You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
pgfqe6ch8/app/controllers/account_controller.rb

1522 lines
54 KiB

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#coding=utf-8
# Redmine - project management software
# Copyright (C) 2006-2013 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AccountController < ApplicationController
helper :custom_fields
include CustomFieldsHelper
# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_filter :check_if_login_required
skip_before_filter :check_authentication, :only => [:login, :logout, :user_join, :avatar, :authentication, :professional_certification, :security_settings, :change_psd, :user_info]
before_filter :auth_login1, :only => [:avatar, :authentication, :professional_certification, :security_settings, :change_psd, :reset_psd, :user_info]
skip_before_filter :verify_authenticity_token, :only =>[:codepedia_login, :login, :register]
before_filter :require_login, only: [:avatar, :authentication, :professional_certification, :security_settings, :change_psd, :user_info, :user_auth, :apply_auth, :apply_pro_certification, :check_student_id,
:bind_email, :change_or_bind]
include ApplicationHelper
include AccountHelper
# Login request and validation
CODES = %W(1 2 3 4 5 6 7 8 9 A B C D E F G H J K L N M O P Q R S T U V W X Y Z)
def login
Rails.logger.info("login: request type is #{request.method}")
if params[:type] == "activated"
@message = l(:notice_account_activated)
elsif params[:type] == "expired"
@message = l(:notice_account_expired)
end
@name = params[:name]
@c_name = params[:c_name]
login = User.current.login
login_error = false
# login 匹配不到字母,或者 含有特殊字符 则login不规范
if (login =~ /(^(?=.*?[a-zA-Z]).*$)/).nil? || !(login =~ /[@#\$%\^&\*]+/).nil?
login_error = true
end
if request.get?
@login = params[:login] || true
if User.current.logged?
# 判断用户基本资料是否完善,不完善讲强制完善基本资料,完善进入主页
user = UserExtensions.where(:user_id => User.current.id).first
Rails.logger.info("#######################login_error: ##{login_error}")
if User.current.lastname.blank? || user.school_id.blank? || user.identity.blank? || login_error
redirect_to user_info_path()
else
redirect_back_or_default user_path(User.current), :referer => true
end
else
render :layout => 'login'
end
else
# ajax请求类型
# REDO测试的时候注意是否
if request.xhr?
login = params[:username].strip
password = params[:password]
# 验证用户名密码是否正确
@user, last_login_on = User.try_to_login(login, password)
if @user.present?
Rails.logger.info("successful_authentication, user is #{@user.try(:login)}")
# 登录重置session重新开启session有效时间等
self.logged_user = @user
# generate a key and set cookie if autologin
if params[:autologin] && Setting.autologin?
set_autologin_cookie(@user)
end
# 记录用户登录行为
UserActions.create(:action_id => @user.id, :action_type => "Login", :user_id => @user.id)
end
respond_to do |format|
format.js
end
else
authenticate_user
end
end
end
def codepedia_login
logger.info("codepedia_login#########################################")
logger.info("#{params}")
user, last_login_on = User.try_to_login(params[:username], params[:password])
logger.info(user)
if user.blank?
render :json => { status: 0 }
else
render :json => { status: 1, user: user}
end
end
def user_join
if params[:type] == "activated"
@message = l(:notice_account_activated)
elsif params[:type] == "expired"
@message = l(:notice_account_expired)
end
if request.get?
@login = params[:login] || true
@name = params[:name]
if User.current.logged?
# 判断用户基本资料是否完善,不完善讲强制完善基本资料,完善进入主页
user = UserExtensions.where(:user_id => User.current.id).first
if user.gender.nil? || user.school_id.nil? || User.current.lastname.nil?
redirect_to my_account_path(:tip => 1)
elsif user.identity == 3 && user.school_id.nil?
redirect_to my_account_path(:tip => 1)
else
redirect_to user_path(User.current)
end
else
render :layout =>'login'
end
else
authenticate_user
end
end
def help
@index = params[:index].to_i == 0 ? 1 : params[:index].to_i
if @index == 6 && !User.current.logged?
redirect_to signin_path
return
end
code = CODES.sample(8).join
@resubmit = "#{code}"
@agreement = Help.first
@cooperation = Cooperation.all
@com_coop_img = CooImg.where(:img_type => 'com_coop').order("position asc")
@edu_coop_img = CooImg.where(:img_type => 'edu_coop').order("position asc")
render :layout => 'base_edu'
end
def update_help
@edu_coop = "edu_coop"
@com_coop = "com_coop"
end
def update_agreement
if User.current.admin?
help = Help.first
unless params[:tabs]
if help.present?
case params[:tab].to_i
when 1
help.update_attribute(:agreement, params[:description])
redirect_to help_path(:index => 4)
when 2
help.update_attribute(:about_us, params[:description])
redirect_to help_path()
when 3
help.update_attribute(:help_center, params[:description])
redirect_to help_path(:index => 5)
end
else
case params[:tab].to_i
when 1
Help.create(:agreement => params[:description])
redirect_to help_path(:index => 4)
when 2
Help.create(:about_us => params[:description])
redirect_to help_path()
when 3
Help.create(:help_center => params[:description])
redirect_to help_path(:index => 5)
end
end
else
unless help.present?
Help.create(:status =>params[:status])
redirect_to help_path(:index => 2)
else
help.update_attribute(:status,params[:status])
redirect_to help_path(:index => 2)
end
end
else
redirect_to help_path()
end
end
def update_contact_us
if Cooperation.where(:user_type => params[:user_type]).present?
