gitlab-org--gitlab-foss/app/controllers/registrations_controller.rb
Robert Speicher 47bc0125be Merge branch 'destroy-session' into 'security'
Destroy a user session when they delete their own account via browser

This patch destroys a user's session when they delete their own account
using a browser. A new session is created as they are redirected to the
sign_in page.

Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015

See merge request !2042
2016-12-08 21:21:06 -03:00

74 lines
1.7 KiB
Ruby

class RegistrationsController < Devise::RegistrationsController
before_action :signup_enabled?
include Recaptcha::Verify
def new
redirect_to(new_user_session_path)
end
def create
if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
# To avoid duplicate form fields on the login page, the registration form
# names fields using `new_user`, but Devise still wants the params in
# `user`.
if params["new_#{resource_name}"].present? && params[resource_name].blank?
params[resource_name] = params.delete(:"new_#{resource_name}")
end
super
else
flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
flash.delete :recaptcha_error
render action: 'new'
end
end
def destroy
DeleteUserService.new(current_user).execute(current_user)
respond_to do |format|
format.html do
session.try(:destroy)
redirect_to new_user_session_path, notice: "Account successfully removed."
end
end
end
protected
def build_resource(hash = nil)
super
end
def after_sign_up_path_for(user)
user.confirmed? ? dashboard_projects_path : users_almost_there_path
end
def after_inactive_sign_up_path_for(_resource)
users_almost_there_path
end
private
def signup_enabled?
unless current_application_settings.signup_enabled?
redirect_to(new_user_session_path)
end
end
def sign_up_params
params.require(:user).permit(:username, :email, :name, :password, :password_confirmation)
end
def resource_name
:user
end
def resource
@resource ||= User.new(sign_up_params)
end
def devise_mapping
@devise_mapping ||= Devise.mappings[:user]
end
end