registrations_controller.rb 4.27 KB
Newer Older
1 2
# frozen_string_literal: true

Marin Jankovski's avatar
Marin Jankovski committed
3
class RegistrationsController < Devise::RegistrationsController
4
  include Recaptcha::Verify
5
  include AcceptsPendingInvitations
6
  include RecaptchaExperimentHelper
7
  include InvisibleCaptcha
Marin Jankovski's avatar
Marin Jankovski committed
8

9
  prepend_before_action :check_captcha, only: :create
10
  before_action :whitelist_query_limiting, only: [:destroy]
11
  before_action :ensure_terms_accepted,
12
    if: -> { action_name == 'create' && Gitlab::CurrentSettings.current_application_settings.enforce_terms? }
13

14 15 16 17
  def new
    redirect_to(new_user_session_path)
  end

18
  def create
19 20 21 22
    accept_pending_invitations

    super do |new_user|
      persist_accepted_terms_if_required(new_user)
23
    end
24 25
  rescue Gitlab::Access::AccessDeniedError
    redirect_to(new_user_session_path)
26 27
  end

Marin Jankovski's avatar
Marin Jankovski committed
28
  def destroy
29 30 31 32 33 34
    if destroy_confirmation_valid?
      current_user.delete_async(deleted_by: current_user)
      session.try(:destroy)
      redirect_to new_user_session_path, status: 303, notice: s_('Profiles|Account scheduled for removal.')
    else
      redirect_to profile_account_path, status: 303, alert: destroy_confirmation_failure_message
Marin Jankovski's avatar
Marin Jankovski committed
35 36 37
    end
  end

38 39
  protected

40 41 42 43 44 45 46 47 48 49
  def persist_accepted_terms_if_required(new_user)
    return unless new_user.persisted?
    return unless Gitlab::CurrentSettings.current_application_settings.enforce_terms?

    if terms_accepted?
      terms = ApplicationSetting::Term.latest
      Users::RespondToTermsService.new(new_user, terms).execute(accepted: true)
    end
  end

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
  def destroy_confirmation_valid?
    if current_user.confirm_deletion_with_password?
      current_user.valid_password?(params[:password])
    else
      current_user.username == params[:username]
    end
  end

  def destroy_confirmation_failure_message
    if current_user.confirm_deletion_with_password?
      s_('Profiles|Invalid password')
    else
      s_('Profiles|Invalid username')
    end
  end

66
  def build_resource(hash = nil)
67 68 69
    super
  end

70
  def after_sign_up_path_for(user)
71
    Gitlab::AppLogger.info(user_created_message(confirmed: user.confirmed?))
Alex Buijs's avatar
Alex Buijs committed
72
    confirmed_or_unconfirmed_access_allowed(user) ? stored_location_or_dashboard(user) : users_almost_there_path
73 74
  end

75
  def after_inactive_sign_up_path_for(resource)
76
    Gitlab::AppLogger.info(user_created_message)
77
    Feature.enabled?(:soft_email_confirmation) ? dashboard_projects_path : users_almost_there_path
78 79
  end

Marin Jankovski's avatar
Marin Jankovski committed
80 81
  private

82 83 84 85 86 87 88 89 90 91 92 93 94
  def user_created_message(confirmed: false)
    "User Created: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip} confirmed:#{confirmed}"
  end

  def ensure_correct_params!
    # To avoid duplicate form fields on the login page, the registration form
    # names fields using `new_user`, but Devise still wants the params in
    # `user`.
    if params["new_#{resource_name}"].present? && params[resource_name].blank?
      params[resource_name] = params.delete(:"new_#{resource_name}")
    end
  end

95
  def check_captcha
96 97 98 99
    ensure_correct_params!

    return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true) # reCAPTCHA on the UI will still display however
    return unless show_recaptcha_sign_up?
100 101 102 103 104 105 106 107 108
    return unless Gitlab::Recaptcha.load_configurations!

    return if verify_recaptcha

    flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
    flash.delete :recaptcha_error
    render action: 'new'
  end

109
  def sign_up_params
110
    params.require(:user).permit(:username, :email, :email_confirmation, :name, :password)
111
  end
112 113 114 115 116 117

  def resource_name
    :user
  end

  def resource
geoandri's avatar
geoandri committed
118
    @resource ||= Users::BuildService.new(current_user, sign_up_params).execute
119 120 121 122 123
  end

  def devise_mapping
    @devise_mapping ||= Devise.mappings[:user]
  end
124 125 126 127

  def whitelist_query_limiting
    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42380')
  end
128 129 130 131 132 133 134 135 136 137

  def ensure_terms_accepted
    return if terms_accepted?

    redirect_to new_user_session_path, alert: _('You must accept our Terms of Service and privacy policy in order to register an account')
  end

  def terms_accepted?
    Gitlab::Utils.to_boolean(params[:terms_opt_in])
  end
Alex Buijs's avatar
Alex Buijs committed
138 139 140 141 142 143 144 145

  def confirmed_or_unconfirmed_access_allowed(user)
    user.confirmed? || Feature.enabled?(:soft_email_confirmation)
  end

  def stored_location_or_dashboard(user)
    stored_location_for(user) || dashboard_projects_path
  end
146
end