Cooperation.where(:user_type => params[:user_type]).first.update_attributes(:name => params[:name],:qq => params[:qq],:mail =>params[:mail])
else
Cooperation.create(:user_type => params[:user_type],:name =>params[:name],:qq =>params[:qq],:mail =>params[:mail])
end
redirect_to help_path(:index => 2)
end
def insert_suggest
content = "<p>[#{params[:question_kind]}]</p>" + params[:description]
PrivateMessage.create(:user_id => User.current.id, :target_id => 1, :sender_id => User.current.id, :receiver_id => 1, :content => content, :send_time => Time.now, :status => 1)
PrivateMessage.create(:user_id => 1, :target_id => User.current.id, :sender_id => User.current.id, :receiver_id => 1, :content => content, :send_time => Time.now, :status => 0)
redirect_to message_detail_user_path(User.current, :user_id => 1)
end
# 合作伙伴
def cooperative_partner
render :layout =>'base_edu'
end
def update_cooperative_part
diskfile1 = disk_filename(params[:sourse_type], params[:source_id])
diskfile2 = disk_coo_filename(params[:sourse_type], params[:source_id])
diskfile = diskfile1 + 'temp'
begin
FileUtils.mv diskfile, diskfile1, force: true if File.exist? diskfile
ensure
File.delete(diskfile) if File.exist?(diskfile)
end
if File.exist?(diskfile1)
pos = CooImg.order("position asc").last.position
CooImg.create(:src_states =>params[:img_url] ,:url_states => diskfile2,:img_type =>params[:sourse_type], :position => pos)
end
redirect_to help_path(:index => 3)
end
# 改变广告位置
# params id: 广告的id position广告的新位置, type图片类型
def change_coop_position
logger.info("##############{params[:position]}")
position = params[:position].to_i
type = params[:type]
img = CooImg.find params[:id]
coop_imgs = CooImg.where("img_type = ? and position > ?" , type, params[:position].to_i)
coop_imgs.map{|img| img.increment!(:position)}
img.update_attribute(:position, position + 1)
render :json => {status: 1}
end
def delete_coop
# @coo_img = CooImg.find_by_id(params[:id])
# @coo_img.destroy
# render_404 if @coo_img.nil?
# redirect_to help_path(:index => 3)
# rescue ActiveRecord::RecordNotFound
# render_404
@coo_img = CooImg.find_by_id(params[:id])
@sourse = @coo_img.url_states
diskfile = File.join(Rails.root, "public")
diskfile1 = diskfile + @sourse
unless diskfile1.nil? || diskfile1 == ""
path = File.dirname(diskfile1)
if File.directory?(path)
File.delete(diskfile1)
@coo_img.destroy
end
end
redirect_to help_path(:index => 3)
rescue Exception => e
logger.info e.message
respond_to do |format|
format.js
format.api {
if saved
render :action => 'upload', :status => :created
else
render_validation_errors(@avatar)
end
}
end
end
# Log out current user and redirect to welcome page
def logout
if User.current.anonymous?
redirect_to home_path
else
UserActions.create(:action_id => User.current.id, :action_type => "Logout", :user_id => User.current.id)
logout_user
# 记录用户登出行为
redirect_to home_path
end
# display the logout form
end
def heartbeat
render :json => session[:user_id]
end
# Lets user choose a new password
def lost_password
(redirect_to(signin_path); return) unless Setting.lost_password?
if params[:token]
@token = Token.find_token("recovery", params[:token].to_s)
if @token.nil? || @token.expired?
redirect_to signin_path
return
end
@user = @token.user
unless @user && @user.active?
redirect_to signin_path
return
end
if request.post?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
if @user.save
@token.destroy
flash[:notice] = l(:notice_account_password_updated)
redirect_to signin_url
return
end
end
render :template => "account/password_recovery"
return
else
if request.post?
user = User.find_by_mail(params[:mail].to_s)
# user not found or not active
unless user && user.active?
flash.now[:error] = l(:notice_account_unknown_email)
render :layout => 'static_base'
return
end
# user cannot change its password
unless user.change_password_allowed?
flash.now[:error] = l(:notice_can_t_change_password)
return
end
# create a new token for password recovery
token = Token.new(:user => user, :action => "recovery")
if token.save
Mailer.run.lost_password(token)
flash[:notice] = l(:notice_account_lost_email_sent)
redirect_to lost_password_path
return
end
end
render :layout => 'login'
end
end
# User self-registration
def register
(redirect_to(signin_path); return) unless Setting.self_registration? || session[:auth_source_registration]
if request.get?
session[:auth_source_registration] = nil
@user = User.new(:language => current_language.to_s)
else
user_params = params[:user] || {}
if session[:auth_source_registration]
@user.activate
@user.login = session[:auth_source_registration][:login]
@user.auth_source_id = session[:auth_source_registration][:auth_source_id]
if @user.save
session[:auth_source_registration] = nil
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_path(:tip => 1)
end
else
us = UsersService.new
@user = us.register user_params.merge(:should_confirmation_password => false)
=begin
case Setting.self_registration
when '1'
#register_by_email_activation(@user)
unless @user.new_record?
# if params[:user][:phone] =~ /^[a-zA-Z0-9]+([._\\]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
# redirect_to account_email_valid_path(:mail => @user.mail, :user_id => @user.id)
# else
self.logged_user = @user
redirect_to user_info_path()
# end
# flash[:notice] = l(:notice_account_register_done)
# render action: 'email_valid', locals: {:mail => @user.mail}
end
when '3'
#register_automatically(@user)
if !@user.new_record?
