gitlab-org--gitlab-foss/app/controllers/profiles_controller.rb

149 lines
4.2 KiB
Ruby

# frozen_string_literal: true
class ProfilesController < Profiles::ApplicationController
include ActionView::Helpers::SanitizeHelper
include Gitlab::Tracking
before_action :user
before_action :authorize_change_username!, only: :update_username
before_action only: :update_username do
check_rate_limit!(:profile_update_username, scope: current_user)
end
skip_before_action :require_email, only: [:show, :update]
before_action do
push_frontend_feature_flag(:webauthn)
end
feature_category :users, [:show, :update, :reset_incoming_email_token, :reset_feed_token,
:reset_static_object_token, :update_username]
feature_category :authentication_and_authorization, [:audit_log]
urgency :low, [:show, :update]
def show
end
def update
respond_to do |format|
result = Users::UpdateService.new(current_user, user_params.merge(user: @user)).execute(check_password: true)
if result[:status] == :success
message = s_("Profiles|Profile was successfully updated")
format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }
format.json { render json: { message: message } }
else
format.html { redirect_back_or_default(default: { action: 'show' }, options: { alert: result[:message] }) }
format.json { render json: result }
end
end
end
def reset_incoming_email_token
Users::UpdateService.new(current_user, user: @user).execute! do |user|
user.reset_incoming_email_token!
end
flash[:notice] = s_("Profiles|Incoming email token was successfully reset")
redirect_to profile_personal_access_tokens_path
end
def reset_feed_token
Users::UpdateService.new(current_user, user: @user).execute! do |user|
user.reset_feed_token!
end
flash[:notice] = s_('Profiles|Feed token was successfully reset')
redirect_to profile_personal_access_tokens_path
end
def reset_static_object_token
Users::UpdateService.new(current_user, user: @user).execute! do |user|
user.reset_static_object_token!
end
redirect_to profile_personal_access_tokens_path,
notice: s_('Profiles|Static object token was successfully reset')
end
# rubocop: disable CodeReuse/ActiveRecord
def audit_log
@events = AuthenticationEvent.where(user: current_user)
.order("created_at DESC")
.page(params[:page])
Gitlab::Tracking.event(self.class.name, 'search_audit_event', user: current_user)
end
# rubocop: enable CodeReuse/ActiveRecord
def update_username
result = Users::UpdateService.new(current_user, user: @user, username: username_param).execute
respond_to do |format|
if result[:status] == :success
message = s_("Profiles|Username successfully changed")
format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }
format.json { render json: { message: message }, status: :ok }
else
message = s_("Profiles|Username change failed - %{message}") % { message: result[:message] }
format.html { redirect_back_or_default(default: { action: 'show' }, options: { alert: message }) }
format.json { render json: { message: message }, status: :unprocessable_entity }
end
end
end
private
def user
@user = current_user
end
def authorize_change_username!
return render_404 unless @user.can_change_username?
end
def username_param
@username_param ||= user_params.require(:username)
end
def user_params_attributes
[
:avatar,
:bio,
:email,
:role,
:gitpod_enabled,
:hide_no_password,
:hide_no_ssh_key,
:hide_project_limit,
:linkedin,
:location,
:name,
:public_email,
:commit_email,
:skype,
:twitter,
:username,
:website_url,
:organization,
:private_profile,
:include_private_contributions,
:timezone,
:job_title,
:pronouns,
:pronunciation,
:validation_password,
status: [:emoji, :message, :availability, :clear_status_after]
]
end
def user_params
@user_params ||= params.require(:user).permit(user_params_attributes)
end
end
ProfilesController.prepend_mod