2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
class RegistrationsController < Devise :: RegistrationsController
2016-01-14 18:37:52 +05:30
include Recaptcha :: Verify
2018-11-08 19:23:39 +05:30
include AcceptsPendingInvitations
2019-09-30 21:07:59 +05:30
include RecaptchaExperimentHelper
2019-10-12 21:52:04 +05:30
include InvisibleCaptcha
2014-09-02 18:07:02 +05:30
2019-12-21 20:55:43 +05:30
layout :choose_layout
2019-12-26 22:10:19 +05:30
skip_before_action :required_signup_info , only : [ :welcome , :update_registration ]
2019-09-04 21:01:54 +05:30
prepend_before_action :check_captcha , only : :create
2018-03-17 18:26:18 +05:30
before_action :whitelist_query_limiting , only : [ :destroy ]
2018-11-08 19:23:39 +05:30
before_action :ensure_terms_accepted ,
2019-10-12 21:52:04 +05:30
if : - > { action_name == 'create' && Gitlab :: CurrentSettings . current_application_settings . enforce_terms? }
2018-03-17 18:26:18 +05:30
2015-04-26 12:48:37 +05:30
def new
2019-12-21 20:55:43 +05:30
if experiment_enabled? ( :signup_flow )
2019-12-26 22:10:19 +05:30
track_experiment_event ( :signup_flow , 'start' ) # We want this event to be tracked when the user is _in_ the experimental group
2019-12-21 20:55:43 +05:30
@resource = build_resource
else
redirect_to new_user_session_path ( anchor : 'register-pane' )
end
2015-04-26 12:48:37 +05:30
end
2016-01-14 18:37:52 +05:30
def create
2019-12-26 22:10:19 +05:30
track_experiment_event ( :signup_flow , 'end' ) unless experiment_enabled? ( :signup_flow ) # We want this event to be tracked when the user is _in_ the control group
2019-09-04 21:01:54 +05:30
accept_pending_invitations
super do | new_user |
persist_accepted_terms_if_required ( new_user )
2019-12-21 20:55:43 +05:30
set_role_required ( new_user )
2019-12-04 20:38:33 +05:30
yield new_user if block_given?
2016-01-14 18:37:52 +05:30
end
2019-12-21 20:55:43 +05:30
# Do not show the signed_up notice message when the signup_flow experiment is enabled.
# Instead, show it after succesfully updating the role.
flash [ :notice ] = nil if experiment_enabled? ( :signup_flow )
2017-08-17 22:00:37 +05:30
rescue Gitlab :: Access :: AccessDeniedError
redirect_to ( new_user_session_path )
2016-01-14 18:37:52 +05:30
end
2014-09-02 18:07:02 +05:30
def destroy
2018-03-17 18:26:18 +05:30
if destroy_confirmation_valid?
current_user . delete_async ( deleted_by : current_user )
session . try ( :destroy )
2019-12-26 22:10:19 +05:30
redirect_to new_user_session_path , status : :see_other , notice : s_ ( 'Profiles|Account scheduled for removal.' )
2018-03-17 18:26:18 +05:30
else
2019-12-26 22:10:19 +05:30
redirect_to profile_account_path , status : :see_other , alert : destroy_confirmation_failure_message
2014-09-02 18:07:02 +05:30
end
end
2019-12-21 20:55:43 +05:30
def welcome
return redirect_to new_user_registration_path unless current_user
2019-12-26 22:10:19 +05:30
return redirect_to stored_location_or_dashboard_or_almost_there_path ( current_user ) if current_user . role . present? && ! current_user . setup_for_company . nil?
2019-12-21 20:55:43 +05:30
2019-12-26 22:10:19 +05:30
current_user . name = nil if current_user . name == current_user . username
2019-12-21 20:55:43 +05:30
render layout : 'devise_experimental_separate_sign_up_flow'
end
2019-12-26 22:10:19 +05:30
def update_registration
user_params = params . require ( :user ) . permit ( :name , :role , :setup_for_company )
result = :: Users :: SignupService . new ( current_user , user_params ) . execute
2019-12-21 20:55:43 +05:30
if result [ :status ] == :success
2019-12-26 22:10:19 +05:30
track_experiment_event ( :signup_flow , 'end' ) # We want this event to be tracked when the user is _in_ the experimental group
2019-12-21 20:55:43 +05:30
set_flash_message! :notice , :signed_up
redirect_to stored_location_or_dashboard_or_almost_there_path ( current_user )
else
2019-12-26 22:10:19 +05:30
render :welcome , layout : 'devise_experimental_separate_sign_up_flow'
2019-12-21 20:55:43 +05:30
end
end
2014-09-02 18:07:02 +05:30
protected
2018-11-08 19:23:39 +05:30
def persist_accepted_terms_if_required ( new_user )
return unless new_user . persisted?
return unless Gitlab :: CurrentSettings . current_application_settings . enforce_terms?
if terms_accepted?
terms = ApplicationSetting :: Term . latest
Users :: RespondToTermsService . new ( new_user , terms ) . execute ( accepted : true )
end
end
2019-12-21 20:55:43 +05:30
def set_role_required ( new_user )
new_user . set_role_required! if new_user . persisted? && experiment_enabled? ( :signup_flow )
end
2018-03-17 18:26:18 +05:30
def destroy_confirmation_valid?