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to user_info_path()
else
redirect_to signin_path
end
else
#register_manually_by_administrator(@user)
unless @user.new_record?
account_pending
end
end
=end
if !@user.new_record?
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to user_info_path()
else
redirect_to signin_path
end
if params[:user][:phone] =~ /^[a-zA-Z0-9]+([._\\]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
reward_grade(@user, @user.id, 'Mail', 500)
elsif params[:user][:phone] =~ /^1\d{10}$/
reward_grade(@user, @user.id, 'Phone', 500)
end
end
end
end
# 注册完后绑定邮箱(可选)
def bind_email
@user = User.current
if request.get?
render :layout =>'login'
else
@user.update_attributes!(:mail => params[:mail])
reward_grade(@user, @user.id, 'Mail', 500)
redirect_to user_info_path()
end
end
# 注册完/绑定邮箱 后完善资料
def user_info
@user = User.current
#是否是Oschina过来的
@is_ecoder_user = @user.ecoder_user_id.to_i>0
#是否没设置过密码
@is_set_password = @user.hashed_password.present?
if request.get?
# 如果是登录的请求进来,则需要判断登录名是否合法
if (@user.login =~ /(^(?=.*?[a-zA-Z]).*$)/).nil? || !(@user.login =~ /[@#\$%\^&\*\.]+/).nil?
@login_error = true
end
render :layout =>'login'
else
lg = @user.login
@pref = @user.pref
@se = @user.extensions
# 已授权的用户修改单位名称,需要重新授权
if @se.school_id != params[:occupation].to_i && @user.certification == 1
@user.certification = 0
apply_user = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization")
apply_user.update_all(:status => 2) unless apply_user.blank?
end
if @is_ecoder_user && !@is_set_password
@user.password = params[:new_password]
@user.password_confirmation = params[:new_password_confirmation]
if @user.password.size<8
@password_len_error = true
render :user_info and return
end
if @user.password != @user.password_confirmation
@password_match_error = true
render :user_info and return
end
end
@user.lastname = params[:lastname]
@user.firstname = ""
@user.show_realname = params[:hide_realname] ? 0 : 1
@user.nickname = params[:hide_realname] ? params[:nickname] : params[:lastname]
@user.pref.attributes = params[:pref]
@user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
@user.mail = params[:mail] if params[:mail]
Rails.logger.info("###############login: #{params[:login]}")
if params[:login]
if (params[:login] =~ /(^(?=.*?[a-zA-Z]).*$)/).present? && (params[:login] =~ /[@#\$%\^&\*\.]+/).nil?
@user.login = params[:login]
Gitlab.client.edit_user(@user.gid, :username => params[:login]) if @user.gid
end
end
@se.school_id = params[:occupation]
@se.department_id = params[:department_id]
@se.gender = params[:sex]
# @se.location = params[:province] if params[:province]
# @se.location_city = params[:city] if params[:city]
@se.identity = params[:identity].to_i if params[:identity]
if @se.identity == 0
@se.technical_title = params[:te_technical_title] if params[:te_technical_title]
@se.student_id = nil
elsif @se.identity == 1
@se.student_id = params[:no] if params[:no]
@se.technical_title = nil
elsif @se.identity == 2
@se.technical_title = params[:pro_technical_title] if params[:pro_technical_title]
@se.student_id = nil
end
# @se.brief_introduction = params[:brief_introduction]
if @user.save && @se.save
reward_grade(@user, @user.id, 'Account', 500)
if @user.certification != 1
school_ids = School.where(:auto_users_trial => 1).map(&:id)
# 授权单位中的只有学生身份才自动授权,且创建试用授权记录
if !@se.school.nil? && school_ids.include?(@se.school_id) && @se.identity == 1
@user.certification = 1
@user.update_attributes(:certification => 1)
apply_action = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization", :status => 0).first
if apply_action.present?
apply_action.update_attributes(:status => 1, :noticed => 1)
else
ApplyAction.create(:user_id => @user.id, :container_type => "TrialAuthorization", :ip_addr => request.remote_ip, :status => 1, :noticed => 1)
end
end
end
# 授权的教师加入示例课堂
join_ex_course(@user) if @se.identity == 0 && @user.certification == 1
@user.pref.save
set_language_if_valid @user.language
flash[:notice] = l(:notice_account_updated)
first_update = Grade.where(:user_id => @user.id, :container_id => @user.id, :container_type => 'Account').first
if @user.certification == 1 || (Time.now.to_i - first_update.created_at.to_i) < 86400
if @user.certification != 1 && !@user.user_day_certifications.first.present? # 更新字段是为了在user页面弹框提示
@user.update_attributes(:certification => 3)
UserDayCertification.create(:user_id => @user.id, :status => 1)
end
redirect_to user_path(@user)
else
redirect_to my_account_url
end
return
else
@user.login = lg
logger.info "save user: #{@user.errors}"
end
end
end
def check_email
logger.info("###################################")
user_count = User.where(:login => params[:login]).count
status = user_count > 0 ? -1 : 0
render :json => {status: status}
end
#should_confirmation_password是否验证密码
def create_and_save_user login,password,email,password_confirmation,should_confirmation_password
@user = User.new
@user.admin = false
@user.register
@user.login = login
@user.mail = email
if should_confirmation_password && !password.blank? && !password_confirmation.blank?
@user.password,@user.password_confirmation = password,password_confirmation
elsif !should_confirmation_password && !password.blank?
