debian-mirror-gitlab/app/controllers/registrations_controller.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

283 lines
8.7 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
class RegistrationsController < Devise::RegistrationsController
include Recaptcha::Verify
2018-11-08 19:23:39 +05:30
include AcceptsPendingInvitations
2021-01-29 00:20:46 +05:30
include RecaptchaHelper
2020-04-08 14:13:33 +05:30
include InvisibleCaptchaOnSignup
2021-11-18 22:05:49 +05:30
include OneTrustCSP
2022-04-04 11:22:00 +05:30
include BizibleCSP
2022-08-13 15:12:31 +05:30
include GoogleAnalyticsCSP
2023-01-13 00:05:48 +05:30
include PreferredLanguageSwitcher
2022-11-25 23:54:43 +05:30
include RegistrationsTracking
2023-01-13 00:05:48 +05:30
include Gitlab::Tracking::Helpers::WeakPasswordErrorEvent
2014-09-02 18:07:02 +05:30
2021-01-29 00:20:46 +05:30
layout 'devise'
2019-12-21 20:55:43 +05:30
2019-09-04 21:01:54 +05:30
prepend_before_action :check_captcha, only: :create
2023-03-04 22:38:38 +05:30
before_action :ensure_first_name_and_last_name_not_empty, only: :create
2021-04-29 21:17:54 +05:30
before_action :ensure_destroy_prerequisites_met, only: [:destroy]
2023-01-13 00:05:48 +05:30
before_action :init_preferred_language, only: :new
2020-03-13 15:44:24 +05:30
before_action :load_recaptcha, only: :new
2022-03-02 08:16:31 +05:30
before_action only: [:create] do
2022-05-07 20:08:51 +05:30
check_rate_limit!(:user_sign_up, scope: request.ip)
2022-03-02 08:16:31 +05:30
end
before_action only: [:new] do
push_frontend_feature_flag(:gitlab_gtm_datalayer, type: :ops)
2022-08-27 11:52:29 +05:30
push_frontend_feature_flag(:trial_email_validation, type: :development)
2022-03-02 08:16:31 +05:30
end
2018-03-17 18:26:18 +05:30
2021-01-03 14:25:43 +05:30
feature_category :authentication_and_authorization
2015-04-26 12:48:37 +05:30
def new
2021-01-29 00:20:46 +05:30
@resource = build_resource
2023-03-04 22:38:38 +05:30
set_invite_params
2015-04-26 12:48:37 +05:30
end
def create
2023-03-04 22:38:38 +05:30
set_resource_fields
2019-09-04 21:01:54 +05:30
super do |new_user|
2021-11-11 11:23:49 +05:30
accept_pending_invitations if new_user.persisted?
2019-09-04 21:01:54 +05:30
persist_accepted_terms_if_required(new_user)
2019-12-21 20:55:43 +05:30
set_role_required(new_user)
2023-01-13 00:05:48 +05:30
send_custom_confirmation_instructions
track_weak_password_error(new_user, self.class.name, 'create')
2021-01-29 00:20:46 +05:30
if pending_approval?
NotificationService.new.new_instance_access_request(new_user)
end
2021-03-11 19:13:27 +05:30
after_request_hook(new_user)
2019-12-04 20:38:33 +05:30
yield new_user if block_given?
end
2019-12-21 20:55:43 +05:30
2021-01-03 14:25:43 +05:30
# Devise sets a flash message on both successful & failed signups,
# but we only want to show a message if the resource is blocked by a pending approval.
flash[:notice] = nil unless resource.blocked_pending_approval?
2017-08-17 22:00:37 +05:30
rescue Gitlab::Access::AccessDeniedError
redirect_to(new_user_session_path)
end
2014-09-02 18:07:02 +05:30
def destroy
2021-11-18 22:05:49 +05:30
if current_user.required_terms_not_accepted?
redirect_to profile_account_path, status: :see_other, alert: s_('Profiles|You must accept the Terms of Service in order to perform this action.')
return
end
2018-03-17 18:26:18 +05:30
if destroy_confirmation_valid?
current_user.delete_async(deleted_by: current_user)
session.try(:destroy)
2019-12-26 22:10:19 +05:30
redirect_to new_user_session_path, status: :see_other, notice: s_('Profiles|Account scheduled for removal.')
