.
|
|
|
|
flash[:notice] = nil unless resource.blocked_pending_approval?
|
2017-03-27 05:37:24 -04:00
|
|
|
rescue Gitlab::Access::AccessDeniedError
|
|
|
|
redirect_to(new_user_session_path)
|
2015-12-27 12:03:06 -05:00
|
|
|
end
|
|
|
|
|
2013-02-06 06:44:09 -05:00
|
|
|
def destroy
|
2021-10-12 08:09:36 -04:00
|
|
|
if current_user.required_terms_not_accepted?
|
|
|
|
redirect_to profile_account_path, status: :see_other, alert: s_('Profiles|You must accept the Terms of Service in order to perform this action.')
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-10-06 16:40:41 -04:00
|
|
|
if destroy_confirmation_valid?
|
|
|
|
current_user.delete_async(deleted_by: current_user)
|
|
|
|
session.try(:destroy)
|
2019-11-17 07:06:19 -05:00
|
|
|
redirect_to new_user_session_path, status: :see_other, notice: s_('Profiles|Account scheduled for removal.')
|
2017-10-06 16:40:41 -04:00
|
|
|
else
|
2019-11-17 07:06:19 -05:00
|
|
|
redirect_to profile_account_path, status: :see_other, alert: destroy_confirmation_failure_message
|
2013-02-06 06:44:09 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-03-18 07:22:41 -04:00
|
|
|
protected
|
|
|
|
|
2018-06-08 07:20:44 -04:00
|
|
|
def persist_accepted_terms_if_required(new_user)
|
|
|
|
return unless new_user.persisted?
|
|
|
|
return unless Gitlab::CurrentSettings.current_application_settings.enforce_terms?
|
|
|
|
|
2020-10-12 14:08:31 -04:00
|
|
|
terms = ApplicationSetting::Term.latest
|
|
|
|
Users::RespondToTermsService.new(new_user, terms).execute(accepted: true)
|
2018-06-08 07:20:44 -04:00
|
|
|
end
|
|
|
|
|
2019-10-18 17:06:37 -04:00
|
|
|
def set_role_required(new_user)
|
2020-09-10 11:09:10 -04:00
|
|
|
new_user.set_role_required! if new_user.persisted?
|
2019-10-18 17:06:37 -04:00
|
|
|
end
|
|
|
|
|
2017-10-06 16:40:41 -04:00
|
|
|
def destroy_confirmation_valid?
|
|
|
|
if current_user.confirm_deletion_with_password?
|
|
|
|
current_user.valid_password?(params[:password])
|
|
|
|
else
|
|
|
|
current_user.username == params[:username]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy_confirmation_failure_message
|
|
|
|
if current_user.confirm_deletion_with_password?
|
|
|
|
s_('Profiles|Invalid password')
|
|
|
|
else
|
|
|
|
s_('Profiles|Invalid username')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-08-05 22:03:01 -04:00
|
|
|
def build_resource(hash = nil)
|
2013-03-18 07:22:41 -04:00
|
|
|
super
|
|
|
|
end
|
|
|
|
|
2021-01-28 01:08:59 -05:00
|
|
|
def after_request_hook(user)
|
|
|
|
# overridden by EE module
|
|
|
|
end
|
|
|
|
|
2016-05-06 16:59:45 -04:00
|
|
|
def after_sign_up_path_for(user)
|
2019-06-25 18:32:54 -04:00
|
|
|
Gitlab::AppLogger.info(user_created_message(confirmed: user.confirmed?))
|
2019-10-18 17:06:37 -04:00
|
|
|
|
2020-09-10 11:09:10 -04:00
|
|
|
users_sign_up_welcome_path
|
2014-07-04 08:19:59 -04:00
|
|
|
end
|
|
|
|
|
2017-08-23 00:40:16 -04:00
|
|
|
def after_inactive_sign_up_path_for(resource)
|
2019-06-25 18:32:54 -04:00
|
|
|
Gitlab::AppLogger.info(user_created_message)
|
2020-10-08 11:08:17 -04:00
|
|
|
return new_user_session_path(anchor: 'login-pane') if resource.blocked_pending_approval?
|
|
|
|
|
2021-06-12 08:09:59 -04:00
|
|
|
Feature.enabled?(:soft_email_confirmation) ? dashboard_projects_path : users_almost_there_path(email: resource.email)
|
2014-07-04 08:19:59 -04:00
|
|
|
end
|
|
|
|
|
2012-11-06 08:30:48 -05:00
|
|
|
private
|
|
|
|
|
2020-10-01 14:10:20 -04:00
|
|
|
def ensure_destroy_prerequisites_met
|
|
|
|
if current_user.solo_owned_groups.present?
|
|
|
|
redirect_to profile_account_path,
|
|
|
|
status: :see_other,
|
|
|
|
alert: s_('Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-25 18:32:54 -04:00
|
|
|
def user_created_message(confirmed: false)
|
|
|
|
"User Created: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip} confirmed:#{confirmed}"
|
|
|
|
end
|
|
|
|
|
|
|
|
def ensure_correct_params!
|
|
|
|
# To avoid duplicate form fields on the login page, the registration form
|
|
|
|
# names fields using `new_user`, but Devise still wants the params in
|
|
|
|
# `user`.
|
|
|
|
if params["new_#{resource_name}"].present? && params[resource_name].blank?