@user.password = password
else
@user.password = ""
end
case Setting.self_registration
when '1'
register_by_email_activation(@user)
when '3'
register_automatically(@user)
else
register_manually_by_administrator(@user)
end
if @user.id != nil
ue = @user.user_extensions ||= UserExtensions.new
ue.user_id = @user.id
ue.save
end
@user
end
# Token based account activation
def activate
(redirect_to(signin_path); return) unless Setting.self_registration? && params[:token].present?
token = Token.find_token('register', params[:token].to_s)
type = l(:notice_account_expired) if (token && token.expired?)
(redirect_to(signin_path(:type => "expired")); return) unless token and !token.expired?
user = token.user
(redirect_to(signin_path); return) unless user.registered?
user.activate
if user.save
token.destroy
flash[:notice] = l(:notice_account_activated)
end
redirect_to signin_url(:type => "activated")
end
def api_register login,password,email
users_service = UsersService.new
users_service.register({login: login, password: password, email: eamil})
end
def valid_ajax
req = Hash.new(false)
req[:message] = ''
valid_attr = params[:valid]
valid_value = params[:value]
faker = User.new
if valid_attr.eql?('')
req[:valid] = User.where("phone = '#{params[:value]}' or mail = '#{params[:value]}' or login = '#{params[:value]}'").blank?
end
if valid_attr.eql?('login')
faker.login = valid_value
faker.valid?
req[:valid] = faker.errors[:login].blank?
req[:message] = faker.errors[:login]
end
if valid_attr.eql?('phone')
faker.phone = valid_value
faker.valid?
req[:valid] = faker.errors[:phone].blank?
req[:message] = ""
end
if valid_attr.eql?('mail')
faker.mail = valid_value
faker.valid?
req[:valid] = faker.errors[:mail].blank?
req[:message] = faker.errors[:mail]
end
req[:message] = l(:modal_valid_passing) if req[:message].blank?
render :json => req
end
# 手机号或邮箱是否已注册
def valid_register_user
req = Hash.new(false)
req[:message] = ''
valid_attr = params[:valid]
valid_value = params[:value]
if valid_attr.eql?('phone')
user = User.where(:phone => valid_value).first
req[:valid] = !user.nil?
req[:message] = user.nil? ? "该手机号未注册" : ""
elsif valid_attr.eql?('mail')
user = User.where(:mail => valid_value).first
req[:valid] = !user.nil?
req[:message] = user.nil? ? "该邮箱未注册" : ""
end
render :json => req
end
# 发送验证码type 1注册手机验证码 2找回密码手机验证码 3找回密码邮箱验证码 4绑定手机 5绑定邮箱 6手机验证码登录 7邮箱验证码登录 8邮箱注册验证码
# 验证码是否有效
def valid_verification_code
req = Hash.new(false)
req[:valid] = false
type = params[:type].to_i
if Redmine::Configuration['gitlab_address'].include?("test") && params[:code] == "134790"
req[:valid] = true
else
if type == 1 || type == 2 || type == 4 || type == 6 || params[:phone] =~ /^1\d{10}$/
code = VerificationCode.where(:phone => params[:phone], :code => params[:code], :code_type => (params[:type].to_i != 1 && params[:type].to_i != 2 && params[:type].to_i != 4) ? 2 : params[:type].to_i ).last
else
code = VerificationCode.where(:email => params[:phone], :code => params[:code], :code_type => params[:type].to_i).last
end
req[:valid] = !code.nil? && (Time.now.to_i - code.created_at.to_i) <= 10*60
end
render :json => req
end
# 发送验证码type 1注册手机验证码 2找回密码手机验证码 3找回密码邮箱验证码 4绑定手机 5绑定邮箱 6手机验证码登录 7邮箱验证码登录 8邮箱注册验证码
def get_verification_code
code = %W(0 1 2 3 4 5 6 7 8 9)
type = params[:type].to_i
req = Hash.new(false)
req[:status] = 0
req[:msg] = ''
if type == 1
if User.where(:phone => params[:value]).count > 0
req[:status] = 2 #已注册
else
begin
verification_code = code.sample(6).join
status = Trustie::Sms.send(mobile: params[:value], code: verification_code)
if status == 0
VerificationCode.create(:phone => params[:value], :status => 1, :code_type => 1, :code => verification_code)
end
req[:msg] = code_msg status
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
end
elsif type == 8
if User.where(:mail => params[:value]).count > 0
req[:status] = 2 #已注册
else
begin
verification_code = code.sample(6).join
user = User.current
token = Token.new(:user => user, :action => "bind")
if token.save
Mailer.run.email_register(token, verification_code, params[:value])
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 8, :code => verification_code)
end
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
req[:msg] = params[:value].split("@")[1]
end
elsif type == 2 || type == 3 || type == 6 || type == 7
if params[:value] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
if User.where(:mail => params[:value]).count == 0
req[:status] = 2 #未注册
else
begin
verification_code = code.sample(6).join
user = User.where(:mail => params[:value]).first
if type == 3
token = Token.new(:user => user, :action => "recovery")
if token.save
Mailer.run.lost_password(token, verification_code)
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 3, :code => verification_code)
end
else
token = Token.new(:user => user, :action => "login")
if token.save
Mailer.run.code_login(token, verification_code)
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 7, :code => verification_code)
end
end
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 3
