47bc0125be
Destroy a user session when they delete their own account via browser This patch destroys a user's session when they delete their own account using a browser. A new session is created as they are redirected to the sign_in page. Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015 See merge request !2042
74 lines
1.7 KiB
Ruby
74 lines
1.7 KiB
Ruby
class RegistrationsController < Devise::RegistrationsController
|
|
before_action :signup_enabled?
|
|
include Recaptcha::Verify
|
|
|
|
def new
|
|
redirect_to(new_user_session_path)
|
|
end
|
|
|
|
def create
|
|
if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
|
|
# To avoid duplicate form fields on the login page, the registration form
|
|
# names fields using `new_user`, but Devise still wants the params in
|
|
# `user`.
|
|
if params["new_#{resource_name}"].present? && params[resource_name].blank?
|
|
params[resource_name] = params.delete(:"new_#{resource_name}")
|
|
end
|
|
|
|
super
|
|
else
|
|
flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
|
|
flash.delete :recaptcha_error
|
|
render action: 'new'
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
DeleteUserService.new(current_user).execute(current_user)
|
|
|
|
respond_to do |format|
|
|
format.html do
|
|
session.try(:destroy)
|
|
redirect_to new_user_session_path, notice: "Account successfully removed."
|
|
end
|
|
end
|
|
end
|
|
|
|
protected
|
|
|
|
def build_resource(hash = nil)
|
|
super
|
|
end
|
|
|
|
def after_sign_up_path_for(user)
|
|
user.confirmed? ? dashboard_projects_path : users_almost_there_path
|
|
end
|
|
|
|
def after_inactive_sign_up_path_for(_resource)
|
|
users_almost_there_path
|
|
end
|
|
|
|
private
|
|
|
|
def signup_enabled?
|
|
unless current_application_settings.signup_enabled?
|
|
redirect_to(new_user_session_path)
|
|
end
|
|
end
|
|
|
|
def sign_up_params
|
|
params.require(:user).permit(:username, :email, :name, :password, :password_confirmation)
|
|
end
|
|
|
|
def resource_name
|
|
:user
|
|
end
|
|
|
|
def resource
|
|
@resource ||= User.new(sign_up_params)
|
|
end
|
|
|
|
def devise_mapping
|
|
@devise_mapping ||= Devise.mappings[:user]
|
|
end
|
|
end
|