2018-03-17 18:26:18 +05:30
else
2019-12-26 22:10:19 +05:30
redirect_to profile_account_path, status: :see_other, alert: destroy_confirmation_failure_message
2014-09-02 18:07:02 +05:30
end
end
protected
2018-11-08 19:23:39 +05:30
def persist_accepted_terms_if_required(new_user)
return unless new_user.persisted?
return unless Gitlab::CurrentSettings.current_application_settings.enforce_terms?
2021-01-03 14:25:43 +05:30
terms = ApplicationSetting::Term.latest
Users::RespondToTermsService.new(new_user, terms).execute(accepted: true)
2018-11-08 19:23:39 +05:30
end
2019-12-21 20:55:43 +05:30
def set_role_required(new_user)
2020-11-24 15:15:51 +05:30
new_user.set_role_required! if new_user.persisted?
2019-12-21 20:55:43 +05:30
end
2018-03-17 18:26:18 +05:30
def destroy_confirmation_valid?
if current_user.confirm_deletion_with_password?
current_user.valid_password?(params[:password])
else
current_user.username == params[:username]
end
end
def destroy_confirmation_failure_message
if current_user.confirm_deletion_with_password?
s_('Profiles|Invalid password')
else
s_('Profiles|Invalid username')
end
end
2016-09-13 17:45:13 +05:30
def build_resource(hash = nil)
2014-09-02 18:07:02 +05:30
super
end
2023-03-04 22:38:38 +05:30
# overridden by EE module
2021-03-11 19:13:27 +05:30
def after_request_hook(user)
2023-03-04 22:38:38 +05:30
return unless user.persisted?
Gitlab::Tracking.event(self.class.name, 'successfully_submitted_form', user: user)
2021-03-11 19:13:27 +05:30
end
2016-06-02 11:05:42 +05:30
def after_sign_up_path_for(user)
2019-09-30 21:07:59 +05:30
Gitlab::AppLogger.info(user_created_message(confirmed: user.confirmed?))
2019-12-21 20:55:43 +05:30
2022-11-25 23:54:43 +05:30
users_sign_up_welcome_path(glm_tracking_params)
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
def after_inactive_sign_up_path_for(resource)
2019-09-30 21:07:59 +05:30
Gitlab::AppLogger.info(user_created_message)
2021-01-03 14:25:43 +05:30
return new_user_session_path(anchor: 'login-pane') if resource.blocked_pending_approval?
2022-10-11 01:57:18 +05:30
return dashboard_projects_path if Feature.enabled?(:soft_email_confirmation)
2022-11-25 23:54:43 +05:30
# when email confirmation is enabled, path to redirect is saved
# after user confirms and comes back, he will be redirected
store_location_for(:redirect, users_sign_up_welcome_path(glm_tracking_params))
2023-01-13 00:05:48 +05:30
return identity_verification_redirect_path if custom_confirmation_enabled?
2021-01-03 14:25:43 +05:30
2023-03-04 22:38:38 +05:30
Gitlab::Tracking.event(self.class.name, 'render', user: resource)
2022-10-11 01:57:18 +05:30
users_almost_there_path(email: resource.email)
2014-09-02 18:07:02 +05:30
end
private
2020-10-04 03:57:07 +05:30
def ensure_destroy_prerequisites_met
if current_user.solo_owned_groups.present?
redirect_to profile_account_path,
status: :see_other,
alert: s_('Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account')
end
end
2019-09-30 21:07:59 +05:30
def user_created_message(confirmed: false)
"User Created: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip} confirmed:#{confirmed}"
end
def ensure_correct_params!
# To avoid duplicate form fields on the login page, the registration form
# names fields using `new_user`, but Devise still wants the params in
# `user`.
if params["new_#{resource_name}"].present? && params[resource_name].blank?
params[resource_name] = params.delete(:"new_#{resource_name}")
end
end
2019-09-04 21:01:54 +05:30
def check_captcha
2019-09-30 21:07:59 +05:30
ensure_correct_params!
return unless show_recaptcha_sign_up?