req[:link] = params[:value].split("@")[1]
end
elsif params[:value] =~ /^1\d{10}$/
if User.where(:phone => params[:value]).count == 0
req[:status] = 2
else
begin
verification_code = code.sample(6).join
status = Trustie::Sms.send(mobile: params[:value], code: verification_code)
if status == 0
VerificationCode.create(:phone => params[:value], :status => 1, :code_type => type, :code => verification_code)
end
req[:msg] = code_msg status
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
end
else
req[:status] = 2
end
else
if params[:value] =~ /^[a-zA-Z0-9]+([._\\]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
if User.where(:mail => params[:value]).count > 0
req[:status] = 2 #已绑定
req[:msg] = '该邮箱已被绑定'
else
begin
verification_code = code.sample(6).join
user = User.current
token = Token.new(:user => user, :action => "bind")
if token.save
Mailer.run.bind_email(token, verification_code, params[:value])
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 5, :code => verification_code)
end
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 3
req[:msg] = params[:value].split("@")[1]
end
elsif params[:value] =~ /^1\d{10}$/
if User.where(:phone => params[:value]).count > 0
req[:status] = 2
req[:msg] = '该手机号已被绑定'
else
begin
verification_code = code.sample(6).join
status = Trustie::Sms.send(mobile: params[:value], code: verification_code)
if status == 0
VerificationCode.create(:phone => params[:value], :status => 1, :code_type => 4, :code => verification_code)
end
req[:msg] = code_msg status
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
end
else
req[:status] = 2
end
end
Rails.logger.info "#{req[:status]} - #{req[:msg]}"
render :json => req
end
def avatar
@user = params[:user_id].nil? ? User.current : User.find(params[:user_id])
@setting_type = 2
render :layout => 'login'
end
# 实名认证
def authentication
@user = User.current
@apply_user_auth = ApplyUserAuthentication.where(:user_id => @user.id, :auth_type => 1).order("created_at asc").last
@setting_type = 3
render :layout => 'login'
end
# 职业认证
def professional_certification
@user = User.current
@apply_user_auth = ApplyUserAuthentication.where(:user_id => @user.id, :auth_type => 2, :status => [0, 2]).order("created_at asc").last
@setting_type = 4
render :layout => 'login'
end
def apply_auth
@user = User.current
old_name = @user.lastname+@user.firstname
@user.lastname = params[:lastname].strip
@user.firstname = ""
@user.ID_number = params[:ID_number].blank? ? nil : params[:ID_number]
if @user.save
@user.update_attributes(:authentication => 0)
if params[:upload_img] && params[:upload_img].to_i == 1
diskfile1 = disk_auth_filename('UserAuthentication', @user.id, 'ID')
diskfileID = diskfile1 + 'temp'
begin
FileUtils.mv diskfileID, diskfile1, force: true if File.exist? diskfileID
ensure
File.delete(diskfileID) if File.exist?(diskfileID)
end
end
# 提交认证
if params[:save_or_submit] && params[:save_or_submit] == "1"
if ApplyUserAuthentication.where(:user_id => @user.id, :status => 0, :auth_type => 1).count == 0
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0, :auth_type => 1)
begin
status = Trustie::Sms.send(mobile: '18173242757', send_type:'apply_auth' , name: '管理员')
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
end
# 已授权的用户修改真实姓名,需要重新授权
if @user.certification == 1 && old_name != params[:lastname]
school_ids = School.where(:auto_users_trial => 1).map(&:id)
if !(((@user.user_extensions.identity == 1 && @user.user_extensions.student_id.present?) || @user.user_extensions.identity == 0) && !@user.user_extensions.school.nil? && school_ids.include?(@user.user_extensions.school_id))
@user.update_attributes(:certification => 0)
apply_user = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization")
apply_user.update_all(:status => 2) unless apply_user.blank?
end
end
end
redirect_to my_account_path
end
def apply_pro_certification
@user = User.current
@se = @user.extensions
# 已授权的用户修改单位名称,需要重新授权
if (@se.school_id != params[:occupation].to_i || @se.identity != params[:identity].to_i) && @user.certification == 1
@user.certification = 0
apply_user = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization")
apply_user.update_all(:status => 2) unless apply_user.blank?
end
@se.school_id = params[:occupation]
@se.department_id = params[:department_id]
@se.identity = params[:identity].to_i if params[:identity]
if @se.identity == 0
@se.technical_title = params[:te_technical_title] if params[:te_technical_title]
@se.student_id = nil
elsif @se.identity == 1
@se.student_id = params[:no] if params[:no]
@se.technical_title = nil
elsif @se.identity == 2
@se.technical_title = params[:pro_technical_title] if params[:pro_technical_title]
@se.student_id = nil
end
if @user.save && @se.save
@user.update_attributes(:professional_certification => 0)
if params[:upload_img] && params[:upload_img].to_i == 1
diskfile2 = disk_auth_filename('UserAuthentication', @user.id, 'PRO')
diskfilePRO = diskfile2 + 'temp'
begin
FileUtils.mv diskfilePRO, diskfile2, force: true if File.exist? diskfilePRO
ensure
File.delete(diskfilePRO) if File.exist?(diskfilePRO)
