debian-mirror-gitlab/app/controllers/registrations_controller.rb

214 lines
7 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
class RegistrationsController < Devise::RegistrationsController
include Recaptcha::Verify
2018-11-08 19:23:39 +05:30
include AcceptsPendingInvitations
2019-09-30 21:07:59 +05:30
include RecaptchaExperimentHelper
2019-10-12 21:52:04 +05:30
include InvisibleCaptcha
2014-09-02 18:07:02 +05:30
2019-12-21 20:55:43 +05:30
layout :choose_layout
2019-12-26 22:10:19 +05:30
skip_before_action :required_signup_info, only: [:welcome, :update_registration]
2019-09-04 21:01:54 +05:30
prepend_before_action :check_captcha, only: :create
2018-03-17 18:26:18 +05:30
before_action :whitelist_query_limiting, only: [:destroy]
2018-11-08 19:23:39 +05:30
before_action :ensure_terms_accepted,
2019-10-12 21:52:04 +05:30
if: -> { action_name == 'create' && Gitlab::CurrentSettings.current_application_settings.enforce_terms? }
2018-03-17 18:26:18 +05:30
2015-04-26 12:48:37 +05:30
def new
2019-12-21 20:55:43 +05:30
if experiment_enabled?(:signup_flow)
2019-12-26 22:10:19 +05:30
track_experiment_event(:signup_flow, 'start') # We want this event to be tracked when the user is _in_ the experimental group
2019-12-21 20:55:43 +05:30
@resource = build_resource
else
redirect_to new_user_session_path(anchor: 'register-pane')
end
2015-04-26 12:48:37 +05:30
end
def create
2019-12-26 22:10:19 +05:30
track_experiment_event(:signup_flow, 'end') unless experiment_enabled?(:signup_flow) # We want this event to be tracked when the user is _in_ the control group
2019-09-04 21:01:54 +05:30
accept_pending_invitations
super do |new_user|
persist_accepted_terms_if_required(new_user)
2019-12-21 20:55:43 +05:30
set_role_required(new_user)
2019-12-04 20:38:33 +05:30
yield new_user if block_given?
end
2019-12-21 20:55:43 +05:30
# Do not show the signed_up notice message when the signup_flow experiment is enabled.
# Instead, show it after succesfully updating the role.
flash[:notice] = nil if experiment_enabled?(:signup_flow)
2017-08-17 22:00:37 +05:30
rescue Gitlab::Access::AccessDeniedError
redirect_to(new_user_session_path)
end
2014-09-02 18:07:02 +05:30
def destroy
2018-03-17 18:26:18 +05:30
if destroy_confirmation_valid?
current_user.delete_async(deleted_by: current_user)
session.try(:destroy)
2019-12-26 22:10:19 +05:30
redirect_to new_user_session_path, status: :see_other, notice: s_('Profiles|Account scheduled for removal.')
2018-03-17 18:26:18 +05:30
else
2019-12-26 22:10:19 +05:30
redirect_to profile_account_path, status: :see_other, alert: destroy_confirmation_failure_message
2014-09-02 18:07:02 +05:30
end
end
2019-12-21 20:55:43 +05:30
def welcome
return redirect_to new_user_registration_path unless current_user
2019-12-26 22:10:19 +05:30
return redirect_to stored_location_or_dashboard_or_almost_there_path(current_user) if current_user.role.present? && !current_user.setup_for_company.nil?
2019-12-21 20:55:43 +05:30
2019-12-26 22:10:19 +05:30
current_user.name = nil if current_user.name == current_user.username
2019-12-21 20:55:43 +05:30
render layout: 'devise_experimental_separate_sign_up_flow'
end
2019-12-26 22:10:19 +05:30
def update_registration
user_params = params.require(:user).permit(:name, :role, :setup_for_company)
result = ::Users::SignupService.new(current_user, user_params).execute
2019-12-21 20:55:43 +05:30
if result[:status] == :success
2019-12-26 22:10:19 +05:30
track_experiment_event(:signup_flow, 'end') # We want this event to be tracked when the user is _in_ the experimental group
2019-12-21 20:55:43 +05:30
set_flash_message! :notice, :signed_up
redirect_to stored_location_or_dashboard_or_almost_there_path(current_user)
else
2019-12-26 22:10:19 +05:30
render :welcome, layout: 'devise_experimental_separate_sign_up_flow'
2019-12-21 20:55:43 +05:30
end
end
2014-09-02 18:07:02 +05:30
protected
2018-11-08 19:23:39 +05:30
def persist_accepted_terms_if_required(new_user)
return unless new_user.persisted?
return unless Gitlab::CurrentSettings.current_application_settings.enforce_terms?
if terms_accepted?