|
|
|
|
params[resource_name] = params.delete(:"new_#{resource_name}")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-05-13 12:04:09 -04:00
|
|
|
def check_captcha
|
2019-06-25 18:32:54 -04:00
|
|
|
ensure_correct_params!
|
|
|
|
|
|
|
|
return unless show_recaptcha_sign_up?
|
2019-05-13 12:04:09 -04:00
|
|
|
return unless Gitlab::Recaptcha.load_configurations!
|
|
|
|
|
|
|
|
return if verify_recaptcha
|
|
|
|
|
|
|
|
flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
|
|
|
|
flash.delete :recaptcha_error
|
|
|
|
render action: 'new'
|
|
|
|
end
|
|
|
|
|
2020-11-12 19:09:49 -05:00
|
|
|
def pending_approval?
|
|
|
|
return false unless Gitlab::CurrentSettings.require_admin_approval_after_user_signup
|
|
|
|
|
|
|
|
resource.persisted? && resource.blocked_pending_approval?
|
|
|
|
end
|
|
|
|
|
2021-09-13 17:08:53 -04:00
|
|
|
def sign_up_params_attributes
|
|
|
|
[:username, :email, :name, :first_name, :last_name, :password]
|
|
|
|
end
|
|
|
|
|
2014-07-10 13:31:05 -04:00
|
|
|
def sign_up_params
|
2021-09-13 17:08:53 -04:00
|
|
|
params.require(:user).permit(sign_up_params_attributes)
|
2014-07-10 13:31:05 -04:00
|
|
|
end
|
2015-12-27 12:03:06 -05:00
|
|
|
|
|
|
|
def resource_name
|
|
|
|
:user
|
|
|
|
end
|
|
|
|
|
|
|
|
def resource
|
2021-04-27 23:09:58 -04:00
|
|
|
@resource ||= Users::RegistrationsBuildService
|
|
|
|
.new(current_user, sign_up_params.merge({ skip_confirmation: skip_email_confirmation? }))
|
|
|
|
.execute
|
2015-12-27 12:03:06 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def devise_mapping
|
|
|
|
@devise_mapping ||= Devise.mappings[:user]
|
|
|
|
end
|
2018-01-15 10:21:04 -05:00
|
|
|
|
2021-04-27 23:09:58 -04:00
|
|
|
def skip_email_confirmation?
|
|
|
|
invite_email = session.delete(:invite_email)
|
|
|
|
|
|
|
|
sign_up_params[:email] == invite_email
|
|
|
|
end
|
|
|
|
|
2020-02-06 22:08:59 -05:00
|
|
|
def load_recaptcha
|
|
|
|
Gitlab::Recaptcha.load_configurations!
|
|
|
|
end
|
|
|
|
|
2020-10-08 11:08:17 -04:00
|
|
|
def set_user_state
|
2020-11-26 10:09:30 -05:00
|
|
|
return unless set_blocked_pending_approval?
|
|
|
|
|
|
|
|
resource.state = User::BLOCKED_PENDING_APPROVAL_STATE
|
|
|
|
end
|
2020-10-08 11:08:17 -04:00
|
|
|
|
2020-11-26 10:09:30 -05:00
|
|
|
def set_blocked_pending_approval?
|
|
|
|
Gitlab::CurrentSettings.require_admin_approval_after_user_signup
|
2020-10-08 11:08:17 -04:00
|
|
|
end
|
2020-11-02 22:08:56 -05:00
|
|
|
|
|
|
|
def set_invite_params
|
|
|
|
@invite_email = ActionController::Base.helpers.sanitize(params[:invite_email])
|
|
|
|
end
|
2021-04-29 17:10:03 -04:00
|
|
|
|
|
|
|
def after_pending_invitations_hook
|
|
|
|
member_id = session.delete(:originating_member_id)
|
|
|
|
|
|
|
|
return unless member_id
|
|
|
|
|
|
|
|
# if invited multiple times to different projects, only the email clicked will be counted as accepted
|
|
|
|
# for the specific member on a project or group
|
|
|
|
member = resource.members.find_by(id: member_id) # rubocop: disable CodeReuse/ActiveRecord
|
|
|
|
|
|
|
|
return unless member
|
|
|
|
|
2021-08-06 14:09:57 -04:00
|
|
|
experiment_name = session.delete(:invite_email_experiment_name)
|
|
|
|
experiment(:invite_email_preview_text, actor: member).track(:accepted) if experiment_name == 'invite_email_preview_text'
|
2021-08-25 05:10:52 -04:00
|
|
|
experiment(:invite_email_from, actor: member).track(:accepted) if experiment_name == 'invite_email_from'
|
2021-07-29 05:08:46 -04:00
|
|
|
Gitlab::Tracking.event(self.class.name, 'accepted', label: 'invite_email', property: member.id.to_s)
|
2021-04-29 17:10:03 -04:00
|
|
|
end
|
2021-06-07 11:09:56 -04:00
|
|
|
|
|
|
|
def context_user
|
|
|
|
current_user
|
|
|
|
end
|
2013-03-18 07:22:41 -04:00
|
|
|
end
|
2020-11-26 10:09:30 -05:00
|
|
|
|
2021-05-11 17:10:21 -04:00
|
|
|
RegistrationsController.prepend_mod_with('RegistrationsController')
|