end
end
# 提交认证
if params[:save_or_submit] && params[:save_or_submit] == "1"
if @se.identity == 1
if ApplyUserAuthentication.where(:user_id => @user.id, :status => 0, :auth_type => 2).count == 0
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0, :auth_type => 2)
begin
status = Trustie::Sms.send(mobile: '18173242757', send_type:'apply_pro_certification' , name: '管理员')
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
else
if File.exist?(diskfile2)
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0, :auth_type => 2)
begin
status = Trustie::Sms.send(mobile: '18173242757', send_type:'apply_pro_certification' , name: '管理员')
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
end
end
# 只对试用授权的用户处理,修改职业信息的时候,如果变成了教师,则判断用户是否已加入示例课堂,没有则将其加入
if @se.identity == 0 && @user.certification == 1
join_ex_course @user
end
end
redirect_to my_account_path
end
# 修改资料时判断学号是否已使用
def check_user_student_id
data = {result:0, account:""}
if params[:student_id] && params[:school_id]
if UserExtensions.where("student_id = '#{params[:student_id]}' and school_id = #{params[:school_id]} and user_id != #{User.current.id}").count > 0
user = User.where(:id => UserExtensions.where("student_id = '#{params[:student_id]}' and school_id = #{params[:school_id]} and user_id != #{User.current.id}").map(&:user_id)).first
data[:account] = user.mail.blank? ? user.user_phone : user.user_mail
else
data[:result] = 1
end
end
render :json => data
end
# 实名认证时判断学号是否已使用
def check_student_id
data = {result:0, account:""}
if params[:student_id] && params[:school_id]
auth_count = User.where(:id => UserExtensions.where(:student_id => params[:student_id], :school_id => params[:school_id]).map(&:user_id)).count
# apply_count = ApplyUserAuthentication.where(:status => 0, :user_id => User.where(:id => UserExtensions.where(:student_id => params[:student_id], :school_id => params[:school_id]).map(&:user_id), :professional_certification => 0).map(&:id)).count
if auth_count == 0
data[:result] = 1
else
user = User.where(:id => UserExtensions.where(:student_id => params[:student_id], :school_id => params[:school_id]).map(&:user_id)).first
if user != User.current
data[:account] = user.mail.blank? ? user.user_phone : user.user_mail
else
data[:result] = 1
end
end
end
render :json => data
end
# 实名认证时判断证件号码是否已使用
def check_id_number
data = {result:0, account:""}
if params[:id_number]
id_number = [params[:id_number].downcase, params[:id_number].upcase]
auth_count = User.where(:ID_number => id_number, :authentication => 1).count
apply_count = ApplyUserAuthentication.where(:status => 0, :user_id => User.where(:ID_number => id_number, :authentication => 0).map(&:id)).count
if auth_count == 0 && apply_count == 0
data[:result] = 1
else
user = auth_count != 0 ? User.where(:ID_number => id_number, :authentication => 1).first : ApplyUserAuthentication.where(:status => 0, :user_id => User.where(:ID_number => id_number, :authentication => 0).map(&:id)).first.user
if user != User.current
data[:account] = user.mail.blank? ? user.user_phone : user.user_mail
else
data[:result] = 1
end
end
end
render :json => data
end
def cancel_pro_apply
unless params[:auth_type] == "2" && User.current.professional_certification
@apply_user_auth = ApplyUserAuthentication.where(:user_id => User.current.id, :auth_type => params[:auth_type], :status => 0).first
if @apply_user_auth.present?
@apply_user_auth.tidings.destroy_all
@apply_user_auth.update_attribute('status', 3)
diskfile2 = disk_auth_filename('UserAuthentication', User.current.id, params[:auth_type].to_i == 1 ? 'ID' : 'PRO')
diskfilePRO = diskfile2 + 'temp'
FileUtils.rm diskfilePRO, :force => true
FileUtils.rm diskfile2, :force => true
end
end
@user = User.current
respond_to do |format|
format.js
format.html {
if params[:auth_type] == "1"
redirect_to authentication_account_path
else
redirect_to professional_certification_account_path
end
}
end
end
def apply_trail
apply_action = ApplyAction.where(:user_id => User.current.id, :container_type => "TrialAuthorization", :status => 0).first
school_ids = School.where(:auto_users_trial => 1).map(&:id)
user_ex = User.current.user_extensions
if user_ex.identity == 1 && user_ex.student_id.present? && !user_ex.school.nil? && school_ids.include?(user_ex.school_id)
User.current.update_attributes(:certification => 1)
logger.warn("apply_trail #######{User.current.login} ****#{User.current.user_extensions.school_id}")
@tip = "申请已提交我们将在1分钟内完成审核"
unless apply_action.present?
ApplyAction.create(:user_id => User.current.id, :status => 1, :ip_addr => request.remote_ip, :container_type => "TrialAuthorization", :apply_reason => params[:apply_reason])
else
apply_action.update_attributes(:status => 1)
end
# begin
# if User.current.phone.present?
# status = Trustie::Sms.send(mobile:User.current.phone.to_s, send_type:'trial_authorization' ,user_name:User.current.show_name,result:'已通过')
# end
# rescue => e
# Rails.logger.error "发送验证码出错: #{e}"
# end
elsif !User.current.user_extensions.school.nil?
@tip = "申请已提交我们将在5分钟内完成审核"
unless apply_action.present?