terms = ApplicationSetting::Term.latest
Users::RespondToTermsService.new(new_user, terms).execute(accepted: true)
end
end
2019-12-21 20:55:43 +05:30
def set_role_required(new_user)
new_user.set_role_required! if new_user.persisted? && experiment_enabled?(:signup_flow)
end
2018-03-17 18:26:18 +05:30
def destroy_confirmation_valid?
if current_user.confirm_deletion_with_password?
current_user.valid_password?(params[:password])
else
current_user.username == params[:username]
end
end
def destroy_confirmation_failure_message
if current_user.confirm_deletion_with_password?
s_('Profiles|Invalid password')
else
s_('Profiles|Invalid username')
end
end
2016-09-13 17:45:13 +05:30
def build_resource(hash = nil)
2014-09-02 18:07:02 +05:30
super
end
2016-06-02 11:05:42 +05:30
def after_sign_up_path_for(user)
2019-09-30 21:07:59 +05:30
Gitlab::AppLogger.info(user_created_message(confirmed: user.confirmed?))
2019-12-21 20:55:43 +05:30
return users_sign_up_welcome_path if experiment_enabled?(:signup_flow)
stored_location_or_dashboard_or_almost_there_path(user)
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
def after_inactive_sign_up_path_for(resource)
2019-09-30 21:07:59 +05:30
Gitlab::AppLogger.info(user_created_message)
2019-10-12 21:52:04 +05:30
Feature.enabled?(:soft_email_confirmation) ? dashboard_projects_path : users_almost_there_path
2014-09-02 18:07:02 +05:30
end
private
2019-09-30 21:07:59 +05:30
def user_created_message(confirmed: false)
"User Created: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip} confirmed:#{confirmed}"
end
def ensure_correct_params!
# To avoid duplicate form fields on the login page, the registration form
# names fields using `new_user`, but Devise still wants the params in
# `user`.
if params["new_#{resource_name}"].present? && params[resource_name].blank?
params[resource_name] = params.delete(:"new_#{resource_name}")
end
end
2019-09-04 21:01:54 +05:30
def check_captcha
2019-09-30 21:07:59 +05:30
ensure_correct_params!
return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true) # reCAPTCHA on the UI will still display however
2019-12-21 20:55:43 +05:30
return if experiment_enabled?(:signup_flow) # when the experimental signup flow is enabled for the current user, disable the reCAPTCHA check
2019-09-30 21:07:59 +05:30
return unless show_recaptcha_sign_up?
2019-09-04 21:01:54 +05:30
return unless Gitlab::Recaptcha.load_configurations!
return if verify_recaptcha
flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
flash.delete :recaptcha_error
render action: 'new'
end
2014-09-02 18:07:02 +05:30
def sign_up_params
2019-12-21 20:55:43 +05:30
clean_params = params.require(:user).permit(:username, :email, :email_confirmation, :name, :password)
if experiment_enabled?(:signup_flow)
clean_params[:name] = clean_params[:username]
end
clean_params
2014-09-02 18:07:02 +05:30
end
def resource_name
:user
end
def resource
2017-08-17 22:00:37 +05:30
@resource ||= Users::BuildService.new(current_user, sign_up_params).execute
end
def devise_mapping
@devise_mapping ||= Devise.mappings[:user]
end
2018-03-17 18:26:18 +05:30
def whitelist_query_limiting
2019-12-04 20:38:33 +05:30
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42380')
2018-03-17 18:26:18 +05:30
end
2018-11-08 19:23:39 +05:30
def ensure_terms_accepted
return if terms_accepted?
redirect_to new_user_session_path, alert: _('You must accept our Terms of Service and privacy policy in order to register an account')
end
def terms_accepted?
Gitlab::Utils.to_boolean(params[:terms_opt_in])
end
2019-10-12 21:52:04 +05:30
def confirmed_or_unconfirmed_access_allowed(user)
2019-12-21 20:55:43 +05:30
user.confirmed? || Feature.enabled?(:soft_email_confirmation) || experiment_enabled?(:signup_flow)
2019-10-12 21:52:04 +05:30
end
def stored_location_or_dashboard(user)
stored_location_for(user) || dashboard_projects_path
end
2019-12-21 20:55:43 +05:30
def stored_location_or_dashboard_or_almost_there_path(user)
confirmed_or_unconfirmed_access_allowed(user) ? stored_location_or_dashboard(user) : users_almost_there_path
end
# Part of an experiment to build a new sign up flow. Will be resolved
# with https://gitlab.com/gitlab-org/growth/engineering/issues/64
def choose_layout
if experiment_enabled?(:signup_flow)
'devise_experimental_separate_sign_up_flow'
else
'devise'
end
end
2014-09-02 18:07:02 +05:30
end
2019-12-04 20:38:33 +05:30
RegistrationsController.prepend_if_ee('EE::RegistrationsController')