registrations_controller.rb 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142
  1. # frozen_string_literal: true
  2. class Auth::RegistrationsController < Devise::RegistrationsController
  3. include RegistrationHelper
  4. include Auth::RegistrationSpamConcern
  5. layout :determine_layout
  6. before_action :set_invite, only: [:new, :create]
  7. before_action :check_enabled_registrations, only: [:new, :create]
  8. before_action :configure_sign_up_params, only: [:create]
  9. before_action :set_sessions, only: [:edit, :update]
  10. before_action :set_strikes, only: [:edit, :update]
  11. before_action :set_body_classes, only: [:new, :create, :edit, :update]
  12. before_action :require_not_suspended!, only: [:update]
  13. before_action :set_cache_headers, only: [:edit, :update]
  14. before_action :set_rules, only: :new
  15. before_action :require_rules_acceptance!, only: :new
  16. before_action :set_registration_form_time, only: :new
  17. skip_before_action :check_self_destruct!, only: [:edit, :update]
  18. skip_before_action :require_functional!, only: [:edit, :update]
  19. def new
  20. super(&:build_invite_request)
  21. end
  22. def update
  23. super do |resource|
  24. resource.clear_other_sessions(current_session.session_id) if resource.saved_change_to_encrypted_password?
  25. end
  26. end
  27. def destroy
  28. not_found
  29. end
  30. protected
  31. def update_resource(resource, params)
  32. params[:password] = nil if Devise.pam_authentication && resource.encrypted_password.blank?
  33. super
  34. end
  35. def build_resource(hash = nil)
  36. super(hash)
  37. resource.locale = I18n.locale
  38. resource.invite_code = @invite&.code if resource.invite_code.blank?
  39. resource.registration_form_time = session[:registration_form_time]
  40. resource.sign_up_ip = request.remote_ip
  41. resource.build_account if resource.account.nil?
  42. end
  43. def configure_sign_up_params
  44. devise_parameter_sanitizer.permit(:sign_up) do |user_params|
  45. user_params.permit({ account_attributes: [:username, :display_name], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code, :agreement, :website, :confirm_password)
  46. end
  47. end
  48. def after_sign_up_path_for(_resource)
  49. auth_setup_path
  50. end
  51. def after_sign_in_path_for(_resource)
  52. set_invite
  53. if @invite&.autofollow?
  54. short_account_path(@invite.user.account)
  55. else
  56. super
  57. end
  58. end
  59. def after_inactive_sign_up_path_for(_resource)
  60. new_user_session_path
  61. end
  62. def after_update_path_for(_resource)
  63. edit_user_registration_path
  64. end
  65. def check_enabled_registrations
  66. redirect_to root_path unless allowed_registration?(request.remote_ip, @invite)
  67. end
  68. def invite_code
  69. if params[:user]
  70. params[:user][:invite_code]
  71. else
  72. params[:invite_code]
  73. end
  74. end
  75. private
  76. def set_body_classes
  77. @body_classes = %w(edit update).include?(action_name) ? 'admin' : 'lighter'
  78. end
  79. def set_invite
  80. @invite = begin
  81. invite = Invite.find_by(code: invite_code) if invite_code.present?
  82. invite if invite&.valid_for_use?
  83. end
  84. end
  85. def determine_layout
  86. %w(edit update).include?(action_name) ? 'admin' : 'auth'
  87. end
  88. def set_sessions
  89. @sessions = current_user.session_activations.order(updated_at: :desc)
  90. end
  91. def set_strikes
  92. @strikes = current_account.strikes.recent.latest
  93. end
  94. def require_not_suspended!
  95. forbidden if current_account.unavailable?
  96. end
  97. def set_rules
  98. @rules = Rule.ordered
  99. end
  100. def require_rules_acceptance!
  101. return if @rules.empty? || (session[:accept_token].present? && params[:accept] == session[:accept_token])
  102. @accept_token = session[:accept_token] = SecureRandom.hex
  103. @invite_code = invite_code
  104. set_locale { render :rules }
  105. end
  106. def set_cache_headers
  107. response.cache_control.replace(private: true, no_store: true)
  108. end
  109. end