ApplyAction.create(:user_id => User.current.id, :status => 0, :ip_addr => request.remote_ip, :container_type => "TrialAuthorization", :apply_reason => params[:apply_reason])
begin
status = Trustie::Sms.send(mobile:18175896138, send_type:'user_apply_auth',name:'管理员' )
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
end
if params[:from_user] && params[:from_user] == '1'
@url = "#{user_path(User.current)}"
else
@url = "#{my_account_path}"
end
respond_to do |format|
format.js
end
end
def user_auth
@user = User.current
diskfile1 = disk_auth_filename('UserAuthentication', @user.id, 'ID')
diskfile2 = disk_auth_filename('UserAuthentication', @user.id, 'PRO')
diskfileID = diskfile1 + 'temp'
diskfilePRO = diskfile2 + 'temp'
begin
FileUtils.mv diskfileID, diskfile1, force: true if File.exist? diskfileID
FileUtils.mv diskfilePRO, diskfile2, force: true if File.exist? diskfilePRO
ensure
File.delete(diskfileID) if File.exist?(diskfileID)
File.delete(diskfilePRO) if File.exist?(diskfilePRO)
end
if File.exist?(diskfile1) && File.exist?(diskfile2)
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0)
end
redirect_to authentication_account_path
end
def security_settings
@user = User.current
@setting_type = 5
render :layout => 'login'
end
def change_psd
@user = User.current
@setting_type = 5
render :layout => 'login'
end
# 修改密码时判断密码是否输入正确
def valid_psd
@user = User.current
req = Hash.new(false)
req[:valid] = false
req[:valid] = @user.check_password?(params[:value])
render :json => req
end
def change_or_bind
@user = User.current
@type = params[:type]
@setting_type = 5
render :layout => 'login'
end
def bind_email_or_phone
@user = User.current
#begin
ActiveRecord::Base.transaction do
if params[:type] == "phone"
@user.update_attributes!(:phone => params[:value])
reward_grade(@user, @user.id, 'Phone', 500)
else
@user.update_attributes!(:mail => params[:value])
Gitlab.client.edit_user_email(@user.gid, :email => @user.mail) if @user.gid
reward_grade(@user, @user.id, 'Mail', 500)
end
end
#rescue
# raise ActiveRecord::Rollback
#end
redirect_to my_account_path
end
def phone_bind
if request.get?
render :layout =>'login'
else
User.current.update_attributes!(:phone => params[:phone])
reward_grade(User.current, User.current.id, 'Phone', 500)
redirect_to user_path(User.current)
end
end
def unbind_phone
if User.current.mail.blank?
User.current.update_attribute('phone', nil)
User.current.lock!
redirect_to signin_path
else
User.current.update_attribute('phone', nil)
redirect_to my_account_path
end
end
def unbind_mail
if User.current.phone.blank?
User.current.update_attribute('mail', nil)
User.current.lock!
redirect_to signin_path
else
User.current.update_attribute('mail', nil)
redirect_to my_account_path
end
end
def wechat_bind
respond_to do |format|
format.html { render :layout => "login_bigdata"}
end
end
def reset_psd
if params[:lost_psd_phone] && params[:lost_psd_phone].strip != ""
@user = User.where("phone = '#{params[:lost_psd_phone].to_s}'").first
elsif params[:lost_psd_email] && params[:lost_psd_email].strip != ""
@user = User.where("mail = '#{params[:lost_psd_email].to_s}'").first
end
if @user.present?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
if @user.save
Token.where(:user_id => @user, :action => "recovery").destroy_all
respond_to do |format|
format.js
end
else
redirect_to signin_path
return
end
else
redirect_to signin_path
return
end
end
def email_valid
begin
@mail_type = params[:mail].split("@")[1]
@user = User.find(params[:user_id])
rescue
return render_404
end
respond_to do |format|
format.html { render :layout => "login_bigdata"}
format.js
end
end
def resendmail
result = {:status=>1, :email=>""}
user = User.find(params[:user]) if params[:user]
result[:email] = user.mail
token = Token.new(:user => user, :action => "register")
if token.save
# Mailer.run.register(token)
Mailer.register(token).deliver
else
yield if block_given?
result[:status] = 0
end
render :json => result
end
def change_email
user = User.find params[:user_id].to_i
user.update_attributes(:mail => params[:value])
token = Token.create(:user => user, :action => "register")
Mailer.run.register(token)
result = {:email => user.mail, :email_link => user.mail.split("@")[1]}
render :json => result
end
def email_activation
end
def gold_record
@user = User.current
# 用户签到情况
attendance = Attendance.where(:user_id => @user).first
@can_attendance = true
@next_attachment_score = 5
if attendance.present?
if time_between_days(Time.now, attendance.created_at) == 0
@can_attendance = false
end
@next_attachment_score = attendance.next_score
end
@type = params[:type] ? params[:type].to_i : 0
@user_grades = @type == 0 ? @user.grades.reorder("created_at desc") : @type == 1 ? @user.grades.where("score > 0").reorder("created_at desc") : @type == 2 ? @user.grades.where("score < 0").reorder("created_at desc") : []
@user_grades = paginateHelper @user_grades, 8
@setting_type = 7
respond_to do |format|
format.js
format.html{render :layout => 'base_edu_user'}
end
end
def experience_record
@user = User.current
# 用户评测情况
@evaluate = Output.where(:game_id => @user.games.map(&:id)).reorder("created_at desc").first
@user_experiences = @user.experiences.reorder("created_at desc")
@user_experiences = paginateHelper @user_experiences, 8
@setting_type = 8
respond_to do |format|
format.js
format.html{render :layout => 'base_edu_account'}
end
end
private
def authenticate_user
Rails.logger.info("authenticate_user start")
if Setting.openid? && using_open_id?
Rails.logger.info("authenticate_user start1")
open_id_authenticate(params[:openid_url])
elsif params[:code]
Rails.logger.info("authenticate_user start2")
code_authentication
else
Rails.logger.info("authenticate_user start3")
password_authentication
end
end
def password_authentication
user, last_login_on = User.try_to_login(params[:username], params[:password])
Rails.logger.info("password_authentication: params[:username] is #{params[:username]}, user is #{user}")
if user.nil?
Rails.logger.info("password_authentication: successful_authentication1")
invalid_credentials
elsif user.status == 2
Rails.logger.info("password_authentication: successful_authentication2")
@user = user
invalid_credentials_new
elsif user.new_record?
