discourse/app/controllers/finish_installation_controller.rb

# frozen_string_literal: true

class FinishInstallationController < ApplicationController
  skip_before_action :check_xhr,
                     :preload_json,
                     :redirect_to_login_if_required,
                     :redirect_to_profile_if_required
  layout "finish_installation"

  before_action :ensure_no_admins, except: %w[confirm_email resend_email]

  def index
  end

  def register
    @allowed_emails = find_allowed_emails

    @user = User.new
    if request.post?
      email = params[:email].strip
      raise Discourse::InvalidParameters.new if @allowed_emails.exclude?(email)

      if existing_user = User.find_by_email(email)
        @user = existing_user
        send_signup_email
        return redirect_confirm(email)
      end

      @user.email = email
      @user.username = params[:username]
      @user.password = params[:password]
      @user.password_required!

      if @user.save
        @user.change_trust_level!(1) if @user.trust_level < 1
        send_signup_email
        redirect_confirm(@user.email)
      end
    end
  end

  def confirm_email
    @email = session[:registered_email]
  end

  def resend_email
    @email = session[:registered_email]
    @user = User.find_by_email(@email)
    send_signup_email if @user.present?
  end

  protected

  def send_signup_email
    return if @user.active && @user.email_confirmed?

    email_token = @user.email_tokens.create!(email: @user.email, scope: EmailToken.scopes[:signup])
    EmailToken.enqueue_signup_email(email_token)
  end

  def redirect_confirm(email)
    session[:registered_email] = email
    redirect_to(finish_installation_confirm_email_path)
  end

  def find_allowed_emails
    unless GlobalSetting.respond_to?(:developer_emails) && GlobalSetting.developer_emails.present?
      return []
    end
    GlobalSetting.developer_emails.split(",").map(&:strip)
  end

  def ensure_no_admins
    preload_anonymous_data
    raise Discourse::InvalidAccess.new unless SiteSetting.has_login_hint?
  end
end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-03 06:17:27 +08:00			`# frozen_string_literal: true`

FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00			`class FinishInstallationController < ApplicationController`
FEATURE: User fields required for existing users - Part 2 (#27172) We want to allow admins to make new required fields apply to existing users. In order for this to work we need to have a way to make those users fill up the fields on their next page load. This is very similar to how adding a 2FA requirement post-fact works. Users will be redirected to a page where they can fill up the remaining required fields, and until they do that they won't be able to do anything else. 2024-06-25 19:32:18 +08:00			`skip_before_action :check_xhr,`
			`:preload_json,`
			`:redirect_to_login_if_required,`
			`:redirect_to_profile_if_required`
FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00			`layout "finish_installation"`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 12:06:56 +08:00			`before_action :ensure_no_admins, except: %w[confirm_email resend_email]`
FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00
			`def index`
			`end`

			`def register`
			`@allowed_emails = find_allowed_emails`

			`@user = User.new`
			`if request.post?`
			`email = params[:email].strip`
DEV: Update to lastest rubocop-discourse 2024-05-27 18:27:13 +08:00			`raise Discourse::InvalidParameters.new if @allowed_emails.exclude?(email)`
FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00
UX: Wizard resends activation email when user exists 2018-08-22 01:11:18 +08:00			`if existing_user = User.find_by_email(email)`
			`@user = existing_user`
			`send_signup_email`
			`return redirect_confirm(email)`
			`end`
FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00
			`@user.email = email`
			`@user.username = params[:username]`
			`@user.password = params[:password]`
			`@user.password_required!`

			`if @user.save`
FEATURE: Make initial admins TL1 * Match register controller TL to rake admin:create * Don't promote if trust_level > 1 2018-08-22 13:45:24 +08:00			`@user.change_trust_level!(1) if @user.trust_level < 1`
UX: Wizard resends activation email when user exists 2018-08-22 01:11:18 +08:00			`send_signup_email`
DEV: update rubocop to version 0.77 We like to stay as close as possible to latest with rubocop cause the cops get better. This update required some code changes, specifically the default is to avoid explicit returns where implicit is done Also this renames a few rules 2019-12-10 08:48:27 +08:00			`redirect_confirm(@user.email)`
FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00			`end`
			`end`
			`end`

			`def confirm_email`
			`@email = session[:registered_email]`
			`end`

Allow step 0 to resend the confirmation email 2016-10-21 23:34:19 +08:00			`def resend_email`
			`@email = session[:registered_email]`
FEATURE: phase 1 of supporting multiple email addresses 2017-04-27 02:47:36 +08:00			`@user = User.find_by_email(@email)`
UX: Wizard resends activation email when user exists 2018-08-22 01:11:18 +08:00			`send_signup_email if @user.present?`
Allow step 0 to resend the confirmation email 2016-10-21 23:34:19 +08:00			`end`

FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00			`protected`

UX: Wizard resends activation email when user exists 2018-08-22 01:11:18 +08:00			`def send_signup_email`
DEV: Hash tokens stored from email_tokens (#14493) This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens 2021-11-25 15:34:39 +08:00			`return if @user.active && @user.email_confirmed?`
UX: Wizard resends activation email when user exists 2018-08-22 01:11:18 +08:00
DEV: Hash tokens stored from email_tokens (#14493) This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens 2021-11-25 15:34:39 +08:00			`email_token = @user.email_tokens.create!(email: @user.email, scope: EmailToken.scopes[:signup])`
			`EmailToken.enqueue_signup_email(email_token)`
UX: Wizard resends activation email when user exists 2018-08-22 01:11:18 +08:00			`end`

FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00			`def redirect_confirm(email)`
			`session[:registered_email] = email`
			`redirect_to(finish_installation_confirm_email_path)`
			`end`

			`def find_allowed_emails`
			`unless GlobalSetting.respond_to?(:developer_emails) && GlobalSetting.developer_emails.present?`
			`return []`
DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 20:20:10 +08:00			`end`
FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00			`GlobalSetting.developer_emails.split(",").map(&:strip)`
			`end`

			`def ensure_no_admins`
FIX: Show an error page if `finish-installation` can't run 2016-12-08 00:10:08 +08:00			`preload_anonymous_data`
FEATURE: Configure Admin Account Adds a "Step 0" to the wizard if the site has no admin accounts where the user is prompted to finish setting up their admin account from the list of acceptable email addresses. Once confirmed, the wizard begins. 2016-10-18 23:44:25 +08:00			`raise Discourse::InvalidAccess.new unless SiteSetting.has_login_hint?`
			`end`
			`end`