2019-09-04 21:01:54 +05:30
return unless Gitlab::Recaptcha.load_configurations!
return if verify_recaptcha
flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
flash.delete :recaptcha_error
2022-07-23 23:45:48 +05:30
add_gon_variables
2019-09-04 21:01:54 +05:30
render action: 'new'
end
2023-03-04 22:38:38 +05:30
def ensure_first_name_and_last_name_not_empty
# The key here will be affected by feature flag 'arkose_labs_signup_challenge'
# When flag is disabled, the key will be 'user' because #check_captcha will remove 'new_' prefix
# When flag is enabled, #check_captcha will be skipped, so the key will have 'new_' prefix
first_name = params.dig(resource_name, :first_name) || params.dig("new_#{resource_name}", :first_name)
last_name = params.dig(resource_name, :last_name) || params.dig("new_#{resource_name}", :last_name)
return if first_name.present? && last_name.present?
resource.errors.add(_('First name'), _("cannot be blank")) if first_name.blank?
resource.errors.add(_('Last name'), _("cannot be blank")) if last_name.blank?
render action: 'new'
end
2021-01-29 00:20:46 +05:30
def pending_approval?
return false unless Gitlab::CurrentSettings.require_admin_approval_after_user_signup
resource.persisted? && resource.blocked_pending_approval?
end
2021-11-11 11:23:49 +05:30
def sign_up_params_attributes
[:username, :email, :name, :first_name, :last_name, :password]
end
2014-09-02 18:07:02 +05:30
def sign_up_params
2021-11-11 11:23:49 +05:30
params.require(:user).permit(sign_up_params_attributes)
2014-09-02 18:07:02 +05:30
end
def resource_name
:user
end
def resource
2021-06-08 01:23:25 +05:30
@resource ||= Users::RegistrationsBuildService
2023-01-13 00:05:48 +05:30
.new(current_user, sign_up_params.merge({ skip_confirmation: registered_with_invite_email?,
preferred_language: preferred_language }))
2021-06-08 01:23:25 +05:30
.execute
end
def devise_mapping
@devise_mapping ||= Devise.mappings[:user]
end
2018-03-17 18:26:18 +05:30
2022-11-25 23:54:43 +05:30
def registered_with_invite_email?
2021-06-08 01:23:25 +05:30
invite_email = session.delete(:invite_email)
sign_up_params[:email] == invite_email
end
2020-03-13 15:44:24 +05:30
def load_recaptcha
Gitlab::Recaptcha.load_configurations!
2019-12-21 20:55:43 +05:30
end
2023-03-04 22:38:38 +05:30
# overridden by EE module
def set_resource_fields
2021-02-22 17:27:13 +05:30
return unless set_blocked_pending_approval?
resource.state = User::BLOCKED_PENDING_APPROVAL_STATE
end
2021-01-03 14:25:43 +05:30
2023-03-04 22:38:38 +05:30
# overridden by EE module
2021-02-22 17:27:13 +05:30
def set_blocked_pending_approval?
Gitlab::CurrentSettings.require_admin_approval_after_user_signup
2021-01-03 14:25:43 +05:30
end
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
def set_invite_params
2023-03-04 22:38:38 +05:30
if resource.email.blank? && params[:invite_email].present?
resource.email = @invite_email = ActionController::Base.helpers.sanitize(params[:invite_email])
end
2021-01-29 00:20:46 +05:30
end
2021-06-08 01:23:25 +05:30
def after_pending_invitations_hook
member_id = session.delete(:originating_member_id)
return unless member_id
# if invited multiple times to different projects, only the email clicked will be counted as accepted
# for the specific member on a project or group
member = resource.members.find_by(id: member_id) # rubocop: disable CodeReuse/ActiveRecord
return unless member
2022-08-13 15:12:31 +05:30
Gitlab::Tracking.event(self.class.name, 'accepted', label: 'invite_email', property: member.id.to_s, user: resource)
2021-06-08 01:23:25 +05:30
end
2021-09-04 01:27:46 +05:30
def context_user
current_user
end
2022-04-04 11:22:00 +05:30
2022-10-11 01:57:18 +05:30
def identity_verification_redirect_path
# overridden by EE module
end
2023-01-13 00:05:48 +05:30
def custom_confirmation_enabled?
2022-10-11 01:57:18 +05:30
# overridden by EE module
end
2023-01-13 00:05:48 +05:30
def send_custom_confirmation_instructions
2022-10-11 01:57:18 +05:30
# overridden by EE module
end
2021-01-29 00:20:46 +05:30
end
2021-02-22 17:27:13 +05:30
2021-06-08 01:23:25 +05:30
RegistrationsController.prepend_mod_with('RegistrationsController')