Rails.logger.info("password_authentication: successful_authentication3")
onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
else
# Valid user
Rails.logger.info("password_authentication: successful_authentication4")
successful_authentication(user, last_login_on)
end
end
def code_authentication
if params[:username] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
code = VerificationCode.where(:email => params[:username], :code => params[:code], :code_type => 7).last
user = User.where(:mail => params[:username]).first
elsif params[:username] =~ /^1\d{10}$/
code = VerificationCode.where(:phone => params[:username], :code => params[:code], :code_type => 6).last
user = User.where(:phone => params[:username]).first
end
if user && code && (Time.now.to_i - code.created_at.to_i) <= 10*60
user.update_column(:last_login_on, Time.now)
successful_authentication(user, user.last_login_on.nil? ? '' : user.last_login_on.to_s)
else
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
flash[:error] = l(:notice_account_invalid_code)
redirect_to signin_path(:c_name=>params[:username])
end
end
def open_id_authenticate(openid_url)
back_url = signin_url(:autologin => params[:autologin])
authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => back_url, :method => :post) do |result, identity_url, registration|
if result.successful?
user = User.find_or_initialize_by_identity_url(identity_url)
if user.new_record?
# Self-registration off
(redirect_to(signin_path); return) unless Setting.self_registration?
# Create on the fly
user.login = registration['nickname'] unless registration['nickname'].nil?
user.mail = registration['email'] unless registration['email'].nil?
user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
user.random_password
user.register
case Setting.self_registration
when '1'
register_by_email_activation(user) do
onthefly_creation_failed(user)
end
when '3'
register_automatically(user) do
onthefly_creation_failed(user)
end
else
register_manually_by_administrator(user) do
onthefly_creation_failed(user)
end
end
else
# Existing record
if user.active?
successful_authentication(user)
else
account_pending
end
end
end
end
end
def successful_authentication(user, last_login_on)
logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
# Valid user
self.logged_user = user
# generate a key and set cookie if autologin
if params[:autologin] && Setting.autologin?
set_autologin_cookie(user)
end
call_hook(:controller_account_success_authentication_after, {:user => user })
code = /\d*/
# 记录用户登录行为
UserActions.create(:action_id => User.current.id, :action_type => "Login", :user_id => User.current.id)
=begin
if user.created_on.strftime('%Y-%m-%d %H:%M:%S') > "2018-01-01 00:00:00" && user.phone.blank?
redirect_to change_or_bind_path(:type => 'phone')
return
end
=end
#根据home_url生产正则表达式
eval("code = " + "/^" + home_url.gsub(/\//,"\\\/") + "\\\/*(welcome)?\\\/*(\\\/index\\\/*.*)?\$/")
login_error = false
if (User.current.login =~ /(^(?=.*?[a-zA-Z]).*$)/).nil? || !(User.current.login =~ /[@#\$%\^&\*]+/).nil?
login_error = true
end
if (code=~params[:back_url] || params[:back_url].to_s.include?('lost_password')) && last_login_on != '' && !login_error
# enroll_status_cookie(user)
redirect_to user_path(user,host: Setting.host_user)
else
if last_login_on == ''
redirect_to my_account_url
else
#by young
#redirect_back_or_default my_page_path
# 基本资料不完善的用户,将强制用户完善基本资料。
user = UserExtensions.where(:user_id => User.current.id).first
if User.current.lastname.blank? || user.school_id.blank? || user.identity.blank? || login_error
redirect_to user_info_path()
else
# enroll_status_cookie(User.current)
redirect_back_or_default User.current, params[:back_url]
end
end
end
end
def set_autologin_cookie(user)
token = Token.get_or_create_permanent_login_token(user)
cookie_options = {
:value => token.value,
:expires => 1.month.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
:httponly => true
}
if Redmine::Configuration['cookie_domain'].present?
cookie_options = cookie_options.merge(domain: Redmine::Configuration['cookie_domain'])
end
cookies[autologin_cookie_name] = cookie_options
end
# Onthefly creation failed, display the registration form to fill/fix attributes
def onthefly_creation_failed(user, auth_source_options = { })
@user = user
session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
render :action => 'register'
end
def invalid_credentials
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
flash[:error] = l(:notice_account_invalid_creditentials)
# render :layout => 'login'
redirect_to signin_path(:name=>params[:username])
end
def invalid_credentials_new
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
# flash[:error] = l(:notice_account_invalid_creditentials_new)
# render signin_path(:login=>true)
render :action => 'email_activation',:layout => 'login_bigdata'
end
# Register a user for email activation.
#
# Pass a block for behavior when a user fails to save
def register_by_email_activation(user, &block)
token = Token.new(:user => user, :action => "register")
if user.save and token.save
UserStatus.create(:user_id => user.id, :changsets_count => 0, :watchers_count => 0)
Mailer.run.register(token)
flash[:notice] = l(:notice_account_register_done)
render action: 'email_valid', locals: {:mail => user.mail}
else
yield if block_given?
end
end
# Automatically register a user
#
# Pass a block for behavior when a user fails to save
def register_automatically(user, &block)
# Automatic activation
user.activate
user.last_login_on = Time.now
if user.save
UserStatus.create(:user_id => user.id, :changsets_count => 0, :watchers_count => 0)
self.logged_user = user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_url
else
yield if block_given?
end
end
# Manual activation by the administrator
#
# Pass a block for behavior when a user fails to save
def register_manually_by_administrator(user, &block)
if user.save
UserStatus.create(:user_id => user.id ,:changsets_count => 0, :watchers_count => 0)
# Sends an email to the administrators
Mailer.run.account_activation_request(user)
account_pending
else
yield if block_given?
end
end
def account_pending
flash[:notice] = l(:notice_account_pending)
redirect_to signin_url
end
end