if current_user . confirm_deletion_with_password?
current_user . valid_password? ( params [ :password ] )
else
current_user . username == params [ :username ]
end
end
def destroy_confirmation_failure_message
if current_user . confirm_deletion_with_password?
s_ ( 'Profiles|Invalid password' )
else
s_ ( 'Profiles|Invalid username' )
end
end
2016-09-13 17:45:13 +05:30
def build_resource ( hash = nil )
2014-09-02 18:07:02 +05:30
super
end
2016-06-02 11:05:42 +05:30
def after_sign_up_path_for ( user )
2019-09-30 21:07:59 +05:30
Gitlab :: AppLogger . info ( user_created_message ( confirmed : user . confirmed? ) )
2019-12-21 20:55:43 +05:30
return users_sign_up_welcome_path if experiment_enabled? ( :signup_flow )
stored_location_or_dashboard_or_almost_there_path ( user )
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
def after_inactive_sign_up_path_for ( resource )
2019-09-30 21:07:59 +05:30
Gitlab :: AppLogger . info ( user_created_message )
2019-10-12 21:52:04 +05:30
Feature . enabled? ( :soft_email_confirmation ) ? dashboard_projects_path : users_almost_there_path
2014-09-02 18:07:02 +05:30
end
private
2019-09-30 21:07:59 +05:30
def user_created_message ( confirmed : false )
" User Created: username= #{ resource . username } email= #{ resource . email } ip= #{ request . remote_ip } confirmed: #{ confirmed } "
end
def ensure_correct_params!
# To avoid duplicate form fields on the login page, the registration form
# names fields using `new_user`, but Devise still wants the params in
# `user`.
if params [ " new_ #{ resource_name } " ] . present? && params [ resource_name ] . blank?
params [ resource_name ] = params . delete ( :" new_ #{ resource_name } " )
end
end
2019-09-04 21:01:54 +05:30
def check_captcha
2019-09-30 21:07:59 +05:30
ensure_correct_params!
return unless Feature . enabled? ( :registrations_recaptcha , default_enabled : true ) # reCAPTCHA on the UI will still display however
2019-12-21 20:55:43 +05:30
return if experiment_enabled? ( :signup_flow ) # when the experimental signup flow is enabled for the current user, disable the reCAPTCHA check
2019-09-30 21:07:59 +05:30
return unless show_recaptcha_sign_up?
2019-09-04 21:01:54 +05:30
return unless Gitlab :: Recaptcha . load_configurations!
return if verify_recaptcha
flash [ :alert ] = _ ( 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.' )
flash . delete :recaptcha_error
render action : 'new'
end
2014-09-02 18:07:02 +05:30
def sign_up_params
2019-12-21 20:55:43 +05:30
clean_params = params . require ( :user ) . permit ( :username , :email , :email_confirmation , :name , :password )
if experiment_enabled? ( :signup_flow )
clean_params [ :name ] = clean_params [ :username ]
end
clean_params
2014-09-02 18:07:02 +05:30
end
2016-01-14 18:37:52 +05:30
def resource_name
:user
end
def resource
2017-08-17 22:00:37 +05:30
@resource || = Users :: BuildService . new ( current_user , sign_up_params ) . execute
2016-01-14 18:37:52 +05:30
end
def devise_mapping
@devise_mapping || = Devise . mappings [ :user ]
end
2018-03-17 18:26:18 +05:30
def whitelist_query_limiting
2019-12-04 20:38:33 +05:30
Gitlab :: QueryLimiting . whitelist ( 'https://gitlab.com/gitlab-org/gitlab-foss/issues/42380' )
2018-03-17 18:26:18 +05:30
end
2018-11-08 19:23:39 +05:30
def ensure_terms_accepted
return if terms_accepted?
redirect_to new_user_session_path , alert : _ ( 'You must accept our Terms of Service and privacy policy in order to register an account' )
end
def terms_accepted?
Gitlab :: Utils . to_boolean ( params [ :terms_opt_in ] )
end
2019-10-12 21:52:04 +05:30
def confirmed_or_unconfirmed_access_allowed ( user )
2019-12-21 20:55:43 +05:30
user . confirmed? || Feature . enabled? ( :soft_email_confirmation ) || experiment_enabled? ( :signup_flow )
2019-10-12 21:52:04 +05:30
end
def stored_location_or_dashboard ( user )
stored_location_for ( user ) || dashboard_projects_path
end
2019-12-21 20:55:43 +05:30
def stored_location_or_dashboard_or_almost_there_path ( user )
confirmed_or_unconfirmed_access_allowed ( user ) ? stored_location_or_dashboard ( user ) : users_almost_there_path
end
# Part of an experiment to build a new sign up flow. Will be resolved
# with https://gitlab.com/gitlab-org/growth/engineering/issues/64
def choose_layout
if experiment_enabled? ( :signup_flow )
'devise_experimental_separate_sign_up_flow'
else
'devise'
end
end
2014-09-02 18:07:02 +05:30
end
2019-12-04 20:38:33 +05:30
RegistrationsController . prepend_if_ee ( 'EE::RegistrationsController' )
